CSRF checks

author Lukas Reschke <lukas@statuscode.ch>

Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)

committer Lukas Reschke <lukas@statuscode.ch>

Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)
author Lukas Reschke <lukas@statuscode.ch>
Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)
committer Lukas Reschke <lukas@statuscode.ch>
Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)
diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php

index 549cb6a34277015261cac9832a9071e86687a987..0eedfdb3339b3fcbc7f8f9617ec54d14afab9ac8 100644 (file)
--- a/apps/files_external/ajax/addMountPoint.php
+++ b/apps/files_external/ajax/addMountPoint.php
@@ -1,6 +1,8 @@
  <?php
  
  OCP\JSON::checkAppEnabled('files_external');
+OCP\JSON::callCheck();
+
  if ($_POST['isPersonal'] == 'true') {
         OCP\JSON::checkLoggedIn();
         $isPersonal = true;
diff --git a/apps/files_external/ajax/removeMountPoint.php b/apps/files_external/ajax/removeMountPoint.php

index b77b306bcb5773abed03432d24d490651b6837d3..a96601b4d0538fefa8636f95867e3a1586e46524 100644 (file)
--- a/apps/files_external/ajax/removeMountPoint.php
+++ b/apps/files_external/ajax/removeMountPoint.php
@@ -1,6 +1,8 @@
  <?php
  
  OCP\JSON::checkAppEnabled('files_external');
+OCP\JSON::callCheck();
+
  if ($_POST['isPersonal'] == 'true') {
         OCP\JSON::checkLoggedIn();
         $isPersonal = true;
author	Lukas Reschke <lukas@statuscode.ch>
	Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)
committer	Lukas Reschke <lukas@statuscode.ch>
	Sat, 7 Jul 2012 14:12:21 +0000 (16:12 +0200)
apps/files_external/ajax/addMountPoint.php		patch \| blob \| history
apps/files_external/ajax/removeMountPoint.php		patch \| blob \| history