diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2015-01-20 12:30:16 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2015-01-20 12:30:16 +0100 |
| commit | 3f5d4d82e41e020cc971920a5d90aebcbda7c379 (patch) | |
| tree | bb8e966f3d3b0895896af9d7ab5be9dbf7ba9065 /apps/files/ajax | |
| parent | 2ac015256fda60f684952131f220cd3db5a616ba (diff) | |
| download | nextcloud-server-3f5d4d82e41e020cc971920a5d90aebcbda7c379.tar.gz nextcloud-server-3f5d4d82e41e020cc971920a5d90aebcbda7c379.zip | |
Streamline auth and CSRF check in scan.php
Furthermore a not logged-in user was able to access this page before which resulted in a Fatal PHP error since the filesystem could not get setup properly.
Diffstat (limited to 'apps/files/ajax')
| -rw-r--r-- | apps/files/ajax/scan.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/apps/files/ajax/scan.php b/apps/files/ajax/scan.php index f8977c2971e..a85969503ca 100644 --- a/apps/files/ajax/scan.php +++ b/apps/files/ajax/scan.php @@ -1,11 +1,15 @@ <?php set_time_limit(0); //scanning can take ages + +\OCP\JSON::checkLoggedIn(); +\OCP\JSON::callCheck(); + \OC::$server->getSession()->close(); $force = (isset($_GET['force']) and ($_GET['force'] === 'true')); $dir = isset($_GET['dir']) ? $_GET['dir'] : ''; if (isset($_GET['users'])) { - OC_JSON::checkAdminUser(); + \OCP\JSON::checkAdminUser(); if ($_GET['users'] === 'all') { $users = OC_User::getUsers(); } else { |