From 96c092ce14f81c48d6dfa281d942b34edb955923 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 22 Sep 2014 15:36:39 +0200 Subject: [PATCH] Show login again instead of JSON if CSRF check fails Previously a JSON error page was shown to the user in-case the CSRF token was not valid. This was confusing and prevented people from login. With this at least the login page is shown again and not a JSON error message. I consider this as sufficient since adding a new error page just for this sake would uneededly make lib/base.php even more cluttered and this is a edge-case which optimally should anyways not happen that often. This can be tested by opening the login page, then clearing the cookies, and trying to login. --- lib/base.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/base.php b/lib/base.php index 5337fa9c9f7..4cd9203248e 100644 --- a/lib/base.php +++ b/lib/base.php @@ -921,7 +921,9 @@ class OC { return false; } - OC_JSON::callCheck(); + if(!OC_Util::isCallRegistered()) { + return false; + } OC_App::loadApps(); //setup extra user backends -- 2.39.5