Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.

author: Thomas Tanghus <thomas@tanghus.net> 2012-06-13 17:33:19 +0200
committer: Thomas Tanghus <thomas@tanghus.net> 2012-06-13 17:33:19 +0200
commit: 89464721c7aa4464419cbcbedc658843f6c4696d (patch)
tree: a832cf7faa050440aaeb66c3df831d15d0da751a /lib/template.php
parent: 9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff)
download: nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.tar.gz
nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/template.php b/lib/template.php
index 14833a1e5b5..9ce041a71c3 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -155,6 +155,9 @@ class OC_Template{
 		$this->renderas = $renderas;
 		$this->application = $app;
 		$this->vars = array();
+		if($renderas == 'user') {
+			$this->vars['requesttoken'] = OC_Util::callRegister();
+		}
 		$this->l10n = OC_L10N::get($app);
                 header('X-Frame-Options: Sameorigin');
                 header('X-XSS-Protection: 1; mode=block');
@@ -355,6 +358,7 @@ class OC_Template{
 			if( $this->renderas == "user" ){
 				$page = new OC_Template( "core", "layout.user" );
 				$page->assign('searchurl',OC_Helper::linkTo( 'search', 'index.php' ));
+				$page->assign('requesttoken', $this->vars['requesttoken']);
 				if(array_search(OC_APP::getCurrentApp(),array('settings','admin','help'))!==false){
 					$page->assign('bodyid','body-settings');
 				}else{
author	Thomas Tanghus <thomas@tanghus.net>	2012-06-13 17:33:19 +0200
committer	Thomas Tanghus <thomas@tanghus.net>	2012-06-13 17:33:19 +0200
commit	89464721c7aa4464419cbcbedc658843f6c4696d (patch)
tree	a832cf7faa050440aaeb66c3df831d15d0da751a /lib/template.php
parent	9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff)
download	nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.tar.gz nextcloud-server-89464721c7aa4464419cbcbedc658843f6c4696d.zip