From 71e1fdfa7b6b4f5df1c7027c9f5e215f22faaa1b Mon Sep 17 00:00:00 2001
From: Flavio Copes <copesc@gmail.com>
Date: Thu, 3 Dec 2015 17:44:56 +0100
Subject: [PATCH] Return "Invalid Security Token" instead of "Unauthorized".
 Also, return that string for AJAX calls

---
 classes/controller.php | 9 ++++++---
 languages.yaml         | 2 ++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/classes/controller.php b/classes/controller.php
index 16f7a785..34da6c16 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -89,7 +89,8 @@ class AdminController
         if (method_exists('Grav\Common\Utils', 'getNonce')) {
             if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
                 if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
-                    $this->admin->setMessage('Unauthorized', 'error');
+                    $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
+                    $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')];
                     return false;
                 }
                 unset($this->post['admin-nonce']);
@@ -97,13 +98,15 @@ class AdminController
                 if ($this->task == 'logout') {
                     $nonce = $this->grav['uri']->param('logout-nonce');
                     if (!isset($nonce) || !Utils::verifyNonce($nonce, 'logout-form')) {
-                        $this->admin->setMessage('Unauthorized', 'error');
+                        $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
+                        $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')];
                         return false;
                     }
                 } else {
                     $nonce = $this->grav['uri']->param('admin-nonce');
                     if (!isset($nonce) || !Utils::verifyNonce($nonce, 'admin-form')) {
-                        $this->admin->setMessage('Unauthorized', 'error');
+                        $this->admin->setMessage($this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
+                        $this->admin->json_response = ['status' => 'error', 'message' => $this->admin->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')];
                         return false;
                     }
                 }
diff --git a/languages.yaml b/languages.yaml
index 085cd18e..062d070a 100644
--- a/languages.yaml
+++ b/languages.yaml
@@ -454,6 +454,7 @@ en:
     GROUPS_HELP: "List of groups the user is part of"
     ADMIN_ACCESS: "Admin Access"
     SITE_ACCESS: "Site Access"
+    INVALID_SECURITY_TOKEN: "Invalid Security Token"
 
 fr:
   PLUGIN_ADMIN:
@@ -1781,6 +1782,7 @@ it:
     GROUPS_HELP: "Lista dei gruppi a cui appartiene l'utente"
     ADMIN_ACCESS: "Accesso Amministrazione"
     SITE_ACCESS: "Accesso Sito"
+    INVALID_SECURITY_TOKEN: "Token di sicurezza non valido"
 
 de:
   PLUGIN_ADMIN: