aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2016-11-10 17:18:12 +0100
committerLukas Reschke <lukas@statuscode.ch>2016-11-18 12:10:51 +0100
commita53c313878d04b71b383af7e5d013f30f07ae1e2 (patch)
treee62a6bc6d13a35b1036d9e56021d78d4bb82a6e7
parent05df523395e2c9a06378f23dfd6e5439df14dffe (diff)
downloadnextcloud-server-a53c313878d04b71b383af7e5d013f30f07ae1e2.tar.gz
nextcloud-server-a53c313878d04b71b383af7e5d013f30f07ae1e2.zip
Require password confirmation to change the Quota
Signed-off-by: Joas Schilling <coding@schilljs.com>
-rw-r--r--settings/ajax/setquota.php7
-rw-r--r--settings/js/users/users.js15
2 files changed, 19 insertions, 3 deletions
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php
index eee1de407b9..0906102ec20 100644
--- a/settings/ajax/setquota.php
+++ b/settings/ajax/setquota.php
@@ -32,6 +32,13 @@
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+ $l = \OC::$server->getL10N('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+ exit();
+}
+
$username = isset($_POST["username"]) ? (string)$_POST["username"] : '';
$isUserAccessible = false;
diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index c2f1eb3c00f..6847f06a8b2 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -539,7 +539,7 @@ var UserList = {
OC.Notification.showTemporary(t('core', 'Invalid quota value "{val}"', {val: quota}));
return;
}
- UserList._updateQuota(uid, quota, function(returnedQuota){
+ UserList._updateQuota(uid, quota, function(returnedQuota) {
if (quota !== returnedQuota) {
$select.find(':selected').text(returnedQuota);
}
@@ -553,12 +553,21 @@ var UserList = {
* @param {Function} ready callback after save
*/
_updateQuota: function(uid, quota, ready) {
+ if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+ OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this._updateQuota, this, uid, quota, ready));
+ return;
+ }
+
$.post(
OC.filePath('settings', 'ajax', 'setquota.php'),
{username: uid, quota: quota},
function (result) {
- if (ready) {
- ready(result.data.quota);
+ if (result.status === 'error') {
+ OC.Notification.showTemporary(result.data.message);
+ } else {
+ if (ready) {
+ ready(result.data.quota);
+ }
}
}
);