OC_Util::checkAdminUser();
if($_POST) {
-
+ // CSRF check
+ OCP\JSON::callCheck();
+
if(isset($_POST['webdav_url'])) {
OC_CONFIG::setValue('user_webdavauth_url', strip_tags($_POST['webdav_url']));
}
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('WebDAV Authentication');?></strong></legend>
<p><label for="webdav_url"><?php echo $l->t('URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
+ <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
<input type="submit" value="Save" />
<br /><?php echo $l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.'); ?>
</fieldset>