FIX: Ignore invalid tokens instead of throwing 403

This commit is contained in:
Hamish Friedlander 2013-07-19 14:47:05 +12:00
parent 036c36a7dd
commit a312cd08e1

View File

@ -61,11 +61,8 @@ class ParameterConfirmationToken {
// Store the token // Store the token
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null; $this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
// If a token was provided, but isn't valid, just throw a 403 // If a token was provided, but isn't valid, ignore it
if ($this->token && (!$this->checkToken($this->token))) { if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
header("HTTP/1.0 403 Forbidden", true, 403);
die;
}
} }
public function parameterProvided() { public function parameterProvided() {