khanh.pndc/nextcloud-docs
1
0
Fork 0
mirror of https://github.com/nextcloud/documentation.git synced 2026-01-03 02:09:45 +07:00
Code Issues Packages Projects Releases Wiki Activity

Fix links

Browse Source
This commit is contained in:
Lukas Reschke
2013-03-15 16:37:58 +01:00
parent ef9ed98115
commit f8703fabe9
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
developer_manual/app/general/security.rst
View File

@@ -197,7 +197,7 @@ ownCloud offers three simple checks:
* **OCP\JSON::checkAdminUser()**: Checks if the logged in user has admin privileges
* **OCP\JSON::checkSubAdminUser()**: Checks if the logged in user has group admin privileges
Using the App Framework, these checks are already automatically performed for each request and have to be explicitely turned off by using annotations above your controller method, see :doc:`../app/controllers`.
Using the App Framework, these checks are already automatically performed for each request and have to be explicitely turned off by using annotations above your controller method, see :doc:`../appframework/controllers`.
Additionally always check if the user has the right to perform that action. (e.g. a user should not be able to delete other users' bookmarks).
@@ -219,7 +219,7 @@ To prevent CSRF in an app, be sure to call the following method at the top of al
<?php
OCP\JSON::callCheck();
If you are using the App Framework, every controller method is automatically checked for CSRF unless you explicitely exclude it by setting the @CSRFExemption annotation before the controller method, see :doc:`../app/controllers`
If you are using the App Framework, every controller method is automatically checked for CSRF unless you explicitely exclude it by setting the @CSRFExemption annotation before the controller method, see :doc:`../appframework/controllers`
Unvalidated redirects
---------------------