CSRF check

3 files changed, 6 insertions, 0 deletions

diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php
index 6b5a0f71d4e..483716405a1 100644
--- a/apps/bookmarks/ajax/addBookmark.php
+++ b/apps/bookmarks/ajax/addBookmark.php
@@ -28,6 +28,8 @@ $RUNTIME_NOSETUPFS=true;
 
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 OCP\JSON::checkAppEnabled('bookmarks');
 
 require_once(OC_App::getAppPath('bookmarks').'/bookmarksHelper.php');
diff --git a/apps/bookmarks/ajax/delBookmark.php b/apps/bookmarks/ajax/delBookmark.php
index 5a067701c9f..f40f02ebab7 100644
--- a/apps/bookmarks/ajax/delBookmark.php
+++ b/apps/bookmarks/ajax/delBookmark.php
@@ -28,6 +28,8 @@ $RUNTIME_NOSETUPFS=true;
 
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 OCP\JSON::checkAppEnabled('bookmarks');
 
 $id = $_POST['id'];
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php
index 439b680dc20..0b37d161af1 100644
--- a/apps/bookmarks/ajax/editBookmark.php
+++ b/apps/bookmarks/ajax/editBookmark.php
@@ -28,6 +28,8 @@ $RUNTIME_NOSETUPFS=true;
 
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 OCP\JSON::checkAppEnabled('bookmarks');
 
 $CONFIG_DBTYPE = OCP\Config::getSystemValue( "dbtype", "sqlite" );