upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-08 16:26:59 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

Contacts: Fixes for CSRF.

Browse source
This commit is contained in:
Thomas Tanghus 2012-06-14 18:12:38 +02:00
parent f0b87bc421
commit 47c03a0eff
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
apps/contacts/js/contacts.js
View file

@ -1152,7 +1152,7 @@ Contacts={
},
editPhoto:function(id, tmpkey){
//alert('editPhoto: ' + tmpkey);
$.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id},function(jsondata){
$.getJSON(OC.filePath('contacts', 'ajax', 'cropphoto.php'),{'tmpkey':tmpkey,'id':this.id, 'requesttoken':requesttoken},function(jsondata){
if(jsondata.status == 'success'){
//alert(jsondata.data.page);
$('#edit_photo_dialog_img').html(jsondata.data.page);
@ -1645,7 +1645,7 @@ $(document).ready(function(){
//}
}
};
xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&imagefile='+encodeURIComponent(file.name), true);
xhr.open('POST', OC.filePath('contacts', 'ajax', 'uploadphoto.php')+'?id='+Contacts.UI.Card.id+'&requesttoken='+requesttoken+'&imagefile='+encodeURIComponent(file.name), true);
xhr.setRequestHeader('Cache-Control', 'no-cache');
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X_FILE_NAME', encodeURIComponent(file.name));