Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/server.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLukas Reschke <lukas@statuscode.ch>2013-02-12 20:19:58 +0400
committerLukas Reschke <lukas@statuscode.ch>2013-02-12 20:19:58 +0400
commit5b4c48d382d5d585a79cf000854be08ce58785a1 (patch)
treea225abbe03c03aed476c98501b65ec6d8e4c7e88
parent3ad6ea0ee1995362a6bc36b4cf4ae4995b2bb204 (diff)
parentb966095e8220ccf9bcbe98b47e4bec9b10ed78f6 (diff)
Merge pull request #1651 from owncloud/backports
Backports
Diffstat
-rw-r--r--apps/admin_migrate/settings.php3
-rw-r--r--apps/admin_migrate/templates/settings.php1
-rw-r--r--apps/calendar/ajax/settings/settimezone.php1
-rw-r--r--apps/calendar/ajax/settings/timezonedetection.php2
-rw-r--r--apps/external/templates/settings.php4
-rw-r--r--apps/user_ldap/settings.php2
-rw-r--r--apps/user_ldap/templates/settings.php1
-rw-r--r--apps/user_migrate/ajax/export.php1
-rw-r--r--apps/user_migrate/js/export.js2
-rw-r--r--apps/user_migrate/settings.php1
-rw-r--r--apps/user_migrate/templates/settings.php1
11 files changed, 16 insertions, 3 deletions
diff --git a/apps/admin_migrate/settings.php b/apps/admin_migrate/settings.php
index daa56390aff..c25327a9b7c 100644
--- a/apps/admin_migrate/settings.php
+++ b/apps/admin_migrate/settings.php
@@ -27,6 +27,8 @@ OCP\App::checkAppEnabled('admin_migrate');
// Export?
if (isset($_POST['admin_export'])) {
+ OCP\JSON::callCheck();
+
// Create the export zip
$response = json_decode( OC_Migrate::export( null, $_POST['export_type'] ) );
if( !$response->success ){
@@ -44,6 +46,7 @@ if (isset($_POST['admin_export'])) {
}
// Import?
} else if( isset($_POST['admin_import']) ){
+ OCP\JSON::callCheck();
$from = $_FILES['owncloud_import']['tmp_name'];
if( !OC_Migrate::import( $from, 'instance' ) ){
diff --git a/apps/admin_migrate/templates/settings.php b/apps/admin_migrate/templates/settings.php
index f81c9199ece..0b02d1babe9 100644
--- a/apps/admin_migrate/templates/settings.php
+++ b/apps/admin_migrate/templates/settings.php
@@ -6,6 +6,7 @@
</p>
<h3>What would you like to export?</h3>
<p>
+ <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
<input type="radio" name="export_type" value="instance" style="width:20px;" /> ownCloud instance (suitable for import )<br />
<input type="radio" name="export_type" value="system" style="width:20px;" /> ownCloud system files<br />
<input type="radio" name="export_type" value="userfiles" style="width:20px;" /> Just user files<br />
diff --git a/apps/calendar/ajax/settings/settimezone.php b/apps/calendar/ajax/settings/settimezone.php
index 6d029a6643a..06db66d578e 100644
--- a/apps/calendar/ajax/settings/settimezone.php
+++ b/apps/calendar/ajax/settings/settimezone.php
@@ -14,6 +14,7 @@ $l=OC_L10N::get('calendar');
// Check if we are a user
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
// Get data
if( isset( $_POST['timezone'] ) ){
diff --git a/apps/calendar/ajax/settings/timezonedetection.php b/apps/calendar/ajax/settings/timezonedetection.php
index 5f03f647b3a..6bd6a5a3cd7 100644
--- a/apps/calendar/ajax/settings/timezonedetection.php
+++ b/apps/calendar/ajax/settings/timezonedetection.php
@@ -8,6 +8,8 @@
OCP\JSON::checkLoggedIn();
OCP\JSON::checkAppEnabled('calendar');
+OCP\JSON::callCheck();
+
if(array_key_exists('timezonedetection', $_POST) && $_POST['timezonedetection'] == 'on'){
OCP\Config::setUserValue(OCP\USER::getUser(), 'calendar', 'timezonedetection', 'true');
}else{
diff --git a/apps/external/templates/settings.php b/apps/external/templates/settings.php
index b8139727eb6..38d7ab27e26 100644
--- a/apps/external/templates/settings.php
+++ b/apps/external/templates/settings.php
@@ -6,8 +6,8 @@
<?php
$sites = OC_External::getSites();
for($i = 0; $i < sizeof($sites); $i++) {
