CSRF check in the settings

author: Lukas Reschke <lukas@statuscode.ch> 2012-07-07 15:27:04 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-07-07 15:27:04 +0200
commit: 777eb1d8b1d68f93d986bf2c8280e7416a1694e6 (patch)
tree: 75736860128c6d7cb6ef8ca628e039af71f55c15 /settings/ajax/creategroup.php
parent: ec7bb86b2875c9e5afbd7db57de3c872afc3e90b (diff)
download: nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.tar.gz
nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php
index 57d82e7bd94..3626600ad9b 100644
--- a/settings/ajax/creategroup.php
+++ b/settings/ajax/creategroup.php
@@ -9,6 +9,8 @@ if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' ))
 	exit();
 }
 
+OCP\JSON::callCheck();
+
 $groupname = $_POST["groupname"];
 
 // Does the group exist?
author	Lukas Reschke <lukas@statuscode.ch>	2012-07-07 15:27:04 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-07-07 15:27:04 +0200
commit	777eb1d8b1d68f93d986bf2c8280e7416a1694e6 (patch)
tree	75736860128c6d7cb6ef8ca628e039af71f55c15 /settings/ajax/creategroup.php
parent	ec7bb86b2875c9e5afbd7db57de3c872afc3e90b (diff)
download	nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.tar.gz nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.zip