diff --git a/apps/bookmarks/ajax/addBookmark.php b/apps/bookmarks/ajax/addBookmark.php
index a2eb506f85..b4d0f33d72 100644
--- a/apps/bookmarks/ajax/addBookmark.php
+++ b/apps/bookmarks/ajax/addBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 require_once(OC::$APPSROOT . '/apps/bookmarks/bookmarksHelper.php');
 $id = addBookmark($_POST['url'], $_POST['title'], $_POST['tags']);
diff --git a/apps/bookmarks/ajax/delBookmark.php b/apps/bookmarks/ajax/delBookmark.php
index 5a067701c9..140da2a37d 100644
--- a/apps/bookmarks/ajax/delBookmark.php
+++ b/apps/bookmarks/ajax/delBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 if (!OC_Bookmarks_Bookmarks::deleteUrl($id)){
diff --git a/apps/bookmarks/ajax/editBookmark.php b/apps/bookmarks/ajax/editBookmark.php
index 439b680dc2..36258f7096 100644
--- a/apps/bookmarks/ajax/editBookmark.php
+++ b/apps/bookmarks/ajax/editBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 $CONFIG_DBTYPE = OCP\Config::getSystemValue( "dbtype", "sqlite" );
 if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){
diff --git a/apps/calendar/ajax/calendar/delete.php b/apps/calendar/ajax/calendar/delete.php
index 4d6706f600..089255cae3 100644
--- a/apps/calendar/ajax/calendar/delete.php
+++ b/apps/calendar/ajax/calendar/delete.php
@@ -9,6 +9,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $cal = $_POST["calendarid"];
 $calendar = OC_Calendar_App::getCalendar($cal, true);
diff --git a/apps/calendar/ajax/calendar/edit.php b/apps/calendar/ajax/calendar/edit.php
index 82f18fe7f4..3f69666b58 100644
--- a/apps/calendar/ajax/calendar/edit.php
+++ b/apps/calendar/ajax/calendar/edit.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $calendarcolor_options = OC_Calendar_Calendar::getCalendarColorOptions();
 $calendar = OC_Calendar_App::getCalendar($_GET['calendarid'], true);
diff --git a/apps/calendar/ajax/calendar/new.php b/apps/calendar/ajax/calendar/new.php
index 278c8e5520..34b056abe8 100644
--- a/apps/calendar/ajax/calendar/new.php
+++ b/apps/calendar/ajax/calendar/new.php
@@ -11,6 +11,7 @@
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 if(trim($_POST['name']) == ''){
 	OCP\JSON::error(array('message'=>'empty'));
diff --git a/apps/calendar/ajax/calendar/update.php b/apps/calendar/ajax/calendar/update.php
index 5cf63d396f..740094775f 100644
--- a/apps/calendar/ajax/calendar/update.php
+++ b/apps/calendar/ajax/calendar/update.php
@@ -11,6 +11,7 @@
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 if(trim($_POST['name']) == ''){
 	OCP\JSON::error(array('message'=>'empty'));
diff --git a/apps/calendar/ajax/event/delete.php b/apps/calendar/ajax/event/delete.php
index f183d431af..17e45c001e 100644
--- a/apps/calendar/ajax/event/delete.php
+++ b/apps/calendar/ajax/event/delete.php
@@ -9,6 +9,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
diff --git a/apps/calendar/ajax/event/edit.php b/apps/calendar/ajax/event/edit.php
index 1c3babc3d9..db78bf6e5e 100644
--- a/apps/calendar/ajax/event/edit.php
+++ b/apps/calendar/ajax/event/edit.php
@@ -9,6 +9,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 
diff --git a/apps/calendar/ajax/event/move.php b/apps/calendar/ajax/event/move.php
index 04cf2fb051..f4e2b36376 100644
--- a/apps/calendar/ajax/event/move.php
+++ b/apps/calendar/ajax/event/move.php
@@ -7,6 +7,7 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $access = OC_Calendar_App::getaccess($id, OC_Calendar_App::EVENT);
diff --git a/apps/calendar/ajax/event/new.php b/apps/calendar/ajax/event/new.php
index 30e2b0cae3..bc0439cc31 100644
--- a/apps/calendar/ajax/event/new.php
+++ b/apps/calendar/ajax/event/new.php
@@ -10,6 +10,7 @@
 
