/** * @see validate_action_token * @access private */ public function validateActionToken($visible_errors = true, $token = null, $ts = null) { if (!$token) { $token = get_input('__elgg_token'); } if (!$ts) { $ts = get_input('__elgg_ts'); } $session_id = $this->session->getId(); if ($token && $ts && $session_id) { if ($this->validateTokenOwnership($token, $ts)) { if ($this->validateTokenTimestamp($ts)) { // We have already got this far, so unless anything // else says something to the contrary we assume we're ok $returnval = _elgg_services()->hooks->trigger('action_gatekeeper:permissions:check', 'all', array('token' => $token, 'time' => $ts), true); if ($returnval) { return true; } else { if ($visible_errors) { register_error(_elgg_services()->translator->translate('actiongatekeeper:pluginprevents')); } } } else { if ($visible_errors) { // this is necessary because of #5133 if (elgg_is_xhr()) { register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl()))); } else { register_error(_elgg_services()->translator->translate('actiongatekeeper:timeerror')); } } } } else { if ($visible_errors) { // this is necessary because of #5133 if (elgg_is_xhr()) { register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl()))); } else { register_error(_elgg_services()->translator->translate('actiongatekeeper:tokeninvalid')); } } } } else { $req = _elgg_services()->request; $length = $req->server->get('CONTENT_LENGTH'); $post_count = count($req->request); if ($length && $post_count < 1) { // The size of $_POST or uploaded file has exceed the size limit $error_msg = _elgg_services()->hooks->trigger('action_gatekeeper:upload_exceeded_msg', 'all', array('post_size' => $length, 'visible_errors' => $visible_errors), _elgg_services()->translator->translate('actiongatekeeper:uploadexceeded')); } else { $error_msg = _elgg_services()->translator->translate('actiongatekeeper:missingfields'); } if ($visible_errors) { register_error($error_msg); } } return false; }