From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 2 Feb 2015 18:39:41 +0000 (+0100)
Subject: Add callCheck to testremote.php
X-Git-Tag: v8.0.0RC2~9^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=4270188252d8db8f1626231717bcfd5de35d3ef5;p=nextcloud-server.git

Add callCheck to testremote.php

Without CSRF check this file might be tricked into requesting itself which would result in an endless loop and thus potentially ending in a Denial of Service.
---

diff --git a/apps/files_sharing/ajax/testremote.php b/apps/files_sharing/ajax/testremote.php
index 08149bf7ecc..14992787012 100644
--- a/apps/files_sharing/ajax/testremote.php
+++ b/apps/files_sharing/ajax/testremote.php
@@ -6,6 +6,7 @@
  * See the COPYING-README file.
  */
 
+OCP\JSON::callCheck();
 OCP\JSON::checkAppEnabled('files_sharing');
 
 $remote = $_GET['remote'];