CSRF checks
This commit is contained in:
parent
38271ded75
commit
93579d88dc
|
@ -2,6 +2,7 @@
|
|||
|
||||
// Init owncloud
|
||||
require_once('../../lib/base.php');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
|
||||
$password = $_POST["password"];
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
// Init owncloud
|
||||
require_once('../../lib/base.php');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// Check if we are a user
|
||||
if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
// Init owncloud
|
||||
require_once('../../lib/base.php');
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// Check if we are a user
|
||||
if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
// Init owncloud
|
||||
require_once('../../lib/base.php');
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
OC_JSON::setContentTypeHeader();
|
||||
|
||||
OC_App::disable($_POST['appid']);
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
// Init owncloud
|
||||
require_once('../../lib/base.php');
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
OC_JSON::setContentTypeHeader();
|
||||
|
||||
if(OC_App::enable($_POST['appid'])){
|
||||
|
|
|
@ -4,11 +4,13 @@
|
|||
require_once('../../lib/base.php');
|
||||
|
||||
OC_JSON::checkLoggedIn();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$l=OC_L10N::get('core');
|
||||
|
||||
// Get data
|
||||
if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){
$email=trim($_POST['email']);
|
||||
if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){
|
||||
$email=trim($_POST['email']);
|
||||
OC_Preferences::setValue(OC_User::getUser(),'settings','email',$email);
|
||||
OC_JSON::success(array("data" => array( "message" => $l->t("Email saved") )));
|
||||
}else{
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
require_once('../../lib/base.php');
|
||||
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$name = $_POST["groupname"];
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
require_once('../../lib/base.php');
|
||||
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$username = $_POST["username"];
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ require_once('../../lib/base.php');
|
|||
$l=OC_L10N::get('settings');
|
||||
|
||||
OC_JSON::checkLoggedIn();
|
||||
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
// Get data
|
||||
if( isset( $_POST['lang'] ) ){
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
require_once('../../lib/base.php');
|
||||
OC_Util::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
OC_Config::setValue( 'loglevel', $_POST['level'] );
|
||||
|
||||
|
|
|
@ -9,6 +9,7 @@
|
|||
require_once('../../lib/base.php');
|
||||
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$username = isset($_POST["username"])?$_POST["username"]:'';
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
require_once('../../lib/base.php');
|
||||
|
||||
OC_JSON::checkAdminUser();
|
||||
OCP\JSON::callCheck();
|
||||
|
||||
$success = true;
|
||||
$error = "add user to";
|
||||
|
|
Loading…
Reference in New Issue