Added CSRF checks to files_versions. Expect some error messages - and report them ;)

3 files changed, 3 insertions, 0 deletions

diff --git a/apps/files_versions/ajax/expireAll.php b/apps/files_versions/ajax/expireAll.php
index 4f165be0ae9..2a678c7f0a5 100644
--- a/apps/files_versions/ajax/expireAll.php
+++ b/apps/files_versions/ajax/expireAll.php
@@ -27,6 +27,7 @@
 // Check user and app status
 OCP\JSON::checkLoggedIn();
 OCP\App::checkAppEnabled('files_versions');
+OCP\JSON::callCheck();
 
 $versions = new OCA_Versions\Storage();
 
diff --git a/apps/files_versions/ajax/rollbackVersion.php b/apps/files_versions/ajax/rollbackVersion.php
index 8d1092f8b8e..24d71a914a4 100644
--- a/apps/files_versions/ajax/rollbackVersion.php
+++ b/apps/files_versions/ajax/rollbackVersion.php
@@ -1,6 +1,7 @@
 <?php
 
 OCP\JSON::checkAppEnabled('files_versions');
+OCP\JSON::callCheck();
 
 $userDirectory = "/".OCP\USER::getUser()."/files";
 
diff --git a/apps/files_versions/ajax/togglesettings.php b/apps/files_versions/ajax/togglesettings.php
index 86f614c5c89..546b37ae1aa 100644
--- a/apps/files_versions/ajax/togglesettings.php
+++ b/apps/files_versions/ajax/togglesettings.php
@@ -2,6 +2,7 @@
 
 OCP\JSON::checkAppEnabled('files_versions');
 OCP\JSON::checkAdminUser();
+OCP\JSON::callCheck();
 if (OCP\Config::getSystemValue('versions', 'true')=='true') {
 	OCP\Config::setSystemValue('versions', 'false');
 } else {