Merge pull request #14753 from owncloud/verify-csrf-token-earlier

Verify CSRF token already in update.php and not the EventSource code
This commit is contained in:
Thomas Müller 2015-03-09 23:06:15 +01:00
commit 2f61884956
1 changed files with 2 additions and 0 deletions

View File

@ -2,6 +2,8 @@
set_time_limit(0); set_time_limit(0);
require_once '../../lib/base.php'; require_once '../../lib/base.php';
\OCP\JSON::callCheck();
if (OC::checkUpgrade(false)) { if (OC::checkUpgrade(false)) {
// if a user is currently logged in, their session must be ignored to // if a user is currently logged in, their session must be ignored to
// avoid side effects // avoid side effects