diff options
author | Sem <sembrestels@riseup.net> | 2013-03-13 02:13:17 +0100 |
---|---|---|
committer | Sem <sembrestels@riseup.net> | 2013-03-13 02:13:17 +0100 |
commit | d730a0c5861c2e79faa3e58dd2b171ca4d197c6f (patch) | |
tree | cb4658e1c60a60c5f663845d49b108dd4608a89a /engine/lib/actions.php | |
parent | 0fb3e5396d10d21323eb3bbc04727fd4a5a6d06d (diff) | |
parent | 34b14b305f5a106316fdc403c4ce80b25e89b51d (diff) | |
download | elgg-d730a0c5861c2e79faa3e58dd2b171ca4d197c6f.tar.gz elgg-d730a0c5861c2e79faa3e58dd2b171ca4d197c6f.tar.bz2 |
Merge tag '1.8.14' of git://github.com/Elgg/Elgg into foxglove-3
Elgg 1.8.14
Conflicts:
mod/tinymce/vendor/tinymce/jscripts/tiny_mce/langs/en.js
mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/langs/en_dlg.js
Diffstat (limited to 'engine/lib/actions.php')
-rw-r--r-- | engine/lib/actions.php | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 53b185dea..f78ca63df 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -65,12 +65,11 @@ function action($action, $forwarder = "") { // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are incompatible. - // Login and logout are for convenience. + // Logout for convenience. // file/download (see #2010) $exceptions = array( 'admin/plugins/disable', 'logout', - 'login', 'file/download', ); @@ -252,10 +251,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) register_error(elgg_echo('actiongatekeeper:pluginprevents')); } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:timeerror')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:timeerror')); + } } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + } } } else { if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { |