From 89464721c7aa4464419cbcbedc658843f6c4696d Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Wed, 13 Jun 2012 17:33:19 +0200
Subject: Added JSON methods for CSRF prevention. Make request token accessible
 from template and add js var.

---
 lib/json.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'lib/json.php')

diff --git a/lib/json.php b/lib/json.php
index f3bbe9ac899..dfc0a7b894e 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -41,6 +41,18 @@ class OC_JSON{
 		}
 	}
 
+	/**
+	 * @brief Check an ajax get/post call if the request token is valid.
+	 * @return json Error msg if not valid.
+	 */
+	public static function callCheck(){
+		if( !OC_Util::isCallRegistered()){
+			$l = OC_L10N::get('core');
+			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
+			exit();
+		}
+	}
+        
 	/**
 	* Check if the user is a admin, send json error msg if not
 	*/
-- 
cgit v1.2.3