From cdc96ca5741bb83fe799ef3decde56fa350a5403 Mon Sep 17 00:00:00 2001 From: Flavio Copes Date: Thu, 7 Jan 2016 11:59:40 +0100 Subject: [PATCH] Improve comment messages for temporary nonce methods --- system/src/Grav/Common/Utils.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php index 483584271..0efa1ba5f 100644 --- a/system/src/Grav/Common/Utils.php +++ b/system/src/Grav/Common/Utils.php @@ -480,7 +480,8 @@ abstract class Utils return ( $i . '|' . $action . '|' . $username . '|' . $token . '|' . self::getGrav()['config']->get('security.salt')); } - //TODO: Remove after 1.0.8 release + //Added in version 1.0.8 to ensure that existing nonces are not broken. + //TODO: to be removed private static function generateNonceStringOldStyle($action, $plusOneTick = false) { if (isset(self::getGrav()['user'])) { @@ -535,7 +536,8 @@ abstract class Utils return static::$nonces[$action]; } - //TODO: Remove after 1.0.8 release + //Added in version 1.0.8 to ensure that existing nonces are not broken. + //TODO: to be removed public static function getNonceOldStyle($action, $plusOneTick = false) { // Don't regenerate this again if not needed @@ -569,9 +571,9 @@ abstract class Utils return true; } - //Add a one-time check in version 1.0.8 to ensure that existing nonces are not broken. - //TODO to be removed as soon as released + //Added in version 1.0.8 to ensure that existing nonces are not broken. + //TODO: to be removed //Nonce generated 0-12 hours ago if ($nonce == self::getNonceOldStyle($action)) { return true; @@ -582,6 +584,7 @@ abstract class Utils if ($nonce == self::getNonceOldStyle($action, $plusOneTick)) { return true; } + //End TODO: to be removed //Invalid nonce return false;