From 0171329bbf3b881493b5e45b841781ab03442f94 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Thu, 7 Aug 2008 11:11:20 +0000
Subject: Closes #218

git-svn-id: https://code.elgg.org/elgg/trunk@1746 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/actions.php | 13 +++++++++----
 languages/en.php       |  3 ++-
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 0779e5d6a..f5cd55271 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -131,11 +131,16 @@
 	        	// Validate token
 	        	if (strcmp($token, $generated_token)==0)
 	        	{
-        	
-	        		// TODO: Validate time to ensure its not crazy
-	        		
+	        		$hour = 60*60;
+	        		$now = time();
 	        		
-	        		return true;
+	        		// Validate time to ensure its not crazy
+	        		if (($ts>$now-$hour) && ($ts<$now+$hour))
+	        		{
+	        			return true;
+	        		}
+	        		else
+	        			register_error(elgg_echo('actiongatekeeper:timeerror'));
 	        	}
 	        	else
 	        		register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
diff --git a/languages/en.php b/languages/en.php
index f51f9128c..b47d6a7ee 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -704,7 +704,8 @@ You cannot reply to this email.",
 		 * Action gatekeeper
 		 */
 			'actiongatekeeper:missingfields' => 'Form is missing __action, __token or __ts fields',
-			'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.',
+			'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.',
+			'actiongatekeeper:timeerror' => 'Form has expired, please refresh and try again.',
 	
 		/**
 		 * Languages according to ISO 639-1
-- 
cgit v1.2.3