summaryrefslogtreecommitdiffstats
path: root/settings/ajax/installapp.php
diff options
context:
space:
mode:
Diffstat (limited to 'settings/ajax/installapp.php')
-rw-r--r--settings/ajax/installapp.php7
1 files changed, 7 insertions, 0 deletions
diff --git a/settings/ajax/installapp.php b/settings/ajax/installapp.php
index 75f3fea83b7..17e5eadf50e 100644
--- a/settings/ajax/installapp.php
+++ b/settings/ajax/installapp.php
@@ -24,6 +24,13 @@
OCP\JSON::checkAdminUser();
OCP\JSON::callCheck();
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+ $l = \OC::$server->getL10N('core');
+ OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+ exit();
+}
+
if (!array_key_exists('appid', $_POST)) {
OC_JSON::error();
exit;
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 15:50:03 +0000