makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-10 05:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #2939 from nickvergessen/ticket/13052

Browse source 
[ticket/13052] Restore timespan parameter for check_form_key()

* nickvergessen/ticket/13052:
  [ticket/13052] Restore timespan parameter for check_form_key()
This commit is contained in:
Tristan Darricau 2014-09-10 11:50:13 +02:00
commit b2a28962bc
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
phpBB/includes/functions.php
View file

@ -2578,16 +2578,21 @@ function add_form_key($form_name)
/**
* Check the form key. Required for all altering actions not secured by confirm_box
*
* @param string $form_name The name of the form; has to match the name used
* @param string $form_name The name of the form; has to match the name used
* in add_form_key, otherwise no restrictions apply
* @param int $timespan The maximum acceptable age for a submitted form
* in seconds. Defaults to the config setting.
* @return bool True, if the form key was valid, false otherwise
*/
function check_form_key($form_name)
function check_form_key($form_name, $timespan = false)
{
global $config, $request, $user;
// we enforce a minimum value of half a minute here.
$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
if ($timespan === false)
{
// we enforce a minimum value of half a minute here.
$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
}
if ($request->is_set_post('creation_time') && $request->is_set_post('form_token'))
{