Move CSRF check

Because we're closing the session now before controllers are executed there are cases where we cannot write the session.
author: Lukas Reschke <lukas@owncloud.com> 2014-11-17 15:10:47 +0100
committer: Lukas Reschke <lukas@owncloud.com> 2014-11-17 15:10:53 +0100
commit: 07f0d76fc6a384e953b03770535246bac4fce849 (patch)
tree: 0e6dddfb9f04c57e7435ff33c6ca41cd9c8d4c4b
parent: 9df50c7be6ee47620af83c52ac340ac00d92042c (diff)
download: nextcloud-server-07f0d76fc6a384e953b03770535246bac4fce849.tar.gz
nextcloud-server-07f0d76fc6a384e953b03770535246bac4fce849.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index 0a694318634..8c5ca5891ad 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -35,6 +35,7 @@ use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
 use OCP\AppFramework\Controller;
+use OCP\Util;
 
 
 /**
@@ -111,6 +112,8 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 
+		// CSRF check - also registers the CSRF token since the session may be closed later
+		Util::callRegister();
 		if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
 			if(!$this->request->passesCSRFCheck()) {
 				throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
author	Lukas Reschke <lukas@owncloud.com>	2014-11-17 15:10:47 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2014-11-17 15:10:53 +0100
commit	07f0d76fc6a384e953b03770535246bac4fce849 (patch)
tree	0e6dddfb9f04c57e7435ff33c6ca41cd9c8d4c4b
parent	9df50c7be6ee47620af83c52ac340ac00d92042c (diff)
download	nextcloud-server-07f0d76fc6a384e953b03770535246bac4fce849.tar.gz nextcloud-server-07f0d76fc6a384e953b03770535246bac4fce849.zip