diff options
-rw-r--r-- | engine/lib/actions.php | 14 | ||||
-rw-r--r-- | js/lib/security.js | 33 | ||||
-rw-r--r-- | languages/en.php | 4 |
3 files changed, 24 insertions, 27 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 53b185dea..ac6325813 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -252,10 +252,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) register_error(elgg_echo('actiongatekeeper:pluginprevents')); } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:timeerror')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:timeerror')); + } } } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + // this is necessary because of #5133 + if (elgg_is_xhr()) { + register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url()))); + } else { + register_error(elgg_echo('actiongatekeeper:tokeninvalid')); + } } } else { if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { diff --git a/js/lib/security.js b/js/lib/security.js index 61aa1cfcd..af02824a6 100644 --- a/js/lib/security.js +++ b/js/lib/security.js @@ -7,6 +7,8 @@ elgg.security.token = {}; elgg.security.tokenRefreshFailed = false; +elgg.security.tokenRefreshTimer = null; + /** * Sets the currently active security token and updates all forms and links on the current page. * @@ -30,31 +32,17 @@ elgg.security.setToken = function(json) { }; /** - * Security tokens time out, so lets refresh those every so often. + * Security tokens time out so we refresh those every so often. * - * @todo handle error and bad return data + * @private */ elgg.security.refreshToken = function() { elgg.action('security/refreshtoken', function(data) { - - // @todo might want to move this to setToken() once http://trac.elgg.org/ticket/3127 - // is implemented. It's here right now to avoid soggy code. - if (!data || !(data.output.__elgg_ts && data.output.__elgg_token)) { - elgg.register_error(elgg.echo('js:security:token_refresh_failed', [elgg.get_site_url()])); - elgg.security.tokenRefreshFailed = true; - - // don't setToken because we refresh every 5 minutes and tokens are good for 1 - // hour by default - return; - } - - // if had problems last time, let them know it's working now - if (elgg.security.tokenRefreshFailed) { - elgg.system_message(elgg.echo('js:security:token_refreshed', [elgg.get_site_url()])); - elgg.security.tokenRefreshFailed = false; + if (data && data.output.__elgg_ts && data.output.__elgg_token) { + elgg.security.setToken(data.output); + } else { + clearInterval(elgg.security.tokenRefreshTimer); } - - elgg.security.setToken(data.output); }); }; @@ -112,9 +100,8 @@ elgg.security.addToken = function(data) { }; elgg.security.init = function() { - //refresh security token every 5 minutes - //this is set in the js/elgg PHP view. - setInterval(elgg.security.refreshToken, elgg.security.interval); + // elgg.security.interval is set in the js/elgg PHP view. + elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, 60 * 1000); }; elgg.register_hook_handler('boot', 'system', elgg.security.init);
\ No newline at end of file diff --git a/languages/en.php b/languages/en.php index 353896047..fe450b8a2 100644 --- a/languages/en.php +++ b/languages/en.php @@ -1189,7 +1189,7 @@ You cannot reply to this email.", * Action gatekeeper */ 'actiongatekeeper:missingfields' => 'Form is missing __token or __ts fields', - 'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.", + 'actiongatekeeper:tokeninvalid' => "The page you were using had expired. Please try again.", 'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.', 'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.', 'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator', @@ -1211,7 +1211,7 @@ You cannot reply to this email.", * Javascript */ - 'js:security:token_refresh_failed' => 'Cannot contact %s. You may experience problems saving content.', + 'js:security:token_refresh_failed' => 'Failed to contact %s. You may experience problems saving content. Please refresh this page.', 'js:security:token_refreshed' => 'Connection to %s restored!', /** |