Merge pull request #2247 from hafriedlander/fix/flush_24

FIX: Have ParameterConfirmationToken work regardless of include path

core/TempPath.php

@@ -29,7 +29,7 @@ function getTempFolder($base = null) {
 		$cachefolder = "silverstripe-cache";
 	}
 
-	$ssTmp = BASE_PATH . "/silverstripe-cache";
+	$ssTmp = $base . "/silverstripe-cache";
 	if(@file_exists($ssTmp)) {
 		return $ssTmp;
 	}
@@ -43,7 +43,7 @@ function getTempFolder($base = null) {
 	}
 
 	if(!$worked) {
-		$ssTmp = BASE_PATH . "/silverstripe-cache";
+		$ssTmp = $base . "/silverstripe-cache";
 		$worked = true;
 		if(!@file_exists($ssTmp)) {
 			@$worked = mkdir($ssTmp);

core/startup/ParameterConfirmationToken.php

@@ -23,7 +23,7 @@ class ParameterConfirmationToken {
 			$basepath = rtrim(dirname(dirname(dirname(dirname(__FILE__)))), DIRECTORY_SEPARATOR);
 		}
 
-		require_once('core/TempPath.php');
+		require_once(dirname(dirname(__FILE__)).'/TempPath.php');
 		$tempfolder = getTempFolder($basepath ? $basepath : DIRECTORY_SEPARATOR);
 
 		return $tempfolder.'/token_'.preg_replace('/[^a-z0-9]+/', '', $token);
@@ -31,7 +31,7 @@ class ParameterConfirmationToken {
 
 	protected function genToken() {
 		// Generate a new random token (as random as possible)
-		require_once('security/RandomGenerator.php');
+		require_once(dirname(dirname(dirname(__FILE__))).'/security/RandomGenerator.php');
 		$rg = new RandomGenerator();
 		$token = $rg->randomToken('md5');
 
@@ -61,11 +61,8 @@ class ParameterConfirmationToken {
 		// Store the token
 		$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
 
-		// If a token was provided, but isn't valid, just throw a 403
-		if ($this->token && (!$this->checkToken($this->token))) {
-			header("HTTP/1.0 403 Forbidden", true, 403);
-			die;
-		}
+		// If a token was provided, but isn't valid, ignore it
+		if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
 	}
 
 	public function parameterProvided() {