docs and function for _services_sessions_authenticate_call() disagree [#2022483]

/**
 * Authenticates a call using Drupal's built in sessions
 *
 * @return void
 */
function _services_sessions_authenticate_call() {
  global $user;
  $original_user = services_get_server_info('original_user');

  if ($original_user->uid != 0) {
    $non_safe_method_called = !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
    $csrf_token_invalid = !isset($_SERVER['HTTP_X_CSRF_TOKEN']) || !drupal_valid_token($_SERVER['HTTP_X_CSRF_TOKEN'], 'services');
    if ($non_safe_method_called && $csrf_token_invalid) {
      return t('CSRF validation failed');
    }
  }

@return void, but the function clearly seems to return a validation error message.