Merge pull request #2248 from hafriedlander/fix/flush_30

FIX: Have ParameterConfirmationToken work regardless of include path
This commit is contained in:
Sam Minnée 2013-07-18 20:46:56 -07:00
commit 7bfc872a8e

View File

@ -23,7 +23,7 @@ class ParameterConfirmationToken {
$basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR); $basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR);
} }
require_once('core/TempPath.php'); require_once(dirname(dirname(__FILE__)).'/TempPath.php');
$tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR); $tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR);
return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token); return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token);
@ -31,7 +31,7 @@ class ParameterConfirmationToken {
protected function genToken() { protected function genToken() {
// Generate a new random token (as random as possible) // Generate a new random token (as random as possible)
require_once('security/RandomGenerator.php'); require_once(dirname(dirname(dirname(__FILE__))).'/security/RandomGenerator.php');
$rg = new RandomGenerator(); $rg = new RandomGenerator();
$token = $rg->randomToken('md5'); $token = $rg->randomToken('md5');
@ -61,11 +61,8 @@ class ParameterConfirmationToken {
// Store the token // Store the token
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null; $this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
// If a token was provided, but isn't valid, just throw a 403 // If a token was provided, but isn't valid, ignore it
if ($this->token && (!$this->checkToken($this->token))) { if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
header("HTTP/1.0 403 Forbidden", true, 403);
die;
}
} }
public function parameterProvided() { public function parameterProvided() {