From 85d000e7920ec5ab56bc33e2e4b2d86036fee830 Mon Sep 17 00:00:00 2001 From: Mario Date: Thu, 18 Mar 2021 19:51:30 +0000 Subject: air: revert min_livetime of the form security token - it has had its issues and air can be configured for delayed registration verification --- include/security.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/security.php') diff --git a/include/security.php b/include/security.php index 4643de105..f433f8094 100644 --- a/include/security.php +++ b/include/security.php @@ -592,10 +592,9 @@ function check_form_security_token($typename = '', $formname = 'form_security_to $hash = $_REQUEST[$formname]; $max_livetime = 10800; // 3 hours - $min_livetime = 3; // 3 sec $x = explode('.', $hash); - if (time() > (IntVal($x[0]) + $max_livetime) || time() < (IntVal($x[0]) + $min_livetime)) + if (time() > (IntVal($x[0]) + $max_livetime)) return false; $sec_hash = hash('whirlpool', App::$observer['xchan_guid'] . ((local_channel()) ? App::$channel['channel_prvkey'] : '') . session_id() . $x[0] . $typename); -- cgit v1.2.3