mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add callCheck to testremote.php 

Without CSRF check this file might be tricked into requesting itself which would result in an endless loop and thus potentially ending in a Denial of Service.
This commit is contained in:
Lukas Reschke 2015-02-02 19:39:41 +01:00
parent 92bc1b44d5
commit 4270188252
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
apps/files_sharing/ajax/testremote.php
View File

@ -6,6 +6,7 @@
* See the COPYING-README file.
*/
OCP\JSON::callCheck();
OCP\JSON::checkAppEnabled('files_sharing');
$remote = $_GET['remote'];