diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-07-20 20:12:36 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-07-20 20:12:36 +0200 |
| commit | 38271ded753bc9ea9943cef3c2706f8d71f3a58f (patch) | |
| tree | 4a2bb2cd3ffe196721c448ef891d692171a925df /apps/files_sharing/ajax | |
| parent | e52ab59b404d6d35ed8619da35b1f70404359212 (diff) | |
| download | nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.tar.gz nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.zip | |
Added CSRF checks
Diffstat (limited to 'apps/files_sharing/ajax')
| -rw-r--r-- | apps/files_sharing/ajax/email.php | 1 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/setpermissions.php | 1 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/share.php | 1 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/toggleresharing.php | 2 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/togglesharewitheveryone.php | 2 | ||||
| -rw-r--r-- | apps/files_sharing/ajax/unshare.php | 1 |
6 files changed, 8 insertions, 0 deletions
diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php index edf9eca4313..e931e5f77e6 100644 --- a/apps/files_sharing/ajax/email.php +++ b/apps/files_sharing/ajax/email.php @@ -1,5 +1,6 @@ <?php OCP\JSON::checkLoggedIn(); +OCP\JSON::callCheck(); OCP\JSON::checkAppEnabled('files_sharing'); $user = OCP\USER::getUser(); // TODO translations diff --git a/apps/files_sharing/ajax/setpermissions.php b/apps/files_sharing/ajax/setpermissions.php index 2f4c5da9788..13daab738de 100644 --- a/apps/files_sharing/ajax/setpermissions.php +++ b/apps/files_sharing/ajax/setpermissions.php @@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php'); OCP\JSON::checkAppEnabled('files_sharing'); OCP\JSON::checkLoggedIn(); +OCP\JSON::callCheck(); $source = '/'.OCP\USER::getUser().'/files'.$_POST['source']; $uid_shared_with = $_POST['uid_shared_with']; diff --git a/apps/files_sharing/ajax/share.php b/apps/files_sharing/ajax/share.php index ec3c25998af..fb28caf7b7e 100644 --- a/apps/files_sharing/ajax/share.php +++ b/apps/files_sharing/ajax/share.php @@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php'); OCP\JSON::checkAppEnabled('files_sharing'); OCP\JSON::checkLoggedIn(); +OCP\JSON::callCheck(); $userDirectory = '/'.OCP\USER::getUser().'/files'; $sources = explode(';', $_POST['sources']); diff --git a/apps/files_sharing/ajax/toggleresharing.php b/apps/files_sharing/ajax/toggleresharing.php index 673f00c5d18..ab8e82c8c3f 100644 --- a/apps/files_sharing/ajax/toggleresharing.php +++ b/apps/files_sharing/ajax/toggleresharing.php @@ -1,5 +1,7 @@ <?php +OCP\JSON::callCheck(); + OCP\JSON::checkAppEnabled('files_sharing'); OCP\JSON::checkAdminUser(); if ($_POST['resharing'] == true) { diff --git a/apps/files_sharing/ajax/togglesharewitheveryone.php b/apps/files_sharing/ajax/togglesharewitheveryone.php index dc1105f2f3c..96c43711cb5 100644 --- a/apps/files_sharing/ajax/togglesharewitheveryone.php +++ b/apps/files_sharing/ajax/togglesharewitheveryone.php @@ -1,5 +1,7 @@ <?php +OCP\JSON::callCheck(); + OCP\JSON::checkAppEnabled('files_sharing'); OCP\JSON::checkAdminUser(); if ($_POST['allowSharingWithEveryone'] == true) { diff --git a/apps/files_sharing/ajax/unshare.php b/apps/files_sharing/ajax/unshare.php index 9088bf42663..d291b719e38 100644 --- a/apps/files_sharing/ajax/unshare.php +++ b/apps/files_sharing/ajax/unshare.php @@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php'); OCP\JSON::checkAppEnabled('files_sharing'); OCP\JSON::checkLoggedIn(); +OCP\JSON::callCheck(); $source = '/'.OCP\USER::getUser().'/files'.$_POST['source']; $uid_shared_with = $_POST['uid_shared_with']; |