mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added CSRF checks to Calendar. Expect some error messages - and report them ;)

This commit is contained in:
Thomas Tanghus 2012-07-17 11:46:01 +02:00
parent 1f4d6896df
commit 06ff6c6d7d
14 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/calendar/ajax/calendar/activation.php
View File

@ -9,6 +9,8 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
$calendarid = $_POST['calendarid'];
$calendar = OC_Calendar_App::getCalendar($calendarid, true);
if(!$calendar){

1
apps/calendar/ajax/calendar/delete.php
View File

@ -9,6 +9,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
$cal = $_POST["calendarid"];
$calendar = OC_Calendar_App::getCalendar($cal, true);

3
apps/calendar/ajax/calendar/new.php
View File

@ -6,11 +6,10 @@
* See the COPYING-README file.
*/
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
if(trim($_POST['name']) == ''){
OCP\JSON::error(array('message'=>'empty'));

1
apps/calendar/ajax/calendar/update.php
View File

@ -11,6 +11,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
if(trim($_POST['name']) == ''){
OCP\JSON::error(array('message'=>'empty'));

1
apps/calendar/ajax/categories/rescan.php
View File

@ -9,6 +9,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
foreach ($_POST as $key=>$element) {
debug('_POST: '.$key.'=>'.print_r($element, true));

1
apps/calendar/ajax/event/delete.php
View File

@ -9,6 +9,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
$id = $_POST['id'];
$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);

1
apps/calendar/ajax/event/edit.php
View File

@ -9,6 +9,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
$id = $_POST['id'];

1
apps/calendar/ajax/event/move.php
View File

@ -7,6 +7,7 @@
*/
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$id = $_POST['id'];
$access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);

1
apps/calendar/ajax/event/new.php
View File

@ -10,6 +10,7 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
$errarr = OC_Calendar_Object::validateRequest($_POST);
if($errarr){

1
apps/calendar/ajax/event/resize.php
View File

@ -7,6 +7,7 @@
*/
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
$id = $_POST['id'];

1
apps/calendar/ajax/import/import.php
View File

@ -10,6 +10,7 @@ ob_start();
OCP\JSON::checkLoggedIn();
OCP\App::checkAppEnabled('calendar');
OCP\JSON::callCheck();
session_write_close();
$nl="\r\n";

1
apps/calendar/ajax/settings/setfirstday.php
View File

@ -7,6 +7,7 @@
*/
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
if(isset($_POST["firstday"])){
OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'firstday', $_POST["firstday"]);
OCP\JSON::success();

1
apps/calendar/ajax/settings/settimeformat.php
View File

@ -7,6 +7,7 @@
*/
OCP\JSON::checkLoggedIn();
OCP\JSON::callCheck();
if(isset($_POST["timeformat"])){
OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timeformat', $_POST["timeformat"]);
OCP\JSON::success();

1
apps/calendar/ajax/settings/settimezone.php
View File

@ -14,6 +14,7 @@ $l=OC_L10N::get('calendar');
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
OCP\JSON::callCheck();
// Get data
if( isset( $_POST['timezone'] ) ){