add requesttoken to save xhr in Server.js, fetch correct headers in controller

ajax/controller.php

@@ -106,11 +106,12 @@ class Controller {
 	 */
 	public static function save(){
 		$uid = self::preDispatch();
-		$esId = @$_POST['es_id'];
+		$sessionID = @$_SERVER['HTTP_WEBODF_SESSION_ID'];
-		$memberId = @$_POST['member_id'];
+		$memberId = @$_SERVER['HTTP_WEBODF_MEMBER_ID'];
-		$content = @$_POST['content'];
+		$sessionRevision = @$_SERVER['HTTP_WEBODF_SESSION_REVISION'];
-		if ($esId && $content){
+		$content = fopen('php://input','r');
-			$session = Session::getSession($esId);
+		if ($sessionID && $content){
+			$session = Session::getSession($sessionID);
 			$fileInfo = \OC\Files\Cache\Cache::getById($session['file_id']);
 			$path = $fileInfo[1];
 			$view = new \OC\Files\View('/' . $session['owner']);

js/editor/server/pullbox/Server.js

@@ -266,6 +266,7 @@ runtime.log("Sending message to server: "+messageString);
 
             // do the request
             xhr.open('POST', args.sessionStateToFileUrl, true);
+            xhr.setRequestHeader("requesttoken", oc_requesttoken);
             xhr.setRequestHeader("webodf-session-id", sessionId);
             xhr.setRequestHeader("webodf-member-id", memberId);
             xhr.setRequestHeader("webodf-session-revision", seqHead);