diff options
| author | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 13:52:22 +0200 |
|---|---|---|
| committer | Thomas Tanghus <thomas@tanghus.net> | 2012-06-14 13:52:22 +0200 |
| commit | 625cd822c3cd9d7f382d4c80e06a344f34e66d06 (patch) | |
| tree | d781815cc23473ba83b883e9a506d909759d6d6c /lib/template.php | |
| parent | 3e339f3d668e57b76bc9e85e7e7cbb8a1b409d85 (diff) | |
| download | nextcloud-server-625cd822c3cd9d7f382d4c80e06a344f34e66d06.tar.gz nextcloud-server-625cd822c3cd9d7f382d4c80e06a344f34e66d06.zip | |
Backport CSRF prevention.
Diffstat (limited to 'lib/template.php')
| -rw-r--r-- | lib/template.php | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/lib/template.php b/lib/template.php index e908c76bfad..fd2cb34a4a9 100644 --- a/lib/template.php +++ b/lib/template.php @@ -155,11 +155,13 @@ class OC_Template{ $this->renderas = $renderas; $this->application = $app; $this->vars = array(); + if($renderas == 'user') { + $this->vars['requesttoken'] = OC_Util::callRegister(); + } $this->l10n = OC_L10N::get($app); - header('X-Frame-Options: Sameorigin'); - header('X-XSS-Protection: 1; mode=block'); - header('X-Content-Type-Options: nosniff'); - + header('X-Frame-Options: Sameorigin'); + header('X-XSS-Protection: 1; mode=block'); + header('X-Content-Type-Options: nosniff'); $this->findTemplate($name); } @@ -355,6 +357,7 @@ class OC_Template{ if( $this->renderas == "user" ){ $page = new OC_Template( "core", "layout.user" ); $page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' )); + $page->assign('requesttoken', $this->vars['requesttoken']); if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){ $page->assign('bodyid','body-settings'); }else{ |