From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 7 Jul 2012 13:58:11 +0000 (+0200)
Subject: CSRF checks
X-Git-Tag: v4.5.0beta1~74^2~225^2~16
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=0abcf0a421e26a17de00d3bf3a890da1f1689c16;p=nextcloud-server.git

CSRF checks
---

diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index ed155de0dc7..161d820f735 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 945fe4e7b82..56171dd0ed3 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index edb78414872..7236deb65c9 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index c5c37914c6a..ae92bcf09bb 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php
index e2fa3d54a61..8e98308eb5c 100644
--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index b779924cfb4..5553cf5a13e 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -7,6 +7,7 @@
 OCP\JSON::setContentTypeHeader('text/plain');
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 if (!isset($_FILES['files'])) {
 	OCP\JSON::error(array("data" => array( "message" => "No file was uploaded. Unknown error" )));