diff options
| -rw-r--r-- | engine/lib/actions.php | 13 | ||||
| -rw-r--r-- | languages/en.php | 3 |
2 files changed, 11 insertions, 5 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 0779e5d6a..f5cd55271 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -131,11 +131,16 @@ // Validate token if (strcmp($token, $generated_token)==0) { - - // TODO: Validate time to ensure its not crazy - + $hour = 60*60; + $now = time(); - return true; + // Validate time to ensure its not crazy + if (($ts>$now-$hour) && ($ts<$now+$hour)) + { + return true; + } + else + register_error(elgg_echo('actiongatekeeper:timeerror')); } else register_error(elgg_echo('actiongatekeeper:tokeninvalid')); diff --git a/languages/en.php b/languages/en.php index f51f9128c..b47d6a7ee 100644 --- a/languages/en.php +++ b/languages/en.php @@ -704,7 +704,8 @@ You cannot reply to this email.", * Action gatekeeper */ 'actiongatekeeper:missingfields' => 'Form is missing __action, __token or __ts fields', - 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.',
+ 'actiongatekeeper:tokeninvalid' => 'Token provided by form does not match that generated by server.', + 'actiongatekeeper:timeerror' => 'Form has expired, please refresh and try again.',
/**
* Languages according to ISO 639-1
|