Use new nonce support for request tokens

diff --git a/framework/Core/lib/Horde.php b/framework/Core/lib/Horde.php
index 9261e50..7a69f06 100644 (file)
--- a/framework/Core/lib/Horde.php
+++ b/framework/Core/lib/Horde.php
@@ -356,10 +356,7 @@ HTML;
      */
     static public function getRequestToken($slug)
     {
-        $token = Horde_Token::generateId($slug);
-        $GLOBALS['session']->set('horde', 'form_secrets/' . $token, time());
-
-        return $token;
+        return $GLOBALS['injector']->getInstance('Horde_Token')->get($slug);
     }
 
     /**
@@ -372,15 +369,7 @@ HTML;
      */
     static public function checkRequestToken($slug, $token)
     {
-        global $conf, $session;
-
-        if (!$session->exists('horde', 'form_secrets/' . $token)) {
-            throw new Horde_Exception(Horde_Core_Translation::t("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."));
-        }
-
-        if (($session->get('horde', 'form_secrets/' . $token) + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) {
-            throw new Horde_Exception(sprintf(Horde_Core_Translation::t("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['urls']['token_lifetime']));
-        }
+        $GLOBALS['injector']->getInstance('Horde_Token')->isValid($token, $slug);
     }
 
     /**