From c04aa8d6a99869aa51595b61207063f97488eb8e Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 20 Jul 2012 15:45:17 +0200
Subject: [PATCH] Add CSRF checks

---
 apps/calendar/ajax/share/changepermission.php | 4 +++-
 apps/calendar/ajax/share/share.php            | 2 ++
 apps/calendar/ajax/share/unshare.php          | 4 +++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/calendar/ajax/share/changepermission.php b/apps/calendar/ajax/share/changepermission.php
index e807c164a2..5aff7666f7 100644
--- a/apps/calendar/ajax/share/changepermission.php
+++ b/apps/calendar/ajax/share/changepermission.php
@@ -5,7 +5,9 @@
  * later.
  * See the COPYING-README file.
  */
- 
+
+OCP\JSON::callCheck();
+
 $id = strip_tags($_POST['id']);
 $idtype = strip_tags($_POST['idtype']);
 $permission = (int) strip_tags($_POST['permission']);
diff --git a/apps/calendar/ajax/share/share.php b/apps/calendar/ajax/share/share.php
index 838db619f6..77e1ab9d65 100644
--- a/apps/calendar/ajax/share/share.php
+++ b/apps/calendar/ajax/share/share.php
@@ -6,6 +6,8 @@
  * See the COPYING-README file.
  */
  
+OCP\JSON::callCheck();
+
 $id = strip_tags($_POST['id']);
 $idtype = strip_tags($_POST['idtype']);
 switch($idtype){
diff --git a/apps/calendar/ajax/share/unshare.php b/apps/calendar/ajax/share/unshare.php
index 1ce04677fb..c7c0611318 100644
--- a/apps/calendar/ajax/share/unshare.php
+++ b/apps/calendar/ajax/share/unshare.php
@@ -5,7 +5,9 @@
  * later.
  * See the COPYING-README file.
  */
- 
+
+OCP\JSON::callCheck();
+
 $id = strip_tags($_POST['id']);
 $idtype = strip_tags($_POST['idtype']);
 switch($idtype){