From 8444fc5787331fb34919991f3cd9f55cf3fb4989 Mon Sep 17 00:00:00 2001
From: Thomas Tanghus <thomas@tanghus.net>
Date: Tue, 17 Jul 2012 11:52:11 +0200
Subject: [PATCH] Added CSRF checks to Tasks. Expect some error messages - and
 report them ;)

---
 apps/tasks/ajax/addtask.php         | 1 +
 apps/tasks/ajax/delete.php          | 1 +
 apps/tasks/ajax/edittask.php        | 1 +
 apps/tasks/ajax/update_property.php | 1 +
 4 files changed, 4 insertions(+)

diff --git a/apps/tasks/ajax/addtask.php b/apps/tasks/ajax/addtask.php
index 9f35e7f21e..188e179236 100644
--- a/apps/tasks/ajax/addtask.php
+++ b/apps/tasks/ajax/addtask.php
@@ -3,6 +3,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $calendars = OC_Calendar_Calendar::allCalendars(OCP\User::getUser(), true);
 $first_calendar = reset($calendars);
diff --git a/apps/tasks/ajax/delete.php b/apps/tasks/ajax/delete.php
index e29add9b55..cc22c3e387 100644
--- a/apps/tasks/ajax/delete.php
+++ b/apps/tasks/ajax/delete.php
@@ -23,6 +23,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $task = OC_Calendar_App::getEventObject( $id );
diff --git a/apps/tasks/ajax/edittask.php b/apps/tasks/ajax/edittask.php
index edcc8a7cdc..77ecff13e6 100644
--- a/apps/tasks/ajax/edittask.php
+++ b/apps/tasks/ajax/edittask.php
@@ -3,6 +3,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $l10n = new OC_L10N('tasks');
 
diff --git a/apps/tasks/ajax/update_property.php b/apps/tasks/ajax/update_property.php
index 46521cf6c5..f47040a77d 100644
--- a/apps/tasks/ajax/update_property.php
+++ b/apps/tasks/ajax/update_property.php
@@ -9,6 +9,7 @@
 // Init owncloud
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('tasks');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 $property = $_POST['type'];
-- 
GitLab