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
 
 $errarr = OC_Calendar_Object::validateRequest($_POST);
 if($errarr){
diff --git a/apps/calendar/ajax/import/import.php b/apps/calendar/ajax/import/import.php
index 18e93e67b4..c0cd140376 100644
--- a/apps/calendar/ajax/import/import.php
+++ b/apps/calendar/ajax/import/import.php
@@ -8,6 +8,7 @@
 //check for calendar rights or create new one
 ob_start();
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 OCP\App::checkAppEnabled('calendar');
 $nl="\r\n";
 $comps = array('VEVENT'=>true, 'VTODO'=>true, 'VJOURNAL'=>true);
diff --git a/apps/calendar/ajax/settings/setfirstday.php b/apps/calendar/ajax/settings/setfirstday.php
index 056a603752..97c2488293 100644
--- a/apps/calendar/ajax/settings/setfirstday.php
+++ b/apps/calendar/ajax/settings/setfirstday.php
@@ -7,6 +7,8 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 if(isset($_POST["firstday"])){
 	OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'firstday', $_POST["firstday"]);
 	OCP\JSON::success();
diff --git a/apps/calendar/ajax/settings/settimeformat.php b/apps/calendar/ajax/settings/settimeformat.php
index 8e95f6f3bf..d09679b927 100644
--- a/apps/calendar/ajax/settings/settimeformat.php
+++ b/apps/calendar/ajax/settings/settimeformat.php
@@ -7,6 +7,8 @@
  */
  
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
+
 if(isset($_POST["timeformat"])){
 	OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timeformat', $_POST["timeformat"]);
 	OCP\JSON::success();
diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index 2737420c94..f3c628e847 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 $permission = (int) strip_tags($_GET['permission']);
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index 629a7b6b79..babb8ce3f1 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 switch($idtype){
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index fe7c98452d..09264070dd 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -5,7 +5,8 @@
  * later.
  * See the COPYING-README file.
  */
- 
+ OCP\JSON::callCheck();
+
 $id = strip_tags($_GET['id']);
 $idtype = strip_tags($_GET['idtype']);
 switch($idtype){
diff --git a/apps/external/ajax/setsites.php b/apps/external/ajax/setsites.php
index f153735f09..0dbac3abb2 100644
--- a/apps/external/ajax/setsites.php
+++ b/apps/external/ajax/setsites.php
@@ -8,6 +8,7 @@
 
  
 OCP\User::checkAdminUser();
+OCP\JSON::callCheck();
 
 $sites = array();
 for ($i = 0; $i < sizeof($_POST['site_name']); $i++) {
diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index ed155de0dc..161d820f73 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 945fe4e7b8..56171dd0ed 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index edb7841487..7236deb65c 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index c5c37914c6..ae92bcf09b 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php
index e2fa3d54a6..8e98308eb5 100644
--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files_sharing/ajax/email.php b/apps/files_sharing/ajax/email.php
index edf9eca431..e931e5f77e 100644
--- a/apps/files_sharing/ajax/email.php
+++ b/apps/files_sharing/ajax/email.php
@@ -1,5 +1,6 @@
 <?php
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 OCP\JSON::checkAppEnabled('files_sharing');
 $user = OCP\USER::getUser();
 // TODO translations
diff --git a/apps/files_sharing/ajax/setpermissions.php b/apps/files_sharing/ajax/setpermissions.php
index 2f4c5da978..13daab738d 100644
--- a/apps/files_sharing/ajax/setpermissions.php
+++ b/apps/files_sharing/ajax/setpermissions.php
@@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php');
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];
diff --git a/apps/files_sharing/ajax/share.php b/apps/files_sharing/ajax/share.php
index ec3c25998a..fb28caf7b7 100644
--- a/apps/files_sharing/ajax/share.php
+++ b/apps/files_sharing/ajax/share.php
@@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php');
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $userDirectory = '/'.OCP\USER::getUser().'/files';
 $sources = explode(';', $_POST['sources']);
diff --git a/apps/files_sharing/ajax/toggleresharing.php b/apps/files_sharing/ajax/toggleresharing.php
index 673f00c5d1..ab8e82c8c3 100644
--- a/apps/files_sharing/ajax/toggleresharing.php
+++ b/apps/files_sharing/ajax/toggleresharing.php
@@ -1,5 +1,7 @@
 <?php
 
