CSRF checks

author Lukas Reschke <lukas@statuscode.ch>

Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php

index ed155de0dc76cf5e13e17701767ffd2615a393e0..161d820f735ec206a7705f78c912307d5136e79e 100644 (file)
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -4,6 +4,7 @@
  
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  // Get data
  $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php

index 945fe4e7b82a55ad4080bc801e195328a68408b3..56171dd0ed3d216ac2fccf930e1f01805cf72c88 100644 (file)
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -4,6 +4,7 @@
  
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  // Get data
  $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php

index edb784148724e64ec0c877617f4479fc99477744..7236deb65c9b934791731a97fde4de227076bc06 100644 (file)
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -4,6 +4,7 @@
  
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  // Get the params
  $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php

index c5c37914c6a68c005e6c1df2b3795f397671eca6..ae92bcf09bb8f5f018a496593f361834ecc5a05b 100644 (file)
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -4,6 +4,7 @@
  
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  // Get the params
  $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php

index e2fa3d54a61aad43feab0b0054e9c5125f6e705b..8e98308eb5c06ae7a54db56fee3f92e25a56710b 100644 (file)
--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -4,6 +4,7 @@
  
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  // Get data
  $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php

index b779924cfb4f92fdc33f6600a61159e7adf2bee7..5553cf5a13ec05de03dfba8c1d54bfff5784d0ed 100644 (file)
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -7,6 +7,7 @@
  OCP\JSON::setContentTypeHeader('text/plain');
  
  OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
  
  if (!isset($_FILES['files'])) {
         OCP\JSON::error(array("data" => array( "message" => "No file was uploaded. Unknown error" )));
author	Lukas Reschke <lukas@statuscode.ch>
	Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sat, 7 Jul 2012 13:58:11 +0000 (15:58 +0200)
apps/files/ajax/delete.php		patch \| blob \| history
apps/files/ajax/move.php		patch \| blob \| history
apps/files/ajax/newfile.php		patch \| blob \| history
apps/files/ajax/newfolder.php		patch \| blob \| history
apps/files/ajax/rename.php		patch \| blob \| history
apps/files/ajax/upload.php		patch \| blob \| history