From 07f0d76fc6a384e953b03770535246bac4fce849 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 17 Nov 2014 15:10:47 +0100
Subject: [PATCH] Move CSRF check Because we're closing the session now before
 controllers are executed there are cases where we cannot write the session.

---
 .../appframework/middleware/security/securitymiddleware.php    | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index 0a694318634..8c5ca5891ad 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -35,6 +35,7 @@ use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
 use OCP\AppFramework\Controller;
+use OCP\Util;
 
 
 /**
@@ -111,6 +112,8 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 
+		// CSRF check - also registers the CSRF token since the session may be closed later
+		Util::callRegister();
 		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
 			if(!$this->request->passesCSRFCheck()) {
 				throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
-- 
2.39.5