diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-07-05 00:37:08 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-07-05 00:37:08 +0200 |
| commit | dac2c14ae932187f30b045bf700680d75375b9fa (patch) | |
| tree | a9d7ace06871dfefc256e11fd70c1e8182d0aad7 /apps/contacts | |
| parent | 5d79444852cdc12f976264c21409311a475cf54f (diff) | |
| download | nextcloud-server-dac2c14ae932187f30b045bf700680d75375b9fa.tar.gz nextcloud-server-dac2c14ae932187f30b045bf700680d75375b9fa.zip | |
Add missing CSRF check.
Diffstat (limited to 'apps/contacts')
| -rw-r--r-- | apps/contacts/ajax/uploadimport.php | 1 | ||||
| -rw-r--r-- | apps/contacts/js/contacts.js | 2 |
2 files changed, 2 insertions, 1 deletions
diff --git a/apps/contacts/ajax/uploadimport.php b/apps/contacts/ajax/uploadimport.php index c1e9c8b1ad1..9511520828f 100644 --- a/apps/contacts/ajax/uploadimport.php +++ b/apps/contacts/ajax/uploadimport.php @@ -23,6 +23,7 @@ // Check if we are a user OCP\JSON::checkLoggedIn(); OCP\JSON::checkAppEnabled('contacts'); +OCP\JSON::callCheck(); require_once('loghandler.php'); $view = OCP\Files::getStorage('contacts'); diff --git a/apps/contacts/js/contacts.js b/apps/contacts/js/contacts.js index d4b3ef588ba..25fc122bf30 100644 --- a/apps/contacts/js/contacts.js +++ b/apps/contacts/js/contacts.js @@ -1465,7 +1465,7 @@ Contacts={ } } }; - xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadimport.php') + '?file='+encodeURIComponent(file.name), true); + xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadimport.php') + '?file='+encodeURIComponent(file.name)+'&requesttoken='+requesttoken, true); xhr.setRequestHeader('Cache-Control', 'no-cache'); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name)); |