diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-30 17:19:49 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-30 17:19:49 +0100 |
| commit | ee1e4a760231477e461462a33e6c6253003a34c9 (patch) | |
| tree | e5d71bfeea403b2ff4b00b187cf7611419b13a52 /apps | |
| parent | ac784baef689ca5c0f22c8acdce8e13f6d918101 (diff) | |
| download | nextcloud-server-ee1e4a760231477e461462a33e6c6253003a34c9.tar.gz nextcloud-server-ee1e4a760231477e461462a33e6c6253003a34c9.zip | |
Send the requesttoken as form value
This is needed for IE < 8 because it doesn't send the CSRF token here.
So that it is impossible to upload files.
Fixes #110 and related to #122
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/files/templates/index.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php index d49f2f4d5d3..a4c26c49e1c 100644 --- a/apps/files/templates/index.php +++ b/apps/files/templates/index.php @@ -14,6 +14,8 @@ <div class="file_upload_wrapper svg"> <form data-upload-id='1' id="data-upload-form" class="file_upload_form" action="<?php echo OCP\Util::linkTo('files', 'ajax/upload.php'); ?>" method="post" enctype="multipart/form-data" target="file_upload_target_1"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo $_['uploadMaxFilesize'] ?>" id="max_upload"> + <!-- Send the requesttoken, this is needed for IE < 8 because it doesn't send the CSRF token --> + <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken"> <input type="hidden" class="max_human_file_size" value="(max <?php echo $_['uploadMaxHumanFilesize']; ?>)"> <input type="hidden" name="dir" value="<?php echo $_['dir'] ?>" id="dir"> <input class="file_upload_start" type="file" name='files[]'/> |