CSRF checks

diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 860ea987871af323373ebff7a73e245e58655db9..388885b6fcba2cfeed703cda0d820536740c33cb 100644 (file)
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -2,6 +2,7 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OCP\JSON::callCheck();
 
 $username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
 $password = $_POST["password"];

diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php
index 57d82e7bd94599f16002385cf1de2f8bcc5f82b0..a7fab1c45bee661cca699f0df9ed6772af5e8325 100644 (file)
--- a/settings/ajax/creategroup.php
+++ b/settings/ajax/creategroup.php
@@ -2,6 +2,7 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OCP\JSON::callCheck();
 
 // Check if we are a user
 if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){

diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php
index 6714711bc876fbf5161343c6265859941a8b2d32..508b4bf94ca99db56a59d4a25f1758953e30ba1b 100644 (file)
--- a/settings/ajax/createuser.php
+++ b/settings/ajax/createuser.php
@@ -2,6 +2,7 @@
 
 // Init owncloud
 require_once('../../lib/base.php');
+OCP\JSON::callCheck();
 
 // Check if we are a user
 if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){

diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php
index 53e9be379e19eae172eff3b15215a60425060c66..cc00698870702faf8482361dbc52c83fd0f8f4c5 100644 (file)
--- a/settings/ajax/disableapp.php
+++ b/settings/ajax/disableapp.php
@@ -2,6 +2,7 @@
 // Init owncloud
 require_once('../../lib/base.php');
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 OC_JSON::setContentTypeHeader();
 
 OC_App::disable($_POST['appid']);

diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index cb116ebe4e84bf1a3e88431d684f12ec03ad8d55..bd53a50210cdffe5fe41173cbcfaf038d3290dab 100644 (file)
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -3,6 +3,7 @@
 // Init owncloud
 require_once('../../lib/base.php');
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 OC_JSON::setContentTypeHeader();
 
 if(OC_App::enable($_POST['appid'])){

diff --git a/settings/ajax/lostpassword.php b/settings/ajax/lostpassword.php
index 9c31c9ce8da3a4200d19eaf98f1813b48aa29eac..976fdff245f5cc0b8da30a0c954f70daede81552 100644 (file)
--- a/settings/ajax/lostpassword.php
+++ b/settings/ajax/lostpassword.php
@@ -4,11 +4,13 @@
 require_once('../../lib/base.php');
 
 OC_JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $l=OC_L10N::get('core');
 
 // Get data
-if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){\r        $email=trim($_POST['email']);
+if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){
+       $email=trim($_POST['email']);
        OC_Preferences::setValue(OC_User::getUser(),'settings','email',$email);
        OC_JSON::success(array("data" => array( "message" => $l->t("Email saved") )));
 }else{

diff --git a/settings/ajax/removegroup.php b/settings/ajax/removegroup.php
index 4d3647818949f28d323aeef433082a8918465b89..19cbe51fd51762ec894c142cafec030e601c0f5a 100644 (file)
--- a/settings/ajax/removegroup.php
+++ b/settings/ajax/removegroup.php
@@ -4,6 +4,7 @@
 require_once('../../lib/base.php');
 
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 
 $name = $_POST["groupname"];
 

diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 2c288997a1f2467e8db132d6d1855fe2da264e3f..63388b3ca688896c20121a93e581967a98cec50a 100644 (file)
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -4,6 +4,7 @@
 require_once('../../lib/base.php');
 
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 

diff --git a/settings/ajax/setlanguage.php b/settings/ajax/setlanguage.php
index e3b00c3bc8073b980949fc8dafb925755bd54d34..bc70d09ac92b02044dc24487252ef25257a0a604 100644 (file)
--- a/settings/ajax/setlanguage.php
+++ b/settings/ajax/setlanguage.php
@@ -6,7 +6,7 @@ require_once('../../lib/base.php');
 $l=OC_L10N::get('settings');
 
 OC_JSON::checkLoggedIn();
-
+OCP\JSON::callCheck();
 
 // Get data
 if( isset( $_POST['lang'] ) ){

diff --git a/settings/ajax/setloglevel.php b/settings/ajax/setloglevel.php
index 298cbd64738fb1f0629c44af08eb20eed855c614..4b97ba2aa32fe08aa8508f33f9b58066abdd80a1 100644 (file)
--- a/settings/ajax/setloglevel.php
+++ b/settings/ajax/setloglevel.php
@@ -7,6 +7,7 @@
 
 require_once('../../lib/base.php');
 OC_Util::checkAdminUser();
+OCP\JSON::callCheck();
 
 OC_Config::setValue( 'loglevel', $_POST['level'] );
 

diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index f59017600ac5b991069a2b057ed63fcea14cb7e0..44c2067824b236af0c565a7ec5cc6e1518e79159 100644 (file)
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -9,6 +9,7 @@
 require_once('../../lib/base.php');
 
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 
 $username = isset($_POST["username"])?$_POST["username"]:'';
 

diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php
index f76e22f51d2b5001845cfa7b38e6b3fd6111aa65..02b2b6319a6b5b43343f5ad777d35503125b7a85 100644 (file)
--- a/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@ -4,6 +4,7 @@
 require_once('../../lib/base.php');
 
 OC_JSON::checkAdminUser();
+OCP\JSON::callCheck();
 
 $success = true;
 $error = "add user to";