aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-03-18 19:51:30 +0000
committerMario <mario@mariovavti.com>2021-03-18 19:51:30 +0000
commit85d000e7920ec5ab56bc33e2e4b2d86036fee830 (patch)
treedf10733b7b408ee53c1006cd9a880b2ef6bfc140
parent3ac27d800455f9603d2a8093159aa81033335a9f (diff)
downloadvolse-hubzilla-85d000e7920ec5ab56bc33e2e4b2d86036fee830.tar.gz
volse-hubzilla-85d000e7920ec5ab56bc33e2e4b2d86036fee830.tar.bz2
volse-hubzilla-85d000e7920ec5ab56bc33e2e4b2d86036fee830.zip
air: revert min_livetime of the form security token - it has had its issues and air can be configured for delayed registration verification
-rw-r--r--include/security.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/include/security.php b/include/security.php
index 4643de105..f433f8094 100644
--- a/include/security.php
+++ b/include/security.php
@@ -592,10 +592,9 @@ function check_form_security_token($typename = '', $formname = 'form_security_to
$hash = $_REQUEST[$formname];
$max_livetime = 10800; // 3 hours
- $min_livetime = 3; // 3 sec
$x = explode('.', $hash);
- if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime))
+ if (time() > (IntVal($x[0]) + $max_livetime))
return false;
$sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename);