Added CSRF checks

author: Lukas Reschke <lukas@statuscode.ch> 2012-07-20 20:12:36 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-07-20 20:12:36 +0200
commit: 38271ded753bc9ea9943cef3c2706f8d71f3a58f (patch)
tree: 4a2bb2cd3ffe196721c448ef891d692171a925df /apps/gallery/ajax
parent: e52ab59b404d6d35ed8619da35b1f70404359212 (diff)
download: nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.tar.gz
nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/apps/gallery/ajax/createAlbum.php b/apps/gallery/ajax/createAlbum.php
index 61e2e9ae2e9..e13dac6ad1a 100644
--- a/apps/gallery/ajax/createAlbum.php
+++ b/apps/gallery/ajax/createAlbum.php
@@ -24,6 +24,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('gallery');
+OCP\JSON::callCheck();
 
 OC_Gallery_Album::create(OCP\USER::getUser(), $_GET['album_name']);
 
diff --git a/apps/gallery/ajax/sharing.php b/apps/gallery/ajax/sharing.php
index 1223320120b..c3d5989ae57 100644
--- a/apps/gallery/ajax/sharing.php
+++ b/apps/gallery/ajax/sharing.php
@@ -22,6 +22,7 @@
 */
 
  
+OCP\JSON::callCheck();
 
 if (!isset($_GET['token']) || !isset($_GET['operation'])) {
   OCP\JSON::error(array('cause' => 'Not enought arguments'));
author	Lukas Reschke <lukas@statuscode.ch>	2012-07-20 20:12:36 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-07-20 20:12:36 +0200
commit	38271ded753bc9ea9943cef3c2706f8d71f3a58f (patch)
tree	4a2bb2cd3ffe196721c448ef891d692171a925df /apps/gallery/ajax
parent	e52ab59b404d6d35ed8619da35b1f70404359212 (diff)
download	nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.tar.gz nextcloud-server-38271ded753bc9ea9943cef3c2706f8d71f3a58f.zip