From 4270188252d8db8f1626231717bcfd5de35d3ef5 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 2 Feb 2015 19:39:41 +0100 Subject: [PATCH] Add callCheck to testremote.php Without CSRF check this file might be tricked into requesting itself which would result in an endless loop and thus potentially ending in a Denial of Service. --- apps/files_sharing/ajax/testremote.php | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/files_sharing/ajax/testremote.php b/apps/files_sharing/ajax/testremote.php index 08149bf7ec..1499278701 100644 --- a/apps/files_sharing/ajax/testremote.php +++ b/apps/files_sharing/ajax/testremote.php @@ -6,6 +6,7 @@ * See the COPYING-README file. */ +OCP\JSON::callCheck(); OCP\JSON::checkAppEnabled('files_sharing'); $remote = $_GET['remote'];