[Pkg-owncloud-commits] [owncloud] 06/16: Show login again instead of JSON if CSRF check fails
David Prévot
taffit at moszumanska.debian.org
Thu Oct 30 19:55:59 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud.
commit 96c092ce14f81c48d6dfa281d942b34edb955923
Author: Lukas Reschke <lukas at owncloud.com>
Date: Mon Sep 22 15:36:39 2014 +0200
Show login again instead of JSON if CSRF check fails
Previously a JSON error page was shown to the user in-case the CSRF token was not valid. This was confusing and prevented people from login.
With this at least the login page is shown again and not a JSON error message. I consider this as sufficient since adding a new error page just for this sake would uneededly make lib/base.php even more cluttered and this is a edge-case which optimally should anyways not happen that often.
This can be tested by opening the login page, then clearing the cookies, and trying to login.
---
lib/base.php | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lib/base.php b/lib/base.php
index 5337fa9..4cd9203 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -921,7 +921,9 @@ class OC {
return false;
}
- OC_JSON::callCheck();
+ if(!OC_Util::isCallRegistered()) {
+ return false;
+ }
OC_App::loadApps();
//setup extra user backends
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list