From 3d42e402c5f1956bc72ac5accc268f519d66c3e9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20M=C3=BCller?= <thomas.mueller@tmit.eu>
Date: Tue, 29 Oct 2013 23:07:27 +0100
Subject: [PATCH 1/2] http header OCS-ApiRequest: true is required in case of
 session based OCS API calls

---
 lib/private/api.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/private/api.php b/lib/private/api.php
index 26091657b31..0576f3e3f93 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,8 @@ class OC_API {
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		if ($loggedIn === true) {
+		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}
 

From cba12e009fd11591763198665e5845cc54f395da Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 30 Oct 2013 21:07:19 +0100
Subject: [PATCH 2/2] Added missing HTTP prefix to the $_SERVER variable

---
 lib/private/api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/api.php b/lib/private/api.php
index 0576f3e3f93..7e69a6a77d2 100644
--- a/lib/private/api.php
+++ b/lib/private/api.php
@@ -250,7 +250,7 @@ class OC_API {
 
 		// reuse existing login
 		$loggedIn = OC_User::isLoggedIn();
-		$ocsApiRequest = isset($_SERVER['OCS_APIREQUEST']) ? $_SERVER['OCS_APIREQUEST'] === 'true' : false;
+		$ocsApiRequest = isset($_SERVER['HTTP_OCS_APIREQUEST']) ? $_SERVER['HTTP_OCS_APIREQUEST'] === 'true' : false;
 		if ($loggedIn === true && $ocsApiRequest) {
 			return OC_User::getUser();
 		}