aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2013-02-23 14:16:29 -0500
committercash <cash.costello@gmail.com>2013-02-23 14:16:29 -0500
commit06c3b6e3c41c629e510c55199bd19914273b0e64 (patch)
treefefa41a98db53965f47c30bb529bb26ec0e9bce1 /engine
parenta88e45243afff71d103fec7440b219de8bdd79f5 (diff)
downloadelgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.gz
elgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.bz2
Fixes #4997 stop requesting a token after a failed request
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/actions.php14
1 files changed, 12 insertions, 2 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 53b185dea..ac6325813 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -252,10 +252,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
register_error(elgg_echo('actiongatekeeper:pluginprevents'));
}
} else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:timeerror'));
+ // this is necessary because of #5133
+ if (elgg_is_xhr()) {
+ register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+ } else {
+ register_error(elgg_echo('actiongatekeeper:timeerror'));
+ }
}
} else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+ // this is necessary because of #5133
+ if (elgg_is_xhr()) {
+ register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+ } else {
+ register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+ }
}
} else {
if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {