Fixed CSRF protection for new password form

diff --git a/wcfsetup/install/files/lib/form/NewPasswordForm.class.php b/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
index ec5fd7289ff33a02e748491db3fac516d8837857..47fb3b2683adac977ef851f7dbdf47ff5a3379d2 100644 (file)
--- a/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
+++ b/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
@@ -61,6 +61,11 @@ class NewPasswordForm extends AbstractForm {
                
                if (isset($_REQUEST['u'])) $this->userID = intval($_REQUEST['u']);
                if (isset($_REQUEST['k'])) $this->lostPasswordKey = StringUtil::trim($_REQUEST['k']);
+               
+               // disable check for security token for GET requests
+               if ($this->userID || $this->lostPasswordKey) {
+                       $_POST['t'] = WCF::getSession()->getSecurityToken();
+               }
        }
        
        /**