From bc1e8cb0a2ef634949ae520c6aedab435eaf5b80 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Wed, 13 Jun 2012 17:35:42 +0200
Subject: Contacts: implemented CSRF prevention.

---
 apps/contacts/ajax/addcontact.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'apps/contacts/ajax/addcontact.php')

diff --git a/apps/contacts/ajax/addcontact.php b/apps/contacts/ajax/addcontact.php
index af9b2bbcc0e..e45072c9542 100644
--- a/apps/contacts/ajax/addcontact.php
+++ b/apps/contacts/ajax/addcontact.php
@@ -23,6 +23,7 @@
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('contacts');
+OCP\JSON::callCheck();
 
 $aid = isset($_POST['aid'])?$_POST['aid']:null;
 if(!$aid) {
-- 
cgit v1.2.3