From d83c51cde90f10ac105e0480dd15e3257096eccb Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Sat, 2 Oct 2010 18:27:39 -0400
Subject: [PATCH] Fixing expiration conditions on CSRF tokens.

---
 cake/libs/controller/components/security.php                 | 4 ++--
 .../tests/cases/libs/controller/components/security.test.php | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/cake/libs/controller/components/security.php b/cake/libs/controller/components/security.php
index cbee815e3..12f1e1021 100644
--- a/cake/libs/controller/components/security.php
+++ b/cake/libs/controller/components/security.php
@@ -719,9 +719,9 @@ class SecurityComponent extends Component {
  * @return An array of nonce => expires.
  */
 	protected function _expireTokens($tokens) {
-		$tokenExpiryTime = strtotime($this->csrfExpires);
+		$now = time();
 		foreach ($tokens as $nonce => $expires) {
-			if ($expires < $tokenExpiryTime) {
+			if ($expires < $now) {
 				unset($tokens[$nonce]);
 			}
 		}
diff --git a/cake/tests/cases/libs/controller/components/security.test.php b/cake/tests/cases/libs/controller/components/security.test.php
index 50772c645..82a52c5cd 100644
--- a/cake/tests/cases/libs/controller/components/security.test.php
+++ b/cake/tests/cases/libs/controller/components/security.test.php
@@ -1302,12 +1302,15 @@ DIGEST;
 		$this->Security->csrfExpires = '+10 minutes';
 		
 		$this->Security->Session->write('_Token.csrfTokens', array(
+			'valid' => strtotime('+30 minutes'),
 			'poof' => strtotime('-11 minutes'),
 			'dust' => strtotime('-20 minutes')
 		));
 		$this->Security->startup($this->Controller);
 		$tokens = $this->Security->Session->read('_Token.csrfTokens');
-		$this->assertEquals(1, count($tokens), 'Too many tokens left behind');
+		$this->assertEquals(2, count($tokens), 'Too many tokens left behind');
+		$this->assertNotEmpty('valid', $tokens, 'Valid token was removed.');
+		
 	}
 
 /**