From 9bd19754081f5a2ddeb30bae7240ae8d6aa4edea Mon Sep 17 00:00:00 2001 From: marcus Date: Fri, 29 May 2009 11:33:10 +0000 Subject: Option to suppress visible errors in token validation code. git-svn-id: https://code.elgg.org/elgg/trunk@3316 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/actions.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'engine') diff --git a/engine/lib/actions.php b/engine/lib/actions.php index d7de3961c..b1a876454 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -64,7 +64,7 @@ if ($event_result) // Event_result being false doesn't produce an error - since i assume this will be handled in the hook itself. TODO make this better! { /** Refs #749: We now warn if action token is missing. Later this will be replaced with action_gatekeeper() as detailed in #750 */ - if (!validate_action_token()) + if (!validate_action_token(false)) { // Display a temporary warning message - in future versions this will be a hard fail via an action gatekeeper. $message = "WARNING: Action $action was called without an action token. It is stongly recommended that you consider doing this. Plugin authors should use 'input/form' or pass is_action=true to 'output/confirmlink' or 'output/url'."; @@ -138,7 +138,7 @@ * * @return unknown */ - function validate_action_token() + function validate_action_token($visibleerrors = true) { $token = get_input('__elgg_token'); $ts = get_input('__elgg_ts'); @@ -167,16 +167,16 @@ if ($returnval) return true; - else + else if ($visibleerrors) register_error(elgg_echo('actiongatekeeper:pluginprevents')); } - else + else if ($visibleerrors) register_error(elgg_echo('actiongatekeeper:timeerror')); } - else + else if ($visibleerrors) register_error(elgg_echo('actiongatekeeper:tokeninvalid')); } - else + else if ($visibleerrors) register_error(elgg_echo('actiongatekeeper:missingfields')); return false; -- cgit v1.2.3