diff options
| author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-07 11:11:20 +0000 |
|---|---|---|
| committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-08-07 11:11:20 +0000 |
| commit | 0171329bbf3b881493b5e45b841781ab03442f94 (patch) | |
| tree | 827870ddaec9d0f7ebdccb243e4615c0e8976fbd | |
| parent | a65cdd21f234c8a07c90e54f9e9a0b1f33a972c2 (diff) | |
| download | elgg-0171329bbf3b881493b5e45b841781ab03442f94.tar.gz elgg-0171329bbf3b881493b5e45b841781ab03442f94.tar.bz2 | |
Closes #218
git-svn-id: https://code.elgg.org/elgg/trunk@1746 36083f99-b078-4883-b0ff-0f9b5a30f544
| -rw-r--r-- | engine/lib/actions.php | 13 | ||||
| -rw-r--r-- | languages/en.php | 3 |
2 files changed, 11 insertions, 5 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 0779e5d6a..f5cd55271 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -131,11 +131,16 @@ // Validate token if (strcmp($token, $generated_token)==0) { - - // TODO: Validate time to ensure its not crazy - + $hour = 60*60; + $now = time(); - return true; + // Validate time to ensure its not crazy + if (($ts>$now-$hour) && ($ts<$now+$hour)) + { + return true; + } + else + register_error(elgg_echo('actiongatekeeper:timeerror')); } else register_error(elgg_echo('actiongatekeeper:tokeninvalid')); diff --git a/languages/en.php b/languages/en.php index f51f9128c..b47d6a7ee 100644 --- a/languages/en.php +++ b/languages/en.php @@ -704,7 +704,8 @@ You cannot reply to this email.", * Action gatekeeper */ 'actiongatekeeper:missingfields' => 'Form is missing __action, __token or __ts fields', - 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.',
+ 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.', + 'actiongatekeeper:timeerror' => 'Form has expired, please refresh and try again.',
/**
* Languages according to ISO 639-1
|