diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:35:42 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:35:42 +0200 |
| commit | bc1e8cb0a2ef634949ae520c6aedab435eaf5b80 (patch) | |
| tree | ae72b2dc4296127d9f332aa6f6929ea74f9c0820 /apps/contacts/ajax/uploadphoto.php | |
| parent | 89464721c7aa4464419cbcbedc658843f6c4696d (diff) | |
| download | nextcloud-server-bc1e8cb0a2ef634949ae520c6aedab435eaf5b80.tar.gz nextcloud-server-bc1e8cb0a2ef634949ae520c6aedab435eaf5b80.zip | |
Contacts: implemented CSRF prevention.
Diffstat (limited to 'apps/contacts/ajax/uploadphoto.php')
| -rw-r--r-- | apps/contacts/ajax/uploadphoto.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/contacts/ajax/uploadphoto.php b/apps/contacts/ajax/uploadphoto.php index 32abc6c2859..889de6a1f8b 100644 --- a/apps/contacts/ajax/uploadphoto.php +++ b/apps/contacts/ajax/uploadphoto.php @@ -23,6 +23,8 @@ // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); +OCP\JSON::callCheck(); + // Firefox and Konqueror tries to download application/json for me. --Arthur OCP\JSON::setContentTypeHeader('text/plain'); function bailOut($msg) { |