diff options
| author | cash <cash.costello@gmail.com> | 2013-02-23 14:16:29 -0500 |
|---|---|---|
| committer | cash <cash.costello@gmail.com> | 2013-02-23 14:16:29 -0500 |
| commit | 06c3b6e3c41c629e510c55199bd19914273b0e64 (patch) | |
| tree | fefa41a98db53965f47c30bb529bb26ec0e9bce1 /engine/lib/actions.php | |
| parent | a88e45243afff71d103fec7440b219de8bdd79f5 (diff) | |
| download | elgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.gz elgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.bz2 | |
Fixes #4997 stop requesting a token after a failed request
Diffstat (limited to 'engine/lib/actions.php')
| -rw-r--r-- | engine/lib/actions.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 53b185dea..ac6325813 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -252,10 +252,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) register_error(elgg_echo('actiongatekeeper:pluginprevents')); } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:timeerror')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:timeerror')); + } } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + } } } else { if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { |