From 0171329bbf3b881493b5e45b841781ab03442f94 Mon Sep 17 00:00:00 2001 From: marcus Date: Thu, 7 Aug 2008 11:11:20 +0000 Subject: Closes #218 git-svn-id: https://code.elgg.org/elgg/trunk@1746 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/actions.php | 13 +++++++++---- languages/en.php | 3 ++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 0779e5d6a..f5cd55271 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -131,11 +131,16 @@ // Validate token if (strcmp($token, $generated_token)==0) { - - // TODO: Validate time to ensure its not crazy - + $hour = 60*60; + $now = time(); - return true; + // Validate time to ensure its not crazy + if (($ts>$now-$hour) && ($ts<$now+$hour)) + { + return true; + } + else + register_error(elgg_echo('actiongatekeeper:timeerror')); } else register_error(elgg_echo('actiongatekeeper:tokeninvalid')); diff --git a/languages/en.php b/languages/en.php index f51f9128c..b47d6a7ee 100644 --- a/languages/en.php +++ b/languages/en.php @@ -704,7 +704,8 @@ You cannot reply to this email.", * Action gatekeeper */ 'actiongatekeeper:missingfields' => 'Form is missing __action, __token or __ts fields', - 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.', + 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.', + 'actiongatekeeper:timeerror' => 'Form has expired, please refresh and try again.', /** * Languages according to ISO 639-1 -- cgit v1.2.3