From a4b1e2311dfa5fedc79c2b3c8ee0791ac851e686 Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Tue, 30 Nov 2010 16:32:31 -0700 Subject: [PATCH] Use new nonce support for request tokens --- framework/Core/lib/Horde.php | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/framework/Core/lib/Horde.php b/framework/Core/lib/Horde.php index 9261e50b0..7a69f06ae 100644 --- a/framework/Core/lib/Horde.php +++ b/framework/Core/lib/Horde.php @@ -356,10 +356,7 @@ HTML; */ static public function getRequestToken($slug) { - $token = Horde_Token::generateId($slug); - $GLOBALS['session']->set('horde', 'form_secrets/' . $token, time()); - - return $token; + return $GLOBALS['injector']->getInstance('Horde_Token')->get($slug); } /** @@ -372,15 +369,7 @@ HTML; */ static public function checkRequestToken($slug, $token) { - global $conf, $session; - - if (!$session->exists('horde', 'form_secrets/' . $token)) { - throw new Horde_Exception(Horde_Core_Translation::t("We cannot verify that this request was really sent by you. It could be a malicious request. If you intended to perform this action, you can retry it now.")); - } - - if (($session->get('horde', 'form_secrets/' . $token) + $GLOBALS['conf']['urls']['token_lifetime'] * 60) < time()) { - throw new Horde_Exception(sprintf(Horde_Core_Translation::t("This request cannot be completed because the link you followed or the form you submitted was only valid for %s minutes. Please try again now."), $GLOBALS['conf']['urls']['token_lifetime'])); - } + $GLOBALS['injector']->getInstance('Horde_Token')->isValid($token, $slug); } /** -- 2.11.0