diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:33:19 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-13 17:33:19 +0200 |
| commit | 89464721c7aa4464419cbcbedc658843f6c4696d (patch) | |
| tree | a832cf7faa050440aaeb66c3df831d15d0da751a /lib/json.php | |
| parent | 9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff) | |
| download | nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.tar.gz nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.zip | |
Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.
Diffstat (limited to 'lib/json.php')
| -rw-r--r-- | lib/json.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/json.php b/lib/json.php index f3bbe9ac899..dfc0a7b894e 100644 --- a/lib/json.php +++ b/lib/json.php @@ -42,6 +42,18 @@ class OC_JSON{ } /** + * @brief Check an ajax get/post call if the request token is valid. + * @return json Error msg if not valid. + */ + public static function callCheck(){ + if( !OC_Util::isCallRegistered()){ + $l = OC_L10N::get('core'); + self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') ))); + exit(); + } + } + + /** * Check if the user is a admin, send json error msg if not */ public static function checkAdminUser(){ |