diff options
| author | Thomas Müller <thomas.mueller@tmit.eu> | 2015-03-09 23:06:15 +0100 |
|---|---|---|
| committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-03-09 23:06:15 +0100 |
| commit | 2f6188495651cc78e7161e3af8b8b1f3a38f058a (patch) | |
| tree | c9ca5981d0b23bcff1e16e25874e7414c8668976 | |
| parent | 94b7fa17c55ed5c194b506ca6ab426fa38119b3c (diff) | |
| parent | c0a02f1615e84e3a30f0e3871d727bb9775d6b95 (diff) | |
| download | nextcloud-server-2f6188495651cc78e7161e3af8b8b1f3a38f058a.tar.gz nextcloud-server-2f6188495651cc78e7161e3af8b8b1f3a38f058a.zip | |
Merge pull request #14753 from owncloud/verify-csrf-token-earlier
Verify CSRF token already in update.php and not the EventSource code
| -rw-r--r-- | core/ajax/update.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/core/ajax/update.php b/core/ajax/update.php index b2ca0e3c8ec..a9ab7316270 100644 --- a/core/ajax/update.php +++ b/core/ajax/update.php @@ -2,6 +2,8 @@ set_time_limit(0); require_once '../../lib/base.php'; +\OCP\JSON::callCheck(); + if (OC::checkUpgrade(false)) { // if a user is currently logged in, their session must be ignored to // avoid side effects |