From 4d8ba2424896ac423ff14052e0aaf055798c4230 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Fri, 6 Oct 2017 16:53:50 +0200
Subject: [PATCH] =?UTF-8?q?[fix]=C2=A0more=20explicit=20error=20message=20?=
 =?UTF-8?q?for=20CSRF?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 bureau/class/functions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bureau/class/functions.php b/bureau/class/functions.php
index a23451dd..bbc00e58 100755
--- a/bureau/class/functions.php
+++ b/bureau/class/functions.php
@@ -1161,11 +1161,11 @@ function csrf_check($token=null) {
     }
     $db->query("SELECT used FROM csrf WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));
     if (!$db->next_record()) {
-        $msg->raise('Error', "functions", _("Your token is invalid"));
+        $msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
         return 0; // invalid csrf cookie 
     }
     if ($db->f("used")) {
-        $msg->raise('Error', "functions", _("Your token is expired. Please refill the form."));
+        $msg->raise('Error', "functions", _("You can't post twice the same form, please retry."));
         return -1; // expired
     }
     $db->query("UPDATE csrf SET used=1 WHERE cookie=? AND token=?;",array($_SESSION["csrf"],$token));