From 3d42e402c5f1956bc72ac5accc268f519d66c3e9 Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Tue, 29 Oct 2013 23:07:27 +0100
Subject: http header OCS-ApiRequest: true is required in case of session based
 OCS API calls

---
 lib/private/api.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/private/api.php b/lib/private/api.php
index 26091657b31..0576f3e3f93 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,8 @@ class OC_API {
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		if ($loggedIn === true) {
+		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}
 
-- 
cgit v1.2.3


From cba12e009fd11591763198665e5845cc54f395da Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 30 Oct 2013 21:07:19 +0100
Subject: Added missing HTTP prefix to the $_SERVER variable

---
 lib/private/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/private/api.php b/lib/private/api.php
index 0576f3e3f93..7e69a6a77d2 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,7 @@ class OC_API {
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
 		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}
-- 
cgit v1.2.3


From 3f42c890be86fdeebbf9008ccac117cb4f292e02 Mon Sep 17 00:00:00 2001
From: Thomas Müller <thomas.mueller@tmit.eu>
Date: Wed, 30 Oct 2013 22:59:31 +0100
Subject:  we should check if a user is logged in before we check for admin
 privilege

---
 lib/private/util.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib')

diff --git a/lib/private/util.php b/lib/private/util.php
index f63884c0f32..176eb4bc369 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -579,6 +579,7 @@ class OC_Util {
 	 * @return void
 	 */
 	public static function checkAdminUser() {
+		OC_Util::checkLoggedIn();
 		if( !OC_User::isAdminUser(OC_User::getUser())) {
 			header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
 			exit();
@@ -611,6 +612,7 @@ class OC_Util {
 	 * @return array $groups where the current user is subadmin
 	 */
 	public static function checkSubAdminUser() {
+		OC_Util::checkLoggedIn();
 		if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
 			header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
 			exit();
-- 
cgit v1.2.3