diff options
| author | Tristan Darricau <github@nicofuma.fr> | 2014-09-10 11:50:13 +0200 |
|---|---|---|
| committer | Tristan Darricau <github@nicofuma.fr> | 2014-09-10 11:50:13 +0200 |
| commit | b2a28962bc614475d223c2353e327f2382be2f2b (patch) | |
| tree | bcb9050b99e5a9b138eda99c5ef2f3d1f2183371 /phpBB/includes | |
| parent | 6c0a3bb2476ee601e55944bfd6b3ba33d4f85354 (diff) | |
| parent | d87547da6636d9c7483ef0337cbb6fe43a489f25 (diff) | |
| download | forums-b2a28962bc614475d223c2353e327f2382be2f2b.tar forums-b2a28962bc614475d223c2353e327f2382be2f2b.tar.gz forums-b2a28962bc614475d223c2353e327f2382be2f2b.tar.bz2 forums-b2a28962bc614475d223c2353e327f2382be2f2b.tar.xz forums-b2a28962bc614475d223c2353e327f2382be2f2b.zip | |
Merge pull request #2939 from nickvergessen/ticket/13052
[ticket/13052] Restore timespan parameter for check_form_key()
* nickvergessen/ticket/13052:
[ticket/13052] Restore timespan parameter for check_form_key()
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 7eca3e7ef6..64959a05f3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2578,16 +2578,21 @@ function add_form_key($form_name) /** * Check the form key. Required for all altering actions not secured by confirm_box * - * @param string $form_name The name of the form; has to match the name used + * @param string $form_name The name of the form; has to match the name used * in add_form_key, otherwise no restrictions apply + * @param int $timespan The maximum acceptable age for a submitted form + * in seconds. Defaults to the config setting. * @return bool True, if the form key was valid, false otherwise */ -function check_form_key($form_name) +function check_form_key($form_name, $timespan = false) { global $config, $request, $user; - // we enforce a minimum value of half a minute here. - $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); + if ($timespan === false) + { + // we enforce a minimum value of half a minute here. + $timespan = ($config['form_token_lifetime'] == -1) ? -1 : max(30, $config['form_token_lifetime']); + } if ($request->is_set_post('creation_time') && $request->is_set_post('form_token')) { |