[Tickets #7756] checkRequestToken in Horde.php -> all tokens are
bu...@horde.org
Ticket URL: http://bugs.horde.org/ticket/7756
------------------------------------------------------------------------------
Ticket | 7756
Created By | harak...@yahoo.com
Summary | checkRequestToken in Horde.php -> all tokens are only
| valid for 0min
Queue | Horde Framework Packages
Version | FRAMEWORK_3
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
harak...@yahoo.com (2008-12-05 05:52) wrote:
There is a math bug in the Horde.php checkRequestToken, the
paranthesis are missing :
instead of
if ($_SESSION['horde_form_secrets'][$token] +
$GLOBALS['conf']['urls']['token_lifetime'] * 60 < time()) {
return PEAR::raiseError(sprintf(_("This request cannot be
completed because the link you followed or the form you submitted was
only valid for %s minutes"),
$GLOBALS['conf']['urls']['token_lifetime']));
}
it should be
if (($_SESSION['horde_form_secrets'][$token] +
$GLOBALS['conf']['urls']['token_lifetime']) * 60 < time()) {
return PEAR::raiseError(sprintf(_("This request cannot be
completed because the link you followed or the form you submitted was
only valid for %s minutes"),
$GLOBALS['conf']['urls']['token_lifetime']));
}
no matter which setting you chose for token_lifetime - it will always
complain about that the link is no longer valid.
--
You are subscribed to this list as: horde...@freebsd.csie.nctu.edu.tw
To unsubscribe, mail: bugs-uns...@lists.horde.org