Fix validation of security token for Ajax form builder forms
authorMatthias Schmidt <gravatronics@live.com>
Sat, 30 Mar 2019 13:18:28 +0000 (14:18 +0100)
committerMatthias Schmidt <gravatronics@live.com>
Sat, 30 Mar 2019 13:18:28 +0000 (14:18 +0100)
See #2509

wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php

index 8ef0fb942e32fb5dbd66dee17673e7dc4519cbbc..34bca7cd0c3b5ad25fb34c251b401eb6c7bf1e42 100644 (file)
@@ -626,7 +626,7 @@ class FormDocument implements IFormDocument {
         */
        public function validate() {
                // check security token
-               if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) {
+               if (!isset($_REQUEST['t']) || !WCF::getSession()->checkSecurityToken($_REQUEST['t'])) {
                        $this->invalid();
                        
                        $this->errorMessage('wcf.global.form.error.securityToken');