makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/13052] Restore timespan parameter for check_form_key()

Browse source 
PHPBB3-13052
This commit is contained in:
Joas Schilling 2014-09-10 08:07:21 +02:00
parent 6c0a3bb247
commit d87547da66
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
phpBB/includes/functions.php
View file

@ -2580,14 +2580,19 @@ function add_form_key($form_name)
* *
* @param string $form_name The name of the form; has to match the name used * @param string $form_name The name of the form; has to match the name used
* in add_form_key, otherwise no restrictions apply * in add_form_key, otherwise no restrictions apply
* @param int $timespan The maximum acceptable age for a submitted form
* in seconds. Defaults to the config setting.
* @return bool True, if the form key was valid, false otherwise * @return bool True, if the form key was valid, false otherwise
*/ */
function check_form_key($form_name) function check_form_key($form_name, $timespan = false)
{ {
global $config, $request, $user; global $config, $request, $user;
if ($timespan === false)
{
// we enforce a minimum value of half a minute here. // we enforce a minimum value of half a minute here.
$timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']);
}
if ($request->is_set_post('creation_time') && $request->is_set_post('form_token')) if ($request->is_set_post('creation_time') && $request->is_set_post('form_token'))
{ {