/**
* @see validate_action_token
* @access private
*/
public function validateActionToken($visible_errors = true, $token = null, $ts = null)
{
if (!$token) {
$token = get_input('__elgg_token');
}
if (!$ts) {
$ts = get_input('__elgg_ts');
}
$session_id = $this->session->getId();
if ($token && $ts && $session_id) {
if ($this->validateTokenOwnership($token, $ts)) {
if ($this->validateTokenTimestamp($ts)) {
// We have already got this far, so unless anything
// else says something to the contrary we assume we're ok
$returnval = _elgg_services()->hooks->trigger('action_gatekeeper:permissions:check', 'all', array('token' => $token, 'time' => $ts), true);
if ($returnval) {
return true;
} else {
if ($visible_errors) {
register_error(_elgg_services()->translator->translate('actiongatekeeper:pluginprevents'));
}
}
} else {
if ($visible_errors) {
// this is necessary because of #5133
if (elgg_is_xhr()) {
register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl())));
} else {
register_error(_elgg_services()->translator->translate('actiongatekeeper:timeerror'));
}
}
}
} else {
if ($visible_errors) {
// this is necessary because of #5133
if (elgg_is_xhr()) {
register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl())));
} else {
register_error(_elgg_services()->translator->translate('actiongatekeeper:tokeninvalid'));
}
}
}
} else {
$req = _elgg_services()->request;
$length = $req->server->get('CONTENT_LENGTH');
$post_count = count($req->request);
if ($length && $post_count < 1) {
// The size of $_POST or uploaded file has exceed the size limit
$error_msg = _elgg_services()->hooks->trigger('action_gatekeeper:upload_exceeded_msg', 'all', array('post_size' => $length, 'visible_errors' => $visible_errors), _elgg_services()->translator->translate('actiongatekeeper:uploadexceeded'));
} else {
$error_msg = _elgg_services()->translator->translate('actiongatekeeper:missingfields');
}
if ($visible_errors) {
register_error($error_msg);
}
}
return false;
}