diff --git a/framework/Form/lib/Horde/Form.php b/framework/Form/lib/Horde/Form.php
index 21274ee701c..249d87beb74 100644
--- a/framework/Form/lib/Horde/Form.php
+++ b/framework/Form/lib/Horde/Form.php
@@ -609,10 +609,14 @@ function validate($vars = null, $canAutoFill = false)
$this->_autofilled = true;
if ($this->_useFormToken) {
- $tokenSource = $GLOBALS['injector']->getInstance('Horde_Token');
- $passedToken = $vars->get($this->_name . '_formToken');
- if (!empty($passedToken) && !$tokenSource->verify($passedToken)) {
- $this->_errors['_formToken'] = Horde_Form_Translation::t("This form has already been processed.");
+ try {
+ $tokenSource = $GLOBALS['injector']->getInstance('Horde_Token');
+ $passedToken = $vars->get($this->_name . '_formToken');
+ if (!empty($passedToken) &&
+ !$tokenSource->verify($passedToken)) {
+ $this->_errors['_formToken'] = Horde_Form_Translation::t("This form has already been processed.");
+ }
+ } catch (Horde_Exception $e) {
}
if (!$GLOBALS['session']->get('horde', 'form_secrets/' . $passedToken)) {
$this->_errors['_formSecret'] = Horde_Form_Translation::t("Required secret is invalid - potentially malicious request.");
diff --git a/framework/Form/package.xml b/framework/Form/package.xml
index 69d1bfc729e..763d5d4fb26 100644
--- a/framework/Form/package.xml
+++ b/framework/Form/package.xml
@@ -27,7 +27,7 @@
LGPL-2.1
-*
+* [jan] Catch errors when checking one-time form tokens.
@@ -978,7 +978,7 @@ Converted to package.xml 2.0 for pear.horde.org
2016-07-01
LGPL-2.1
-*
+* [jan] Catch errors when checking one-time form tokens.