From e25a0303f4eeda88fd7d8b76ee3d41a6081dfb74 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Tue, 20 Jan 2015 12:24:13 +0100 Subject: [PATCH] Streamline CSRF and login check Let's make this consistent with other pieces of the code to make it easier to auditable. --- apps/files/ajax/newfile.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php index 0eb144aca5..159a8b5d7a 100644 --- a/apps/files/ajax/newfile.php +++ b/apps/files/ajax/newfile.php @@ -3,9 +3,8 @@ // Init owncloud global $eventSource; -if(!OC_User::isLoggedIn()) { - exit; -} +\OCP\JSON::checkLoggedIn(); +\OCP\JSON::callCheck(); \OC::$server->getSession()->close(); @@ -17,8 +16,6 @@ $source = isset( $_REQUEST['source'] ) ? trim($_REQUEST['source'], '/\\') : ''; if($source) { $eventSource = \OC::$server->createEventSource(); -} else { - OC_JSON::callCheck(); } function progress($notification_code, $severity, $message, $message_code, $bytes_transferred, $bytes_max) { @@ -138,7 +135,7 @@ if($source) { } } } - $result=\OC\Files\Filesystem::file_put_contents($target, $sourceStream); + $result = \OC\Files\Filesystem::file_put_contents($target, $sourceStream); } if($result) { $meta = \OC\Files\Filesystem::getFileInfo($target);