Added JSON methods for CSRF prevention. Make request token accessible from template and add js var.

author: Thomas Tanghus <thomas@tanghus.net> 2012-06-13 19:33:19 +0400
committer: Thomas Tanghus <thomas@tanghus.net> 2012-06-13 19:33:19 +0400
commit: 89464721c7aa4464419cbcbedc658843f6c4696d (patch)
tree: a832cf7faa050440aaeb66c3df831d15d0da751a /lib/json.php
parent: 9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/json.php b/lib/json.php
index f3bbe9ac899..dfc0a7b894e 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -42,6 +42,18 @@ class OC_JSON{
 	}
 
 	/**
+	 * @brief Check an ajax get/post call if the request token is valid.
+	 * @return json Error msg if not valid.
+	 */
+	public static function callCheck(){
+		if( !OC_Util::isCallRegistered()){
+			$l = OC_L10N::get('core');
+			self::error(array( 'data' => array( 'message' => $l->t('Token expired. Please reload page.') )));
+			exit();
+		}
+	}
+        
+	/**
 	* Check if the user is a admin, send json error msg if not
 	*/
 	public static function checkAdminUser(){
author	Thomas Tanghus <thomas@tanghus.net>	2012-06-13 19:33:19 +0400
committer	Thomas Tanghus <thomas@tanghus.net>	2012-06-13 19:33:19 +0400
commit	89464721c7aa4464419cbcbedc658843f6c4696d (patch)
tree	a832cf7faa050440aaeb66c3df831d15d0da751a /lib/json.php
parent	9e9c40eabd07cc4b44f2a9ae3d7935ad2a07b9fa (diff)