diff options
author | cash <cash.costello@gmail.com> | 2013-02-23 14:16:29 -0500 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2013-02-23 14:16:29 -0500 |
commit | 06c3b6e3c41c629e510c55199bd19914273b0e64 (patch) | |
tree | fefa41a98db53965f47c30bb529bb26ec0e9bce1 /engine | |
parent | a88e45243afff71d103fec7440b219de8bdd79f5 (diff) | |
download | elgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.gz elgg-06c3b6e3c41c629e510c55199bd19914273b0e64.tar.bz2 |
Fixes #4997 stop requesting a token after a failed request
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/actions.php | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 53b185dea..ac6325813 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -252,10 +252,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) register_error(elgg_echo('actiongatekeeper:pluginprevents')); } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:timeerror')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:timeerror')); + } } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + } } } else { if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { |