diff options
Diffstat (limited to 'settings/ajax/togglegroups.php')
| -rw-r--r-- | settings/ajax/togglegroups.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/settings/ajax/togglegroups.php b/settings/ajax/togglegroups.php index ff79861b811..b9958bef0c9 100644 --- a/settings/ajax/togglegroups.php +++ b/settings/ajax/togglegroups.php @@ -28,6 +28,13 @@ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); +$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm'); +if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay + $l = \OC::$server->getL10N('core'); + OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required')))); + exit(); +} + $success = true; $username = (string)$_POST['username']; $group = (string)$_POST['group']; |