[Tickets #7756] checkRequestToken in Horde.php -> all tokens are only valid for 0min
bugs at horde.org
bugs at horde.org
Fri Dec 5 10:52:47 UTC 2008
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7756
------------------------------------------------------------------------------
Ticket | 7756
Created By | harakiri_23 at yahoo.com
Summary | checkRequestToken in Horde.php -> all tokens are only
| valid for 0min
Queue | Horde Framework Packages
Version | FRAMEWORK_3
Type | Bug
State | Unconfirmed
Priority | 3. High
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
harakiri_23 at yahoo.com (2008-12-05 05:52) wrote:
There is a math bug in the Horde.php checkRequestToken, the
paranthesis are missing :
instead of
if ($_SESSION['horde_form_secrets'][$token] +
$GLOBALS['conf']['urls']['token_lifetime'] * 60 < time()) {
return PEAR::raiseError(sprintf(_("This request cannot be
completed because the link you followed or the form you submitted was
only valid for %s minutes"),
$GLOBALS['conf']['urls']['token_lifetime']));
}
it should be
if (($_SESSION['horde_form_secrets'][$token] +
$GLOBALS['conf']['urls']['token_lifetime']) * 60 < time()) {
return PEAR::raiseError(sprintf(_("This request cannot be
completed because the link you followed or the form you submitted was
only valid for %s minutes"),
$GLOBALS['conf']['urls']['token_lifetime']));
}
no matter which setting you chose for token_lifetime - it will always
complain about that the link is no longer valid.
More information about the bugs
mailing list