Added CSRF checks to files_versions. Expect some error messages - and report them ;)

14 years ago · 748fcabba4
parent 8444fc5787
commit 748fcabba4
3 changed files with 3 additions and 0 deletions
--- a/apps/files_versions/ajax/expireAll.php
+++ b/apps/files_versions/ajax/expireAll.php
@ -27,6 +27,7 @@
 // Check user and app status
 OCP\JSON::checkLoggedIn();
 OCP\App::checkAppEnabled('files_versions');
+OCP\JSON::callCheck();

 $versions = new OCA_Versions\Storage();

--- a/apps/files_versions/ajax/rollbackVersion.php
+++ b/apps/files_versions/ajax/rollbackVersion.php
@ -1,6 +1,7 @@
 <?php

 OCP\JSON::checkAppEnabled('files_versions');
+OCP\JSON::callCheck();

 $userDirectory = "/".OCP\USER::getUser()."/files";

--- a/apps/files_versions/ajax/togglesettings.php
+++ b/apps/files_versions/ajax/togglesettings.php
@ -2,6 +2,7 @@

 OCP\JSON::checkAppEnabled('files_versions');
 OCP\JSON::checkAdminUser();
+OCP\JSON::callCheck();
 if (OCP\Config::getSystemValue('versions', 'true')=='true') {
 	OCP\Config::setSystemValue('versions', 'false');
 } else {