aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-05-29 11:33:10 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-05-29 11:33:10 +0000
commit9bd19754081f5a2ddeb30bae7240ae8d6aa4edea (patch)
tree254839543d52ab1824596eee2a00cadde43ee3eb /engine
parent9e072689388ca5e44b09fb6a7951fb94efca3bd7 (diff)
downloadelgg-9bd19754081f5a2ddeb30bae7240ae8d6aa4edea.tar.gz
elgg-9bd19754081f5a2ddeb30bae7240ae8d6aa4edea.tar.bz2
Option to suppress visible errors in token validation code.
git-svn-id: https://code.elgg.org/elgg/trunk@3316 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/actions.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index d7de3961c..b1a876454 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -64,7 +64,7 @@
if ($event_result) // Event_result being false doesn't produce an error - since i assume this will be handled in the hook itself. TODO make this better!
{
/** Refs #749: We now warn if action token is missing. Later this will be replaced with action_gatekeeper() as detailed in #750 */
- if (!validate_action_token())
+ if (!validate_action_token(false))
{
// Display a temporary warning message - in future versions this will be a hard fail via an action gatekeeper.
$message = "WARNING: Action $action was called without an action token. It is stongly recommended that you consider doing this. Plugin authors should use 'input/form' or pass is_action=true to 'output/confirmlink' or 'output/url'.";
@@ -138,7 +138,7 @@
*
* @return unknown
*/
- function validate_action_token()
+ function validate_action_token($visibleerrors = true)
{
$token = get_input('__elgg_token');
$ts = get_input('__elgg_ts');
@@ -167,16 +167,16 @@
if ($returnval)
return true;
- else
+ else if ($visibleerrors)
register_error(elgg_echo('actiongatekeeper:pluginprevents'));
}
- else
+ else if ($visibleerrors)
register_error(elgg_echo('actiongatekeeper:timeerror'));
}
- else
+ else if ($visibleerrors)
register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
}
- else
+ else if ($visibleerrors)
register_error(elgg_echo('actiongatekeeper:missingfields'));
return false;