From: pdontthink Date: Mon, 21 Jun 2010 07:01:16 +0000 (+0000) Subject: Reduced default time security tokens stay valid from 30 days to 2 days (reduces chanc... X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=e1bab38c250c53c242c6b8f15937bd7331f7609a;p=squirrelmail.git Reduced default time security tokens stay valid from 30 days to 2 days (reduces chances of session data growing too large) git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13949 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/doc/ChangeLog b/doc/ChangeLog index 50f062af..c39d7cec 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -340,6 +340,8 @@ Version 1.5.2 - SVN - Fix error with SpamCop reporting plugin not being able to send report as emails (#1795310). - Fix typo in SpamCop plugin. + - Reduced default time security tokens stay valid from 30 days to 2 days + (reduces chances of session data growing too large) Version 1.5.1 (branched on 2006-02-12) -------------------------------------- diff --git a/functions/strings.php b/functions/strings.php index 50e9bfea..64ec8715 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -1468,7 +1468,7 @@ function sm_truncate_string($string, $max_chars, $elipses='', * * @param boolean $purge_old Indicates if old tokens * should be purged from the - * list ("old" is 30 days or + * list ("old" is 2 days or * older unless the administrator * overrides that value using * $max_security_token_age in @@ -1494,7 +1494,7 @@ function sm_get_user_security_tokens($purge_old=TRUE) // if ($purge_old) { - if (empty($max_token_age_days)) $max_token_age_days = 30; + if (empty($max_token_age_days)) $max_token_age_days = 2; $now = time(); $discard_token_date = $now - ($max_token_age_days * 86400); $cleaned_tokens = array(); @@ -1562,7 +1562,7 @@ function sm_generate_security_token() * from the user's preferences if it was valid. If the token * is too old but otherwise valid, it will still be rejected. * - * "Too old" is 30 days or older unless the administrator + * "Too old" is 2 days or older unless the administrator * overrides that value using $max_security_token_age in * config/config_local.php * @@ -1628,7 +1628,7 @@ function sm_validate_security_token($token, $validity_period=0, $show_error=FALS // reject tokens that are too old // - if (empty($max_token_age_days)) $max_token_age_days = 30; + if (empty($max_token_age_days)) $max_token_age_days = 2; $old_token_date = $now - ($max_token_age_days * 86400); if ($timestamp < $old_token_date) {