always generate access token, also for forms shown to anonymous users (e.g. public shares)
This commit is contained in:
parent
4fd53eca06
commit
f493e97f5d
|
@ -10,6 +10,8 @@
|
|||
<script type="text/javascript">
|
||||
var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
|
||||
var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
|
||||
var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
|
||||
var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
|
||||
</script>
|
||||
<?php foreach ($_['jsfiles'] as $jsfile): ?>
|
||||
<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
<script type="text/javascript">
|
||||
var oc_webroot = '<?php echo OC::$WEBROOT; ?>';
|
||||
var oc_appswebroots = <?php echo $_['apps_paths'] ?>;
|
||||
var oc_requesttoken = '<?php echo $_['requesttoken']; ?>';
|
||||
var oc_requestlifespan = '<?php echo $_['requestlifespan']; ?>';
|
||||
</script>
|
||||
<?php foreach($_['jsfiles'] as $jsfile): ?>
|
||||
<script type="text/javascript" src="<?php echo $jsfile; ?>"></script>
|
||||
|
|
|
@ -155,10 +155,8 @@ class OC_Template{
|
|||
$this->renderas = $renderas;
|
||||
$this->application = $app;
|
||||
$this->vars = array();
|
||||
if($renderas == 'user') {
|
||||
$this->vars['requesttoken'] = OC_Util::callRegister();
|
||||
$this->vars['requestlifespan'] = OC_Util::$callLifespan;
|
||||
}
|
||||
$parts = explode('/', $app); // fix translation when app is something like core/lostpassword
|
||||
$this->l10n = OC_L10N::get($parts[0]);
|
||||
header('X-Frame-Options: Sameorigin');
|
||||
|
|
Loading…
Reference in New Issue