Avoid trying to reuse spent authorization codes

Conflicts:
	readme.md
	src/base_facebook.php

Author: oyvindkinsey

readme.md

@@ -1,5 +1,4 @@
-Facebook PHP SDK (v.3.2.1)
-==========================
+Facebook PHP SDK (v.3.2.2)
 
 The [Facebook Platform](http://developers.facebook.com/) is
 a set of APIs that make your app more social.

src/base_facebook.php

@@ -120,7 +120,7 @@ abstract class BaseFacebook
   /**
    * Version.
    */
-  const VERSION = '3.2.1';
+  const VERSION = '3.2.2';
 
   /**
    * Signed Request Algorithm.
@@ -367,20 +367,20 @@ public function setExtendedAccessToken() {
       // In any event, we don't have an access token, so say so.
       return false;
     }
-  
+
     if (empty($access_token_response)) {
       return false;
     }
-      
+
     $response_params = array();
     parse_str($access_token_response, $response_params);
-    
+
     if (!isset($response_params['access_token'])) {
       return false;
     }
-    
+
     $this->destroySession();
-    
+
     $this->setPersistentData(
       'access_token', $response_params['access_token']
     );
@@ -439,6 +439,11 @@ protected function getUserAccessToken() {
       // the JS SDK puts a code in with the redirect_uri of ''
       if (array_key_exists('code', $signed_request)) {
         $code = $signed_request['code'];
+        if ($code && $code == $this->getPersistentData('code')) {
+          // short-circuit if the code we have is the same as the one presented
+          return $this->getPersistentData('access_token');
+        }
+
         $access_token = $this->getAccessTokenFromCode($code, '');
         if ($access_token) {
           $this->setPersistentData('code', $code);