From: Michael M Slusarz <slusarz@curecanti.org>
Date: Tue, 30 Nov 2010 23:32:31 +0000 (-0700)
Subject: Use new nonce support for request tokens
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=a4b1e2311dfa5fedc79c2b3c8ee0791ac851e686;p=horde.git

Use new nonce support for request tokens
---

diff --git a/framework/Core/lib/Horde.php b/framework/Core/lib/Horde.php
index 9261e50b0..7a69f06ae 100644
--- a/framework/Core/lib/Horde.php
+++ b/framework/Core/lib/Horde.php
@@ -356,10 +356,7 @@ HTML;
      */
     static public function getRequestToken($slug)
     {
-        $token = Horde_Token::generateId($slug);
-        $GLOBALS['session']->set('horde', 'form_secrets/' . $token, time());
-
-        return $token;
+        return $GLOBALS['injector']->getInstance('Horde_Token')->get($slug);
     }
 
     /**
@@ -372,15 +369,7 @@ HTML;
      */
     static public function checkRequestToken($slug, $token)
     {
-        global $conf, $session;
-
-        if (!$session->exists('horde', 'form_secrets/' . $token)) {
-            throw new Horde_Exception(Horde_Core_Translation::t("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now."));
-        }
-
-        if (($session->get('horde', 'form_secrets/' . $token) + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) {
-            throw new Horde_Exception(sprintf(Horde_Core_Translation::t("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['urls']['token_lifetime']));
-        }
+        $GLOBALS['injector']->getInstance('Horde_Token')->isValid($token, $slug);
     }
 
     /**