[user_webdavauth] add requesttoken

diff --git a/apps/user_webdavauth/settings.php b/apps/user_webdavauth/settings.php
index 41d7fa51cd200fba7a2474cbd7f473d1f964ea80..7eabb0d48cc545c67bd5199f0957853d9941b561 100755 (executable)
--- a/apps/user_webdavauth/settings.php
+++ b/apps/user_webdavauth/settings.php
@@ -24,7 +24,9 @@
 OC_Util::checkAdminUser();
 
 if($_POST) {
-
+       // CSRF check
+       OCP\JSON::callCheck();
+       
        if(isset($_POST['webdav_url'])) {
                OC_CONFIG::setValue('user_webdavauth_url', strip_tags($_POST['webdav_url']));
        }

diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php
index 880b77ac959182369b4afbd2cd51c5b57a28ece8..45f4d81aecf844dbfb8ea11660db8d7437df14b0 100755 (executable)
--- a/apps/user_webdavauth/templates/settings.php
+++ b/apps/user_webdavauth/templates/settings.php
@@ -2,6 +2,7 @@
        <fieldset class="personalblock">
                <legend><strong><?php echo $l->t('WebDAV Authentication');?></strong></legend>
                <p><label for="webdav_url"><?php echo $l->t('URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
+                <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
                <input type="submit" value="Save" />
                <br /><?php echo $l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.'); ?>
        </fieldset>