diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2013-02-03 20:02:29 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2013-02-03 20:02:29 +0100 |
| commit | 9282641d06db4912098cb41f1c8a59b3eca4ac0f (patch) | |
| tree | ad6aedb8c5195a1ae9fd946b3bd8f778144d6593 | |
| parent | fb334f3c1f1ddef27ca2d8c0cd802cb667b79a8d (diff) | |
| download | nextcloud-server-9282641d06db4912098cb41f1c8a59b3eca4ac0f.tar.gz nextcloud-server-9282641d06db4912098cb41f1c8a59b3eca4ac0f.zip | |
[user_webdavauth] Add requesttoken
| -rwxr-xr-x | apps/user_webdavauth/settings.php | 10 | ||||
| -rwxr-xr-x | apps/user_webdavauth/templates/settings.php | 1 |
2 files changed, 7 insertions, 4 deletions
diff --git a/apps/user_webdavauth/settings.php b/apps/user_webdavauth/settings.php index 5f1470aa5cb..7eabb0d48cc 100755 --- a/apps/user_webdavauth/settings.php +++ b/apps/user_webdavauth/settings.php @@ -24,10 +24,12 @@ OC_Util::checkAdminUser(); if($_POST) { - - if(isset($_POST['webdav_url'])) { - OC_CONFIG::setValue('user_webdavauth_url', strip_tags($_POST['webdav_url'])); - } + // CSRF check + OCP\JSON::callCheck(); + + if(isset($_POST['webdav_url'])) { + OC_CONFIG::setValue('user_webdavauth_url', strip_tags($_POST['webdav_url'])); + } } // fill template diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php index e6ca5d97d3c..3e8b328b4da 100755 --- a/apps/user_webdavauth/templates/settings.php +++ b/apps/user_webdavauth/templates/settings.php @@ -2,6 +2,7 @@ <fieldset class="personalblock"> <legend><strong>WebDAV Authentication</strong></legend> <p><label for="webdav_url"><?php echo $l->t('WebDAV URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label> + <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken"> <input type="submit" value="Save" /> </fieldset> </form> |