Refactor OC_Util::callCheck

6 files changed, 7 insertions, 27 deletions

diff --git a/apps/files/admin.php b/apps/files/admin.php
index f23f9b52698..a2092c600a7 100644
--- a/apps/files/admin.php
+++ b/apps/files/admin.php
@@ -33,7 +33,7 @@ $htaccessWorking=(getenv('htaccessWorking')=='true');
 $upload_max_filesize = OC::$server->getIniWrapper()->getBytes('upload_max_filesize');
 $post_max_size = OC::$server->getIniWrapper()->getBytes('post_max_size');
 $maxUploadFilesize = OCP\Util::humanFileSize(min($upload_max_filesize, $post_max_size));
-if($_POST && OC_Util::isCallRegistered()) {
+if($_POST && \OC::$server->getRequest()->passesCSRFCheck()) {
 	if(isset($_POST['maxUploadSize'])) {
 		if(($setMaxSize = OC_Files::setUploadLimit(OCP\Util::computerFileSize($_POST['maxUploadSize']))) !== false) {
 			$maxUploadFilesize = OCP\Util::humanFileSize($setMaxSize);
diff --git a/lib/base.php b/lib/base.php
index ce4546e8fa3..34cbfe3066c 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -1060,7 +1060,7 @@ class OC {
 			return false;
 		}
 
-		if(!OC_Util::isCallRegistered()) {
+		if(!(\OC::$server->getRequest()->passesCSRFCheck())) {
 			return false;
 		}
 		OC_App::loadApps();
diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php
index c076b87ddd9..0e98bdc2628 100644
--- a/lib/private/eventsource.php
+++ b/lib/private/eventsource.php
@@ -76,7 +76,7 @@ class OC_EventSource implements \OCP\IEventSource {
 		} else {
 			header("Content-Type: text/event-stream");
 		}
-		if (!OC_Util::isCallRegistered()) {
+		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
 			$this->send('error', 'Possible CSRF attack. Connection will be closed.');
 			$this->close();
 			exit();
diff --git a/lib/private/json.php b/lib/private/json.php
index eba374f4da2..0bf4e8bcd01 100644
--- a/lib/private/json.php
+++ b/lib/private/json.php
@@ -76,7 +76,7 @@ class OC_JSON{
 	 * @deprecated Use annotation based CSRF checks from the AppFramework instead
 	 */
 	public static function callCheck() {
-		if( !OC_Util::isCallRegistered()) {
+		if( !(\OC::$server->getRequest()->passesCSRFCheck())) {
 			$l = \OC::$server->getL10N('lib');
 			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.'), 'error' => 'token_expired' )));
 			exit();
diff --git a/lib/private/util.php b/lib/private/util.php
index 12146f6980b..c9738b29ca1 100644
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -1127,7 +1127,6 @@ class OC_Util {
 	 * Creates a 'request token' (random) and stores it inside the session.
 	 * Ever subsequent (ajax) request must use such a valid token to succeed,
 	 * otherwise the request will be denied as a protection against CSRF.
-	 * @see OC_Util::isCallRegistered()
 	 */
 	public static function callRegister() {
 		// Use existing token if function has already been called
@@ -1155,27 +1154,6 @@ class OC_Util {
 	}
 
 	/**
-	 * Check an ajax get/post call if the request token is valid.
-	 *
-	 * @return boolean False if request token is not set or is invalid.
-	 * @see OC_Util::callRegister()
-	 */
-	public static function isCallRegistered() {
-		return \OC::$server->getRequest()->passesCSRFCheck();
-	}
-
-	/**
-	 * Check an ajax get/post call if the request token is valid. Exit if not.
-	 *
-	 * @return void
-	 */
-	public static function callCheck() {
-		if (!OC_Util::isCallRegistered()) {
-			exit();
-		}
-	}
-
-	/**
 	 * Public function to sanitize HTML
 	 *
 	 * This function is used to sanitize HTML and should be applied on any
diff --git a/lib/public/util.php b/lib/public/util.php
index a9fe0e47de6..493aa0000a5 100644
--- a/lib/public/util.php
+++ b/lib/public/util.php
@@ -494,7 +494,9 @@ class Util {
 	 * @since 4.5.0
 	 */
 	public static function callCheck() {
-		\OC_Util::callCheck();
+		if (!(\OC::$server->getRequest()->passesCSRFCheck())) {
+			exit();
+		}
 	}
 
 	/**