#554106 follow-up by pwolanin: Restore timeboxing for SimpleTest runs, for security.

includes/bootstrap.inc

@@ -2261,8 +2261,10 @@ function drupal_valid_test_ua($user_agent) {
   // The file properties add more entropy not easily accessible to others.
   $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
   $key = $drupal_hash_salt . filectime($filepath) . fileinode($filepath);
-  // The HMAC must match.
-  return $hmac == drupal_hmac_base64($check_string, $key);
+  $time_diff = REQUEST_TIME - $time;
+  // Since we are making a local request a 5 second time window is allowed,
+  // and the HMAC must match.
+  return ($time_diff >= 0) && ($time_diff <= 5) && ($hmac == drupal_hmac_base64($check_string, $key));
 }
 
 /**