mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CSRF checks

This commit is contained in:
Lukas Reschke 2012-07-07 16:03:21 +02:00
parent b7c510a61a
commit 04a0755fd3
4 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files_sharing/ajax/email.php
View File

@ -1,6 +1,8 @@
<?php
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('files_sharing');
OCP\JSON::callCheck();
$user = OCP\USER::getUser();
// TODO translations
$type = (strpos($_POST['file'], '.') === false) ? 'folder' : 'file';

1
apps/files_sharing/ajax/setpermissions.php
View File

@ -2,6 +2,7 @@
OCP\JSON::checkAppEnabled('files_sharing');
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
$uid_shared_with = $_POST['uid_shared_with'];

1
apps/files_sharing/ajax/share.php
View File

@ -2,6 +2,7 @@
OCP\JSON::checkAppEnabled('files_sharing');
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$userDirectory = '/'.OCP\USER::getUser().'/files';
$sources = explode(';', $_POST['sources']);

1
apps/files_sharing/ajax/unshare.php
View File

@ -2,6 +2,7 @@
OCP\JSON::checkAppEnabled('files_sharing');
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
$uid_shared_with = $_POST['uid_shared_with'];