Skip to content
Permalink
Browse files Browse the repository at this point in the history
CSRF checks
  • Loading branch information
LukasReschke committed Jul 20, 2012
1 parent 38271de commit 93579d8
Show file tree
Hide file tree
Showing 12 changed files with 14 additions and 2 deletions.
1 change: 1 addition & 0 deletions settings/ajax/changepassword.php
Expand Up @@ -2,6 +2,7 @@

// Init owncloud
require_once('../../lib/base.php');
OCP\JSON::callCheck();

$username = isset($_POST["username"]) ? $_POST["username"] : OC_User::getUser();
$password = $_POST["password"];
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/creategroup.php
Expand Up @@ -2,6 +2,7 @@

// Init owncloud
require_once('../../lib/base.php');
OCP\JSON::callCheck();

// Check if we are a user
if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/createuser.php
Expand Up @@ -2,6 +2,7 @@

// Init owncloud
require_once('../../lib/base.php');
OCP\JSON::callCheck();

// Check if we are a user
if( !OC_User::isLoggedIn() || !OC_Group::inGroup( OC_User::getUser(), 'admin' )){
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/disableapp.php
Expand Up @@ -2,6 +2,7 @@
// Init owncloud
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
OC_JSON::setContentTypeHeader();

OC_App::disable($_POST['appid']);
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/enableapp.php
Expand Up @@ -3,6 +3,7 @@
// Init owncloud
require_once('../../lib/base.php');
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
OC_JSON::setContentTypeHeader();

if(OC_App::enable($_POST['appid'])){
Expand Down
4 changes: 3 additions & 1 deletion settings/ajax/lostpassword.php
Expand Up @@ -4,11 +4,13 @@
require_once('../../lib/base.php');

OC_JSON::checkLoggedIn();
OCP\JSON::callCheck();

$l=OC_L10N::get('core');

// Get data
if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){ $email=trim($_POST['email']);
if( isset( $_POST['email'] ) && filter_var( $_POST['email'], FILTER_VALIDATE_EMAIL) ){
$email=trim($_POST['email']);
OC_Preferences::setValue(OC_User::getUser(),'settings','email',$email);
OC_JSON::success(array("data" => array( "message" => $l->t("Email saved") )));
}else{
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/removegroup.php
Expand Up @@ -4,6 +4,7 @@
require_once('../../lib/base.php');

OC_JSON::checkAdminUser();
OCP\JSON::callCheck();

$name = $_POST["groupname"];

Expand Down
1 change: 1 addition & 0 deletions settings/ajax/removeuser.php
Expand Up @@ -4,6 +4,7 @@
require_once('../../lib/base.php');

OC_JSON::checkAdminUser();
OCP\JSON::callCheck();

$username = $_POST["username"];

Expand Down
2 changes: 1 addition & 1 deletion settings/ajax/setlanguage.php
Expand Up @@ -6,7 +6,7 @@
$l=OC_L10N::get('settings');

OC_JSON::checkLoggedIn();

OCP\JSON::callCheck();

// Get data
if( isset( $_POST['lang'] ) ){
Expand Down
1 change: 1 addition & 0 deletions settings/ajax/setloglevel.php
Expand Up @@ -7,6 +7,7 @@

require_once('../../lib/base.php');
OC_Util::checkAdminUser();
OCP\JSON::callCheck();

OC_Config::setValue( 'loglevel', $_POST['level'] );

Expand Down
1 change: 1 addition & 0 deletions settings/ajax/setquota.php
Expand Up @@ -9,6 +9,7 @@
require_once('../../lib/base.php');

OC_JSON::checkAdminUser();
OCP\JSON::callCheck();

$username = isset($_POST["username"])?$_POST["username"]:'';

Expand Down
1 change: 1 addition & 0 deletions settings/ajax/togglegroups.php
Expand Up @@ -4,6 +4,7 @@
require_once('../../lib/base.php');

OC_JSON::checkAdminUser();
OCP\JSON::callCheck();

$success = true;
$error = "add user to";
Expand Down

0 comments on commit 93579d8

Please sign in to comment.