From e504d6bfc48bfa7141a31bd7e5e8731ada90e5a1 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Fri, 20 Jul 2012 20:12:36 +0200
Subject: [PATCH] Added CSRF checks

---
 ajax/addBookmark.php  | 1 +
 ajax/delBookmark.php  | 1 +
 ajax/editBookmark.php | 1 +
 3 files changed, 3 insertions(+)

diff --git a/ajax/addBookmark.php b/ajax/addBookmark.php
index a2eb506f..b4d0f33d 100644
--- a/ajax/addBookmark.php
+++ b/ajax/addBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 require_once(OC::$APPSROOT . '/apps/bookmarks/bookmarksHelper.php');
 $id = addBookmark($_POST['url'], $_POST['title'], $_POST['tags']);
diff --git a/ajax/delBookmark.php b/ajax/delBookmark.php
index 5a067701..140da2a3 100644
--- a/ajax/delBookmark.php
+++ b/ajax/delBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 $id = $_POST['id'];
 if (!OC_Bookmarks_Bookmarks::deleteUrl($id)){
diff --git a/ajax/editBookmark.php b/ajax/editBookmark.php
index 439b680d..36258f70 100644
--- a/ajax/editBookmark.php
+++ b/ajax/editBookmark.php
@@ -29,6 +29,7 @@ $RUNTIME_NOSETUPFS=true;
 // Check if we are a user
 OCP\JSON::checkLoggedIn();
 OCP\JSON::checkAppEnabled('bookmarks');
+OCP\JSON::callCheck();
 
 $CONFIG_DBTYPE = OCP\Config::getSystemValue( "dbtype", "sqlite" );
 if( $CONFIG_DBTYPE == 'sqlite' or $CONFIG_DBTYPE == 'sqlite3' ){