diff options
| author | Joas Schilling <coding@schilljs.com> | 2016-11-10 17:18:12 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2016-11-18 12:10:51 +0100 |
| commit | a53c313878d04b71b383af7e5d013f30f07ae1e2 (patch) | |
| tree | e62a6bc6d13a35b1036d9e56021d78d4bb82a6e7 /settings/ajax | |
| parent | 05df523395e2c9a06378f23dfd6e5439df14dffe (diff) | |
| download | nextcloud-server-a53c313878d04b71b383af7e5d013f30f07ae1e2.tar.gz nextcloud-server-a53c313878d04b71b383af7e5d013f30f07ae1e2.zip | |
Require password confirmation to change the Quota
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'settings/ajax')
| -rw-r--r-- | settings/ajax/setquota.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/settings/ajax/setquota.php b/settings/ajax/setquota.php index eee1de407b9..0906102ec20 100644 --- a/settings/ajax/setquota.php +++ b/settings/ajax/setquota.php @@ -32,6 +32,13 @@ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); +$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm'); +if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay + $l = \OC::$server->getL10N('core'); + OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required')))); + exit(); +} + $username = isset($_POST["username"]) ? (string)$_POST["username"] : ''; $isUserAccessible = false; |