--- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick/Events.pm	2019-01-27 13:17:40.000000000 -0500
+++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick/Events.pm	2019-01-27 14:35:18.143816986 -0500
@@ -83,8 +83,12 @@
         $self->debug_msg("Validation successful.");
 
         # Don't run any post event unless it's a POST request
+        $self->debug_msg("Request method should be POST.")  unless (($self->{cgi}->request_method || '') eq 'POST') ;
         return unless (($self->{cgi}->request_method || '') eq 'POST');
-        if ($self->{csrf} and ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')){
+        if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
+           or $self->{cgi}->param('csrf_timestamp') + 120  < time ) ) {
+	    # only 3 min to validate form
+	    $self->debug_msg("SRF protection blocked request");
             warn "CSRF protection blocked request\n";
             return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
         }
@@ -142,8 +146,12 @@
     $self->debug_msg("This is the page post-event.");
 
     # Don't run any post event unless it's a POST request
+    $self->debug_msg("Request method should be POST.")  unless (($self->{cgi}->request_method || '') eq 'POST') ;
     return unless (($self->{cgi}->request_method || '') eq 'POST');
-    if ($self->{csrf} and ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')){
+    if ($self->{csrf} and ( ($self->{cgi}->param('csrf_token') || '') ne $self->{cgi}->param('csrf_token_compare')
+       or $self->{cgi}->param('csrf_timestamp') + 120  < time ) ) {
+        # only 3 min to validate form
+        $self->debug_msg("SRF protection blocked request");
         warn "CSRF protection blocked request\n";
         return $self->error($self->localise('CSRF_VALIDATION_FAILURE'));
     }
--- perl-CGI-FormMagick-0.93.old/lib/CGI/FormMagick.pm	2019-01-27 13:17:40.000000000 -0500
+++ perl-CGI-FormMagick-0.93/lib/CGI/FormMagick.pm	2019-01-27 14:32:14.186747779 -0500
@@ -202,6 +202,7 @@
     # Create a CSRF token to compare later with. And store it in the session
     if ($self->{csrf} and not $self->{cgi}->param('csrf_token_compare')){
         $self->{cgi}->param(-name => 'csrf_token_compare', -value => Session::Token->new(entropy => 256)->get);
+	$self->{cgi}->param(-name => 'csrf_timestamp', -value =>  time);
         $self->commit_session;
     }