+OCP\JSON::callCheck();
+
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkAdminUser();
 if ($_POST['resharing'] == true) {
diff --git a/apps/files_sharing/ajax/togglesharewitheveryone.php b/apps/files_sharing/ajax/togglesharewitheveryone.php
index dc1105f2f3..96c43711cb 100644
--- a/apps/files_sharing/ajax/togglesharewitheveryone.php
+++ b/apps/files_sharing/ajax/togglesharewitheveryone.php
@@ -1,5 +1,7 @@
 <?php
 
+OCP\JSON::callCheck();
+
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkAdminUser();
 if ($_POST['allowSharingWithEveryone'] == true) {
diff --git a/apps/files_sharing/ajax/unshare.php b/apps/files_sharing/ajax/unshare.php
index 9088bf4266..d291b719e3 100644
--- a/apps/files_sharing/ajax/unshare.php
+++ b/apps/files_sharing/ajax/unshare.php
@@ -3,6 +3,7 @@ require_once(OC::$APPSROOT . '/apps/files_sharing/lib_share.php');
 
 OCP\JSON::checkAppEnabled('files_sharing');
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 $source = '/'.OCP\USER::getUser().'/files'.$_POST['source'];
 $uid_shared_with = $_POST['uid_shared_with'];
diff --git a/apps/files_texteditor/ajax/savefile.php b/apps/files_texteditor/ajax/savefile.php
index f789112d7d..aa24d07eef 100644
--- a/apps/files_texteditor/ajax/savefile.php
+++ b/apps/files_texteditor/ajax/savefile.php
@@ -26,6 +26,7 @@
 
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get paramteres
 $filecontents = isset($_POST['filecontents']) ? $_POST['filecontents'] : false;
diff --git a/apps/files_versions/ajax/rollbackVersion.php b/apps/files_versions/ajax/rollbackVersion.php
index 127592f3b5..77c6102ea7 100644
--- a/apps/files_versions/ajax/rollbackVersion.php
+++ b/apps/files_versions/ajax/rollbackVersion.php
@@ -1,6 +1,7 @@
 <?php
 
 OCP\JSON::checkAppEnabled('files_versions');
+OCP\JSON::callCheck();
 
 require_once('apps/files_versions/versions.php');
 
diff --git a/apps/gallery/ajax/createAlbum.php b/apps/gallery/ajax/createAlbum.php
index 61e2e9ae2e..e13dac6ad1 100644
--- a/apps/gallery/ajax/createAlbum.php
+++ b/apps/gallery/ajax/createAlbum.php
@@ -24,6 +24,7 @@
  
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('gallery');
+OCP\JSON::callCheck();
 
 OC_Gallery_Album::create(OCP\USER::getUser(), $_GET['album_name']);
 
diff --git a/apps/gallery/ajax/sharing.php b/apps/gallery/ajax/sharing.php
index 1223320120..c3d5989ae5 100644
--- a/apps/gallery/ajax/sharing.php
+++ b/apps/gallery/ajax/sharing.php
@@ -22,6 +22,7 @@
 */
 
  
+OCP\JSON::callCheck();
 
 if (!isset($_GET['token']) || !isset($_GET['operation'])) {
   OCP\JSON::error(array('cause' => 'Not enought arguments'));
diff --git a/apps/tasks/ajax/addtask.php b/apps/tasks/ajax/addtask.php
index 9f35e7f21e..188e179236 100644
--- a/apps/tasks/ajax/addtask.php
+++ b/apps/tasks/ajax/addtask.php
@@ -3,6 +3,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true);
 $first_calendar = reset($calendars);
diff --git a/apps/tasks/ajax/addtaskform.php b/apps/tasks/ajax/addtaskform.php
index d86232e2da..2795f39373 100644
--- a/apps/tasks/ajax/addtaskform.php
+++ b/apps/tasks/ajax/addtaskform.php
@@ -3,6 +3,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true);
 $category_options = OC_Calendar_App::getCategoryOptions();
diff --git a/apps/tasks/ajax/delete.php b/apps/tasks/ajax/delete.php
index e29add9b55..cc22c3e387 100644
--- a/apps/tasks/ajax/delete.php
+++ b/apps/tasks/ajax/delete.php
@@ -23,6 +23,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $task = OC_Calendar_App::getEventObject( $id );
diff --git a/apps/tasks/ajax/edittask.php b/apps/tasks/ajax/edittask.php
index edcc8a7cdc..77ecff13e6 100644
--- a/apps/tasks/ajax/edittask.php
+++ b/apps/tasks/ajax/edittask.php
@@ -3,6 +3,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $l10n = new OC_L10N('tasks');