Refactor OC_Util::callCheck

diff --git a/apps/files/admin.php b/apps/files/admin.php
index f23f9b52698e65e20df7cd195dd1553b447850da..a2092c600a7c7d2936665c33a972722cf2a88e37 100644 (file)
--- a/apps/files/admin.php
+++ b/apps/files/admin.php
@@ -33,7 +33,7 @@ $htaccessWorking=(getenv('htaccessWorking')=='true');
 $upload_max_filesize = OC::$server->getIniWrapper()->getBytes('upload_max_filesize');
 $post_max_size = OC::$server->getIniWrapper()->getBytes('post_max_size');
 $maxUploadFilesize = OCP\Util::humanFileSize(min($upload_max_filesize, $post_max_size));
-if($_POST && OC_Util::isCallRegistered()) {
+if($_POST && \OC::$server->getRequest()->passesCSRFCheck()) {
        if(isset($_POST['maxUploadSize'])) {
                if(($setMaxSize = OC_Files::setUploadLimit(OCP\Util::computerFileSize($_POST['maxUploadSize']))) !== false) {
                        $maxUploadFilesize = OCP\Util::humanFileSize($setMaxSize);

diff --git a/lib/base.php b/lib/base.php
index ce4546e8fa3dd40e080479aa9f9e1f2e7fcd97f5..34cbfe3066c66aa1c7c3e44a8b7112ecc64d6dc8 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -1060,7 +1060,7 @@ class OC {
                        return false;
                }
 
-               if(!OC_Util::isCallRegistered()) {
+               if(!(\OC::$server->getRequest()->passesCSRFCheck())) {
                        return false;
                }
                OC_App::loadApps();

diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php
index c076b87ddd96d1bf5113ccff81b91d7c502d10bb..0e98bdc26285a98368b7b5ac12376f625fbfb83e 100644 (file)
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -76,7 +76,7 @@ class OC_EventSource implements \OCP\IEventSource {
                } else {
                        header("Content-Type: text/event-stream");
                }
-               if (!OC_Util::isCallRegistered()) {
+               if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
                        $this->send('error', 'Possible CSRF attack. Connection will be closed.');
                        $this->close();
                        exit();

diff --git a/lib/private/json.php b/lib/private/json.php
index eba374f4da2b1df308504375404f0a0cce21c292..0bf4e8bcd0190e1f6bc7027ac69486ab985b54f6 100644 (file)
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -76,7 +76,7 @@ class OC_JSON{
         * @deprecated Use annotation based CSRF checks from the AppFramework instead
         */
        public static function callCheck() {
-               if( !OC_Util::isCallRegistered()) {
+               if( !(\OC::$server->getRequest()->passesCSRFCheck())) {
                        $l = \OC::$server->getL10N('lib');
                        self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
                        exit();

diff --git a/lib/private/util.php b/lib/private/util.php
index 12146f6980bb89ccc4d6dbc588b5a79201d9c521..c9738b29ca1c5c7bf6b68df47ac287b070ab0bc2 100644 (file)
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1127,7 +1127,6 @@ class OC_Util {
         * Creates a 'request token' (random) and stores it inside the session.
         * Ever subsequent (ajax) request must use such a valid token to succeed,
         * otherwise the request will be denied as a protection against CSRF.
-        * @see OC_Util::isCallRegistered()
         */
        public static function callRegister() {
                // Use existing token if function has already been called
@@ -1154,27 +1153,6 @@ class OC_Util {
                return self::$obfuscatedToken;
        }
 
-       /**
-        * Check an ajax get/post call if the request token is valid.
-        *
-        * @return boolean False if request token is not set or is invalid.
-        * @see OC_Util::callRegister()
-        */
-       public static function isCallRegistered() {
-               return \OC::$server->getRequest()->passesCSRFCheck();
-       }
-
-       /**
-        * Check an ajax get/post call if the request token is valid. Exit if not.
-        *
-        * @return void
-        */
-       public static function callCheck() {
-               if (!OC_Util::isCallRegistered()) {
-                       exit();
-               }
-       }
-
        /**
         * Public function to sanitize HTML
         *

diff --git a/lib/public/util.php b/lib/public/util.php
index a9fe0e47de6e8e2a53c058ccb71d6079fa7b8dce..493aa0000a52d28ffa72192594e1e794f3d7ad20 100644 (file)
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -494,7 +494,9 @@ class Util {
         * @since 4.5.0
         */
        public static function callCheck() {
-               \OC_Util::callCheck();
+               if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
+                       exit();
+               }
        }
 
        /**