CSRF check in the settings

This commit is contained in:
Lukas Reschke 2012-07-07 15:27:04 +02:00
parent ec7bb86b28
commit 777eb1d8b1
13 changed files with 15 additions and 1 deletions

View File

@ -9,6 +9,8 @@ $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
// Check if we are a user
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
if( (!OC_Group::inGroup( OC_User::getUser(), 'admin' ) && ($username!=OC_User::getUser() || !OC_User::checkPassword($username,$oldPassword)))) {
OC_JSON::error( array( "data" => array( "message" => "Authentication error" )));
exit();

View File

@ -9,6 +9,8 @@ if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' ))
exit();
}
OCP\JSON::callCheck();
$groupname = $_POST["groupname"];
// Does the group exist?

View File

@ -8,6 +8,7 @@ if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' ))
OC_JSON::error(array("data" => array( "message" => "Authentication error" )));
exit();
}
OCP\JSON::callCheck();
$groups = array();
if( isset( $_POST["groups"] )){

View File

@ -2,6 +2,7 @@
// Init owncloud
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
OC_JSON::setContentTypeHeader();
OC_App::disable($_POST['appid']);

View File

@ -3,6 +3,7 @@
// Init owncloud
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
OC_JSON::setContentTypeHeader();
if(OC_App::enable($_POST['appid'])){

View File

@ -2,8 +2,8 @@
// Init owncloud
require_once('../../lib/base.php');
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
$l=OC_L10N::get('core');

View File

@ -6,6 +6,7 @@ require_once('../../lib/base.php');
$l=OC_L10N::get('settings');
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
OC_JSON::checkAppEnabled('user_openid');
// Get data

View File

@ -4,6 +4,7 @@
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$name = $_POST["groupname"];

View File

@ -4,6 +4,7 @@
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$username = $_POST["username"];

View File

@ -6,6 +6,7 @@ require_once('../../lib/base.php');
$l=OC_L10N::get('settings');
OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();
// Get data

View File

@ -7,6 +7,7 @@
require_once('../../lib/base.php');
OC_Util::checkAdminUser();
OCP\JSON::callCheck();
OC_Config::setValue( 'loglevel', $_POST['level'] );

View File

@ -9,6 +9,7 @@
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$username = isset($_POST["username"])?$_POST["username"]:'';

View File

@ -4,6 +4,7 @@
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$success = true;
$error = "add user to";