From b5617868253553c458cb221d5e44b9a973ab8adb Mon Sep 17 00:00:00 2001
From: Mateusz Uzdowski <mateusz@silverstripe.com>
Date: Thu, 26 Apr 2012 13:55:24 +1200
Subject: [PATCH] MINOR: change the ugly user-facing CSRF message to more
 friendly

User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
---
 forms/Form.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/forms/Form.php b/forms/Form.php
index 3bf9cbec6..7fec8ff7f 100644
--- a/forms/Form.php
+++ b/forms/Form.php
@@ -240,7 +240,7 @@ class Form extends RequestHandler {
 		// Protection against CSRF attacks
 		$token = $this->getSecurityToken();
 		if(!$token->checkRequest($request)) {
-			$this->httpError(400, "Security token doesn't match, possible CSRF attack.");
+			$this->httpError(400, "Sorry, your session has timed out.");
 		}
 		
 		// Determine the action button clicked