CSRF checks

4 files changed, 5 insertions, 0 deletions

diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php
index 523c3d2078b..e1dccb7d0fa 100644
--- a/apps/files_sharing/ajax/email.php
+++ b/apps/files_sharing/ajax/email.php
@@ -1,6 +1,8 @@
 <?php
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('files_sharing');
+OCP\JSON::callCheck();
+
 $user = OCP\USER::getUser();
 // TODO translations
 $type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';
diff --git a/apps/files_sharing/ajax/setpermissions.php b/apps/files_sharing/ajax/setpermissions.php
index 4d19cd40f2d..31b7a3878ef 100644
--- a/apps/files_sharing/ajax/setpermissions.php
+++ b/apps/files_sharing/ajax/setpermissions.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];
diff --git a/apps/files_sharing/ajax/share.php b/apps/files_sharing/ajax/share.php
index 1ee8c3f791a..f4f2172d251 100644
--- a/apps/files_sharing/ajax/share.php
+++ b/apps/files_sharing/ajax/share.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $userDirectory = '/'.OCP\USER::getUser().'/files';
 $sources = explode(';', $_POST['sources']);
diff --git a/apps/files_sharing/ajax/unshare.php b/apps/files_sharing/ajax/unshare.php
index d50e7963a05..44ffdb1a5bc 100644
--- a/apps/files_sharing/ajax/unshare.php
+++ b/apps/files_sharing/ajax/unshare.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];