14 files changed, 19 insertions, 3 deletions

diff --git a/apps/calendar/ajax/calendar/delete.php b/apps/calendar/ajax/calendar/delete.php
index 4d6706f6002..089255cae39 100644
--- a/apps/calendar/ajax/calendar/delete.php
+++ b/apps/calendar/ajax/calendar/delete.php
@@ -9,6 +9,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $cal = $_POST["calendarid"];
 $calendar = OC_Calendar_App::getCalendar($cal, true);
diff --git a/apps/calendar/ajax/calendar/edit.php b/apps/calendar/ajax/calendar/edit.php
index 82f18fe7f44..3f69666b58c 100644
--- a/apps/calendar/ajax/calendar/edit.php
+++ b/apps/calendar/ajax/calendar/edit.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions();
 $calendar = OC_Calendar_App::getCalendar($_GET['calendarid'], true);
diff --git a/apps/calendar/ajax/calendar/new.php b/apps/calendar/ajax/calendar/new.php
index 278c8e5520b..34b056abe8f 100644
--- a/apps/calendar/ajax/calendar/new.php
+++ b/apps/calendar/ajax/calendar/new.php
@@ -11,6 +11,7 @@
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 if(trim($_POST['name']) == ''){
 	OCP\JSON::error(array('message'=>'empty'));
diff --git a/apps/calendar/ajax/calendar/update.php b/apps/calendar/ajax/calendar/update.php
index 5cf63d396f7..740094775f5 100644
--- a/apps/calendar/ajax/calendar/update.php
+++ b/apps/calendar/ajax/calendar/update.php
@@ -11,6 +11,7 @@
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 if(trim($_POST['name']) == ''){
 	OCP\JSON::error(array('message'=>'empty'));
diff --git a/apps/calendar/ajax/event/delete.php b/apps/calendar/ajax/event/delete.php
index f183d431afa..17e45c001e8 100644
--- a/apps/calendar/ajax/event/delete.php
+++ b/apps/calendar/ajax/event/delete.php
@@ -9,6 +9,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php
index 1c3babc3d90..db78bf6e5e0 100644
--- a/apps/calendar/ajax/event/edit.php
+++ b/apps/calendar/ajax/event/edit.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 
diff --git a/apps/calendar/ajax/event/move.php b/apps/calendar/ajax/event/move.php
index 04cf2fb0513..f4e2b36376d 100644
--- a/apps/calendar/ajax/event/move.php
+++ b/apps/calendar/ajax/event/move.php
@@ -7,6 +7,7 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
diff --git a/apps/calendar/ajax/event/new.php b/apps/calendar/ajax/event/new.php
index 30e2b0cae36..bc0439cc315 100644
--- a/apps/calendar/ajax/event/new.php
+++ b/apps/calendar/ajax/event/new.php
@@ -10,6 +10,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $errarr = OC_Calendar_Object::validateRequest($_POST);
 if($errarr){
diff --git a/apps/calendar/ajax/import/import.php b/apps/calendar/ajax/import/import.php
index 18e93e67b4a..c0cd1403763 100644
--- a/apps/calendar/ajax/import/import.php
+++ b/apps/calendar/ajax/import/import.php
@@ -8,6 +8,7 @@
 //check for calendar rights or create new one
 ob_start();
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 OCP\App::checkAppEnabled('calendar');
 $nl="\r\n";
 $comps = array('VEVENT'=>true, 'VTODO'=>true, 'VJOURNAL'=>true);
diff --git a/apps/calendar/ajax/settings/setfirstday.php b/apps/calendar/ajax/settings/setfirstday.php
index 056a6037524..97c24882939 100644
--- a/apps/calendar/ajax/settings/setfirstday.php
+++ b/apps/calendar/ajax/settings/setfirstday.php
@@ -7,6 +7,8 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 if(isset($_POST["firstday"])){
 	OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'firstday', $_POST["firstday"]);
 	OCP\JSON::success();
diff --git a/apps/calendar/ajax/settings/settimeformat.php b/apps/calendar/ajax/settings/settimeformat.php
index 8e95f6f3bf5..d09679b9270 100644
--- a/apps/calendar/ajax/settings/settimeformat.php
+++ b/apps/calendar/ajax/settings/settimeformat.php
@@ -7,6 +7,8 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 if(isset($_POST["timeformat"])){
 	OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timeformat', $_POST["timeformat"]);
 	OCP\JSON::success();
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index 2737420c94e..f3c628e8477 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 $permission = (int) strip_tags($_GET['permission']);
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index 629a7b6b79f..babb8ce3f13 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 switch($idtype){
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index fe7c98452d7..09264070dde 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 switch($idtype){