- public function matchEditToken( $val, $salt = '', $request = null ) {
- $sessionToken = $this->getEditToken( $salt, $request );
+ public function matchEditToken( $val, $salt = '', $request = null, $maxage = null ) {
+ if ( $this->isAnon() ) {
+ return $val === self::EDIT_TOKEN_SUFFIX;
+ }
+
+ $suffixLen = strlen( self::EDIT_TOKEN_SUFFIX );
+ if ( strlen( $val ) <= 32 + $suffixLen ) {
+ return false;
+ }
+
+ $timestamp = hexdec( substr( $val, 32, -$suffixLen ) );
+ if ( $maxage !== null && $timestamp < wfTimestamp() - $maxage ) {
+ // Expired token
+ return false;
+ }
+
+ $sessionToken = $this->getEditTokenAtTimestamp(
+ $salt, $request ?: $this->getRequest(), $timestamp
+ );
+