MINOR: change the ugly user-facing CSRF message to more friendly

User does not necessarily knows what CSRF is, and tends to get scared by
this, thinking he has abused something. On the other hand users tend to
know what session expiry means.
This commit is contained in:
Mateusz Uzdowski 2012-04-26 13:55:24 +12:00
parent 869bab2230
commit b561786825

View File

@ -240,7 +240,7 @@ class Form extends RequestHandler {
// Protection against CSRF attacks // Protection against CSRF attacks
$token = $this->getSecurityToken(); $token = $this->getSecurityToken();
if(!$token->checkRequest($request)) { if(!$token->checkRequest($request)) {
$this->httpError(400, "Security token doesn't match, possible CSRF attack."); $this->httpError(400, "Sorry, your session has timed out.");
} }
// Determine the action button clicked // Determine the action button clicked