Browse files

FIX: Ignore invalid tokens instead of throwing 403

  • Loading branch information...
1 parent 036c36a commit a312cd08e12daa55015f75d8642a621b2b460723 @hafriedlander hafriedlander committed Jul 19, 2013
Showing with 2 additions and 5 deletions.
  1. +2 −5 core/startup/ParameterConfirmationToken.php
View
7 core/startup/ParameterConfirmationToken.php
@@ -61,11 +61,8 @@ public function __construct($parameterName) {
// Store the token
$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
- // If a token was provided, but isn't valid, just throw a 403
- if ($this->token && (!$this->checkToken($this->token))) {
- header("HTTP/1.0 403 Forbidden", true, 403);
- die;
- }
+ // If a token was provided, but isn't valid, ignore it
+ if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
}
public function parameterProvided() {

0 comments on commit a312cd0

Please sign in to comment.