CSRF checks

0abcf0a4 · Lukas Reschke · c63db28e · 0abcf0a4 · 0abcf0a4 · 0abcf0a4
Commit 0abcf0a4 authored 12 years ago by Lukas Reschke
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -4,6 +4,7 @@


 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 // Get data
 $dir = stripslashes($_GET["dir"]);

--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -4,6 +4,7 @@


 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 // Get data
 $dir = stripslashes($_GET["dir"]);

--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -4,6 +4,7 @@


 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';

--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -4,6 +4,7 @@


 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';

--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -4,6 +4,7 @@


 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 // Get data
 $dir = stripslashes($_GET["dir"]);

--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -7,6 +7,7 @@
 OCP\JSON::setContentTypeHeader('text/plain');

 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();

 if (!isset($_FILES['files'])) {
 	OCP\JSON::error(array("data" => array( "message" => "No file was uploaded. Unknown error" )));