rooty/OwncloudContactsOfficial
1
0
Fork 0
mirror of https://github.com/owncloudarchive/contacts.git synced 2024-12-01 13:24:10 +01:00
Code Issues Releases Activity

Contacts: Fixes for CSRF.

Browse Source
This commit is contained in:
Thomas Tanghus 2012-06-14 18:12:38 +02:00
parent 24d8c297db
commit 130aaea934
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
js/contacts.js
View File

@ -1152,7 +1152,7 @@ Contacts={
}, },
editPhoto:function(id, tmpkey){ editPhoto:function(id, tmpkey){
//alert('editPhoto: ' + tmpkey); //alert('editPhoto: ' + tmpkey);
$.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id},function(jsondata){ $.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id, 'requesttoken':requesttoken},function(jsondata){
if(jsondata.status == 'success'){ if(jsondata.status == 'success'){
//alert(jsondata.data.page); //alert(jsondata.data.page);
$('#edit_photo_dialog_img').html(jsondata.data.page); $('#edit_photo_dialog_img').html(jsondata.data.page);
@ -1645,7 +1645,7 @@ $(document).ready(function(){
//} //}
} }
}; };
xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&imagefile='+encodeURIComponent(file.name), true); xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&requesttoken='+requesttoken+'&imagefile='+encodeURIComponent(file.name), true);
xhr.setRequestHeader('Cache-Control', 'no-cache'); xhr.setRequestHeader('Cache-Control', 'no-cache');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name)); xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name));