From 3d42e402c5f1956bc72ac5accc268f519d66c3e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Tue, 29 Oct 2013 23:07:27 +0100
Subject: [PATCH] http header OCS-ApiRequest: true is required in case of
 session based OCS API calls

---
 lib/private/api.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/api.php b/lib/private/api.php
index 26091657b3..0576f3e3f9 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,8 @@ class OC_API {
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		if ($loggedIn === true) {
+		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}
 
-- 
GitLab