Permalink
Browse files

Move overflow limits to only take effect after expiration.

  • Loading branch information...
1 parent 7249714 commit fc4846d676536a1f52393f1c2158cc7c030223f1 @markstory markstory committed Dec 6, 2011
Showing with 5 additions and 5 deletions.
  1. +5 −5 lib/Cake/Controller/Component/SecurityComponent.php
View
10 lib/Cake/Controller/Component/SecurityComponent.php
@@ -553,16 +553,16 @@ protected function _validateCsrf($controller) {
* @return array An array of nonce => expires.
*/
protected function _expireTokens($tokens) {
- $now = time();
- $overflow = count($tokens) - $this->csrfLimit;
- if ($overflow > 0) {
- $tokens = array_slice($tokens, $overflow + 1, null, true);
- }
foreach ($tokens as $nonce => $expires) {
if ($expires < $now) {
@ceeram
ceeram Dec 6, 2011

now the test fails because of undefined variable $now

@markstory
markstory Dec 6, 2011

Yeah, I'm a dolt. I'll have it fixed in a second.

unset($tokens[$nonce]);
}
}
+ $now = time();
+ $overflow = count($tokens) - $this->csrfLimit;
+ if ($overflow > 0) {
+ $tokens = array_slice($tokens, $overflow + 1, null, true);
+ }
return $tokens;
}

0 comments on commit fc4846d

Please sign in to comment.