mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Streamline auth and CSRF check in scan.php 

Furthermore a not logged-in user was able to access this page before which resulted in a Fatal PHP error since the filesystem could not get setup properly.
This commit is contained in:
Lukas Reschke 2015-01-20 12:30:16 +01:00
parent 2ac015256f
commit 3f5d4d82e4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
apps/files/ajax/scan.php
View File

@ -1,11 +1,15 @@
<?php
set_time_limit(0); //scanning can take ages
\OCP\JSON::checkLoggedIn();
\OCP\JSON::callCheck();
\OC::$server->getSession()->close();
$force = (isset($_GET['force']) and ($_GET['force'] === 'true'));
$dir = isset($_GET['dir']) ? $_GET['dir'] : '';
if (isset($_GET['users'])) {
OC_JSON::checkAdminUser();
\OCP\JSON::checkAdminUser();
if ($_GET['users'] === 'all') {
$users = OC_User::getUsers();
} else {