Ignore security token for guests
authorAlexander Ebert <ebert@woltlab.com>
Wed, 1 Jul 2015 22:38:00 +0000 (00:38 +0200)
committerAlexander Ebert <ebert@woltlab.com>
Wed, 1 Jul 2015 22:38:00 +0000 (00:38 +0200)
wcfsetup/install/files/lib/action/AbstractSecureAction.class.php

index a0a0b5b37942349a4a5dfc2e3af7758634a55b25..c80afbab54b1a39859d67d2c68ff5e3e37e61b7a 100644 (file)
@@ -21,8 +21,10 @@ abstract class AbstractSecureAction extends AbstractAction {
        public function readParameters() {
                parent::readParameters();
                
-               // check security token
-               $this->checkSecurityToken();
+               // check security token (unless it is a guest)
+               if (WCF::getSession()->userID) {
+                       $this->checkSecurityToken();
+               }
        }
        
        /**