aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_webdavauth
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2013-02-03 19:58:55 +0100
committerLukas Reschke <lukas@statuscode.ch>2013-02-03 19:58:55 +0100
commitbce59c39458c859d14978f255cf520f111ea78dd (patch)
tree5bc73e35de87e7a7024115da16729b01e3538d96 /apps/user_webdavauth
parentb8e6b8692b0c306de6ebfe0a82bfe7bab304cd0a (diff)
downloadnextcloud-server-bce59c39458c859d14978f255cf520f111ea78dd.tar.gz
nextcloud-server-bce59c39458c859d14978f255cf520f111ea78dd.zip
[user_webdavauth] add requesttoken
Diffstat (limited to 'apps/user_webdavauth')
-rwxr-xr-xapps/user_webdavauth/settings.php4
-rwxr-xr-xapps/user_webdavauth/templates/settings.php1
2 files changed, 4 insertions, 1 deletions
diff --git a/apps/user_webdavauth/settings.php b/apps/user_webdavauth/settings.php
index 41d7fa51cd2..7eabb0d48cc 100755
--- a/apps/user_webdavauth/settings.php
+++ b/apps/user_webdavauth/settings.php
@@ -24,7 +24,9 @@
OC_Util::checkAdminUser();
if($_POST) {
-
+ // CSRF check
+ OCP\JSON::callCheck();
+
if(isset($_POST['webdav_url'])) {
OC_CONFIG::setValue('user_webdavauth_url', strip_tags($_POST['webdav_url']));
}
diff --git a/apps/user_webdavauth/templates/settings.php b/apps/user_webdavauth/templates/settings.php
index 880b77ac959..45f4d81aecf 100755
--- a/apps/user_webdavauth/templates/settings.php
+++ b/apps/user_webdavauth/templates/settings.php
@@ -2,6 +2,7 @@
<fieldset class="personalblock">
<legend><strong><?php echo $l->t('WebDAV Authentication');?></strong></legend>
<p><label for="webdav_url"><?php echo $l->t('URL: http://');?><input type="text" id="webdav_url" name="webdav_url" value="<?php echo $_['webdav_url']; ?>"></label>
+ <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
<input type="submit" value="Save" />
<br /><?php echo $l->t('ownCloud will send the user credentials to this URL. This plugin checks the response and will interpret the HTTP statuscodes 401 and 403 as invalid credentials, and all other responses as valid credentials.'); ?>
</fieldset>