CSRF check in the settings

author: Lukas Reschke <lukas@statuscode.ch> 2012-07-07 15:27:04 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2012-07-07 15:27:04 +0200
commit: 777eb1d8b1d68f93d986bf2c8280e7416a1694e6 (patch)
tree: 75736860128c6d7cb6ef8ca628e039af71f55c15 /settings/ajax/createuser.php
parent: ec7bb86b2875c9e5afbd7db57de3c872afc3e90b (diff)
download: nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.tar.gz
nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php
index 6714711bc87..079b4750b7d 100644
--- a/settings/ajax/createuser.php
+++ b/settings/ajax/createuser.php
@@ -8,6 +8,7 @@ if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' ))
 	OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
 	exit();
 }
+OCP\JSON::callCheck();
 
 $groups = array();
 if( isset( $_POST["groups"] )){
author	Lukas Reschke <lukas@statuscode.ch>	2012-07-07 15:27:04 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2012-07-07 15:27:04 +0200
commit	777eb1d8b1d68f93d986bf2c8280e7416a1694e6 (patch)
tree	75736860128c6d7cb6ef8ca628e039af71f55c15 /settings/ajax/createuser.php
parent	ec7bb86b2875c9e5afbd7db57de3c872afc3e90b (diff)
download	nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.tar.gz nextcloud-server-777eb1d8b1d68f93d986bf2c8280e7416a1694e6.zip