From 0abcf0a421e26a17de00d3bf3a890da1f1689c16 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sat, 7 Jul 2012 15:58:11 +0200
Subject: [PATCH] CSRF checks

---
 apps/files/ajax/delete.php    | 1 +
 apps/files/ajax/move.php      | 1 +
 apps/files/ajax/newfile.php   | 1 +
 apps/files/ajax/newfolder.php | 1 +
 apps/files/ajax/rename.php    | 1 +
 apps/files/ajax/upload.php    | 1 +
 6 files changed, 6 insertions(+)

diff --git a/apps/files/ajax/delete.php b/apps/files/ajax/delete.php
index ed155de0dc..161d820f73 100644
--- a/apps/files/ajax/delete.php
+++ b/apps/files/ajax/delete.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/move.php b/apps/files/ajax/move.php
index 945fe4e7b8..56171dd0ed 100644
--- a/apps/files/ajax/move.php
+++ b/apps/files/ajax/move.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/newfile.php b/apps/files/ajax/newfile.php
index edb7841487..7236deb65c 100644
--- a/apps/files/ajax/newfile.php
+++ b/apps/files/ajax/newfile.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/newfolder.php b/apps/files/ajax/newfolder.php
index c5c37914c6..ae92bcf09b 100644
--- a/apps/files/ajax/newfolder.php
+++ b/apps/files/ajax/newfolder.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get the params
 $dir = isset( $_POST['dir'] ) ? stripslashes($_POST['dir']) : '';
diff --git a/apps/files/ajax/rename.php b/apps/files/ajax/rename.php
index e2fa3d54a6..8e98308eb5 100644
--- a/apps/files/ajax/rename.php
+++ b/apps/files/ajax/rename.php
@@ -4,6 +4,7 @@
 
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 // Get data
 $dir = stripslashes($_GET["dir"]);
diff --git a/apps/files/ajax/upload.php b/apps/files/ajax/upload.php
index b779924cfb..5553cf5a13 100644
--- a/apps/files/ajax/upload.php
+++ b/apps/files/ajax/upload.php
@@ -7,6 +7,7 @@
 OCP\JSON::setContentTypeHeader('text/plain');
 
 OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
 
 if (!isset($_FILES['files'])) {
 	OCP\JSON::error(array("data" => array( "message" => "No file was uploaded. Unknown error" )));
-- 
GitLab