diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-07-20 15:45:17 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-07-20 15:45:17 +0200 |
| commit | c04aa8d6a99869aa51595b61207063f97488eb8e (patch) | |
| tree | 93b24e007d07836150bec333a99a7edd96f53bf7 | |
| parent | bd91ee4d2289b15fa69c3712056f275cac3405ed (diff) | |
| download | nextcloud-server-c04aa8d6a99869aa51595b61207063f97488eb8e.tar.gz nextcloud-server-c04aa8d6a99869aa51595b61207063f97488eb8e.zip | |
Add CSRF checks
| -rw-r--r-- | apps/calendar/ajax/share/changepermission.php | 4 | ||||
| -rw-r--r-- | apps/calendar/ajax/share/share.php | 2 | ||||
| -rw-r--r-- | apps/calendar/ajax/share/unshare.php | 4 |
3 files changed, 8 insertions, 2 deletions
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php index e807c164a23..5aff7666f79 100644 --- a/apps/calendar/ajax/share/changepermission.php +++ b/apps/calendar/ajax/share/changepermission.php @@ -5,7 +5,9 @@ * later. * See the COPYING-README file. */ - + +OCP\JSON::callCheck(); + $id = strip_tags($_POST['id']); $idtype = strip_tags($_POST['idtype']); $permission = (int) strip_tags($_POST['permission']); diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php index 838db619f62..77e1ab9d657 100644 --- a/apps/calendar/ajax/share/share.php +++ b/apps/calendar/ajax/share/share.php @@ -6,6 +6,8 @@ * See the COPYING-README file. */ +OCP\JSON::callCheck(); + $id = strip_tags($_POST['id']); $idtype = strip_tags($_POST['idtype']); switch($idtype){ diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php index 1ce04677fb1..c7c06113189 100644 --- a/apps/calendar/ajax/share/unshare.php +++ b/apps/calendar/ajax/share/unshare.php @@ -5,7 +5,9 @@ * later. * See the COPYING-README file. */ - + +OCP\JSON::callCheck(); + $id = strip_tags($_POST['id']); $idtype = strip_tags($_POST['idtype']); switch($idtype){ |