[jan] Catch errors when checking one-time form tokens.

framework/Form/lib/Horde/Form.php

@@ -609,10 +609,14 @@ function validate($vars = null, $canAutoFill = false)
         $this->_autofilled = true;
 
         if ($this->_useFormToken) {
-            $tokenSource = $GLOBALS['injector']->getInstance('Horde_Token');
-            $passedToken = $vars->get($this->_name . '_formToken');
-            if (!empty($passedToken) && !$tokenSource->verify($passedToken)) {
-                $this->_errors['_formToken'] = Horde_Form_Translation::t("This form has already been processed.");
+            try {
+                $tokenSource = $GLOBALS['injector']->getInstance('Horde_Token');
+                $passedToken = $vars->get($this->_name . '_formToken');
+                if (!empty($passedToken) &&
+                    !$tokenSource->verify($passedToken)) {
+                    $this->_errors['_formToken'] = Horde_Form_Translation::t("This form has already been processed.");
+                }
+            } catch (Horde_Exception $e) {
             }
             if (!$GLOBALS['session']->get('horde', 'form_secrets/' . $passedToken)) {
                 $this->_errors['_formSecret'] = Horde_Form_Translation::t("Required secret is invalid - potentially malicious request.");

framework/Form/package.xml

@@ -27,7 +27,7 @@
  </stability>
  <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
  <notes>
-* 
+* [jan] Catch errors when checking one-time form tokens.
  </notes>
  <contents>
   <dir baseinstalldir="/" name="/">
@@ -978,7 +978,7 @@ Converted to package.xml 2.0 for pear.horde.org
    <date>2016-07-01</date>
    <license uri="http://www.horde.org/licenses/lgpl21">LGPL-2.1</license>
    <notes>
-* 
+* [jan] Catch errors when checking one-time form tokens.
    </notes>
   </release>
  </changelog>