mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #11727 from owncloud/moveCallCheckRegisterToSomeWhereElse 

Move CSRF check
This commit is contained in:
Lukas Reschke 2014-11-17 18:34:55 +01:00
parent af7688ec17 07f0d76fc6
commit e8f90133e0
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/private/appframework/middleware/security/securitymiddleware.php
View File

@ -35,6 +35,7 @@ use OCP\IURLGenerator;
use OCP\IRequest;
use OCP\ILogger;
use OCP\AppFramework\Controller;
use OCP\Util;
/**
@ -111,6 +112,8 @@ class SecurityMiddleware extends Middleware {
}
}
// CSRF check - also registers the CSRF token since the session may be closed later
Util::callRegister();
if(!$this->reflector->hasAnnotation('NoCSRFRequired')) {
if(!$this->request->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);