Add CSRF check

2014-04-07 20:33:50 +03:00 · 2014-04-07 20:33:50 +03:00 · a54feb9c58
commit a54feb9c58
parent 7fcf703041
2 changed files with 4 additions and 4 deletions
--- a/ajax/documentController.php
+++ b/ajax/documentController.php
@ -53,14 +53,15 @@ class DocumentController extends Controller{
 	 * @param array $args - array containing session id as an element with a key es_id 
 	 */
 	public static function serve($args){
+		
 		$session = new Db_Session();
 		$sessionData = $session->load(@$args['es_id'])->getData();
 			
 		$file = new File(@$sessionData['file_id']);
 		if (!$file->isPublicShare()){
-			self::preDispatch(false);
+			self::preDispatch();
 		} else {
-			self::preDispatchGuest(false);
+			self::preDispatchGuest();
 		}
 		
 		$filename = isset($sessionData['genesis_url']) ? $sessionData['genesis_url'] : '';
--- a/js/ServerFactory.js
+++ b/js/ServerFactory.js
@ -45,8 +45,7 @@ define("owncloud/ServerFactory", [

                server = new PullBoxServer(args);
                server.getGenesisUrl = function(sid) {
-                    // what a dirty hack :)
-                    return OC.generateUrl('apps/documents/ajax/genesis/{es_id}', {es_id: sid});
+                    return OC.generateUrl('apps/documents/ajax/genesis/{es_id}', {es_id: sid}) + '?requesttoken=' + oc_requesttoken;
                };
                return server;
            };