diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-07-07 16:12:21 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-07-07 16:12:21 +0200 |
| commit | ea70ca3ce3cbbaac0e24e30304f44dfc37c11f56 (patch) | |
| tree | 7a4edb84ce51edc6e2695818a2b6101be2d18536 /apps/files_external/ajax | |
| parent | 2c318f45f4ac47c7646407692910e1fc72bf07c2 (diff) | |
| download | nextcloud-server-ea70ca3ce3cbbaac0e24e30304f44dfc37c11f56.tar.gz nextcloud-server-ea70ca3ce3cbbaac0e24e30304f44dfc37c11f56.zip | |
CSRF checks
Diffstat (limited to 'apps/files_external/ajax')
| -rw-r--r-- | apps/files_external/ajax/addMountPoint.php | 2 | ||||
| -rw-r--r-- | apps/files_external/ajax/removeMountPoint.php | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php index 549cb6a3427..0eedfdb3339 100644 --- a/apps/files_external/ajax/addMountPoint.php +++ b/apps/files_external/ajax/addMountPoint.php @@ -1,6 +1,8 @@ <?php OCP\JSON::checkAppEnabled('files_external'); +OCP\JSON::callCheck(); + if ($_POST['isPersonal'] == 'true') { OCP\JSON::checkLoggedIn(); $isPersonal = true; diff --git a/apps/files_external/ajax/removeMountPoint.php b/apps/files_external/ajax/removeMountPoint.php index b77b306bcb5..a96601b4d05 100644 --- a/apps/files_external/ajax/removeMountPoint.php +++ b/apps/files_external/ajax/removeMountPoint.php @@ -1,6 +1,8 @@ <?php OCP\JSON::checkAppEnabled('files_external'); +OCP\JSON::callCheck(); + if ($_POST['isPersonal'] == 'true') { OCP\JSON::checkLoggedIn(); $isPersonal = true; |