Add missing CSRF check.

This commit is contained in:
Thomas Tanghus 2012-07-05 00:37:08 +02:00
parent 5d79444852
commit dac2c14ae9
2 changed files with 2 additions and 1 deletions

View File

@ -23,6 +23,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('contacts');
OCP\JSON::callCheck();
require_once('loghandler.php');
$view = OCP\Files::getStorage('contacts');

View File

@ -1465,7 +1465,7 @@ Contacts={
}
}
};
xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadimport.php') + '?file='+encodeURIComponent(file.name), true);
xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadimport.php') + '?file='+encodeURIComponent(file.name)+'&requesttoken='+requesttoken, true);
xhr.setRequestHeader('Cache-Control', 'no-cache');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name));