http header OCS-ApiRequest: true is required in case of session based OCS API calls

author Thomas Müller <thomas.mueller@tmit.eu>

Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)

committer Thomas Müller <thomas.mueller@tmit.eu>

Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)
author Thomas Müller <thomas.mueller@tmit.eu>
Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)
committer Thomas Müller <thomas.mueller@tmit.eu>
Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)
diff --git a/lib/private/api.php b/lib/private/api.php

index 26091657b31ab335c7881c056277e628e0a765ae..0576f3e3f9356b9069f63b9491579912bd9d53ce 100644 (file)
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,8 @@ class OC_API {
  
                 // reuse existing login
                 $loggedIn = OC_User::isLoggedIn();
-               if ($loggedIn === true) {
+               $ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+               if ($loggedIn === true && $ocsApiRequest) {
                         return OC_User::getUser();
                 }
author	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)
committer	Thomas Müller <thomas.mueller@tmit.eu>
	Tue, 29 Oct 2013 22:07:27 +0000 (23:07 +0100)