diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 18:12:38 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 18:13:01 +0200 |
| commit | 47c03a0effbe036e644da8ae2dee65f12a6e6c84 (patch) | |
| tree | b459e9053257b062c2c181927480c0acfd79a8fb | |
| parent | f0b87bc4218b16bf5122332108666ce833a844ce (diff) | |
| download | nextcloud-server-47c03a0effbe036e644da8ae2dee65f12a6e6c84.tar.gz nextcloud-server-47c03a0effbe036e644da8ae2dee65f12a6e6c84.zip | |
Contacts: Fixes for CSRF.
| -rw-r--r-- | apps/contacts/js/contacts.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index 45509a7f9db..a1b9976006d 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -1152,7 +1152,7 @@ Contacts={ }, editPhoto:function(id, tmpkey){ //alert('editPhoto: ' + tmpkey); - $.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id},function(jsondata){ + $.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id, 'requesttoken':requesttoken},function(jsondata){ if(jsondata.status == 'success'){ //alert(jsondata.data.page); $('#edit_photo_dialog_img').html(jsondata.data.page); @@ -1645,7 +1645,7 @@ $(document).ready(function(){ //} } }; - xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&imagefile='+encodeURIComponent(file.name), true); + xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&requesttoken='+requesttoken+'&imagefile='+encodeURIComponent(file.name), true); xhr.setRequestHeader('Cache-Control', 'no-cache'); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name)); |