- echo '<li><input type="text" name="site_name[]" class="site_name" value="'.$sites[$i][0].'" placeholder="'.$l->t('Name').'" />
- <input type="text" class="site_url" name="site_url[]" value="'.$sites[$i][1].'" placeholder="'.$l->t('URL').'" />
+ echo '<li><input type="text" name="site_name[]" class="site_name" value="'.OC_Util::sanitizeHTML($sites[$i][0]).'" placeholder="'.$l->t('Name').'" />
+ <input type="text" class="site_url" name="site_url[]" value="'.OC_Util::sanitizeHTML($sites[$i][1]).'" placeholder="'.$l->t('URL').'" />
<img class="svg action delete_button" src="'.OCP\image_path("", "actions/delete.svg") .'" title="'.$l->t("Remove site").'" />
</li>';
}
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index f77fb0ac9ff..8ff1be186da 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -28,6 +28,8 @@ $params = array('ldap_host', 'ldap_port', 'ldap_dn', 'ldap_agent_password', 'lda
OCP\Util::addscript('user_ldap', 'settings');
if ($_POST) {
+ OCP\JSON::callCheck();
+
foreach($params as $param){
if(isset($_POST[$param])){
if('ldap_agent_password' == $param) {
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index 31f453b5a5a..6aa89b8981e 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -28,6 +28,7 @@
<p><label for="ldap_email_attr">Email Attribute</label><input type="text" id="ldap_email_attr" name="ldap_email_attr" value="<?php echo $_['ldap_email_attr']; ?>" /></p>
</fieldset>
<input type="submit" value="Save" /> <a href="http://owncloud.org/support/ldap-backend/" target="_blank"><img src="<?php echo OCP\Util::imagePath('','actions/info.png'); ?>" style="height:1.75ex" /> <?php echo $l->t('Help');?></a>
+ <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
</div>
</form>
diff --git a/apps/user_migrate/ajax/export.php b/apps/user_migrate/ajax/export.php
index 07c35c73470..e339b489a8a 100644
--- a/apps/user_migrate/ajax/export.php
+++ b/apps/user_migrate/ajax/export.php
@@ -25,6 +25,7 @@
// Check if we are a user
OCP\JSON::checkLoggedIn();
+OCP\JSON::callCheck();
OCP\App::checkAppEnabled('user_migrate');
// Which operation
if( $_GET['operation']=='create' ){
diff --git a/apps/user_migrate/js/export.js b/apps/user_migrate/js/export.js
index aef45c45a7b..4afc8b71153 100644
--- a/apps/user_migrate/js/export.js
+++ b/apps/user_migrate/js/export.js
@@ -9,7 +9,7 @@ $(document).ready(function(){
function(result){
if(result.status == 'success'){
// Download the file
- window.location = OC.linkTo('user_migrate','ajax/export.php') + '?operation=download';
+ window.location = OC.linkTo('user_migrate','ajax/export.php') + '?operation=download&requesttoken=' + requesttoken;
$('.loading').hide();
$('#exportbtn').val(t('user_migrate', 'Export'));
} else {
diff --git a/apps/user_migrate/settings.php b/apps/user_migrate/settings.php
index 4772c27a16d..f685b086463 100644
--- a/apps/user_migrate/settings.php
+++ b/apps/user_migrate/settings.php
@@ -27,6 +27,7 @@ OC_Util::checkLoggedIn();
OCP\App::checkAppEnabled('user_migrate');
if (isset($_POST['user_import'])) {
+ OCP\JSON::callCheck();
$root = OC::$SERVERROOT . "/";
$importname = "owncloud_import_" . date("y-m-d_H-i-s");
diff --git a/apps/user_migrate/templates/settings.php b/apps/user_migrate/templates/settings.php
index 1718abe9e0f..351f9740bf3 100644
--- a/apps/user_migrate/templates/settings.php
+++ b/apps/user_migrate/templates/settings.php
@@ -14,6 +14,7 @@
</p>
<p><input type="file" id="owncloud_import" name="owncloud_import" style="width:180px;"><label for="owncloud_import"> <?php echo $l->t('ownCloud User Zip');?></label>
</p>
+ <input type="hidden" name="requesttoken" value="<?php echo $_['requesttoken'] ?>" id="requesttoken">
<input type="submit" name="user_import" value="<?php echo $l->t('Import'); ?>" />
</fieldset>
</form>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-09 10:05:56 +0300