From: Matthias Schmidt <gravatronics@live.com>
Date: Sat, 30 Mar 2019 13:18:28 +0000 (+0100)
Subject: Fix validation of security token for Ajax form builder forms
X-Git-Tag: 5.2.0_Alpha_1~176^2~4
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0ca5a5e7298fac0527292b290eefb3c635c5646b;p=GitHub%2FWoltLab%2FWCF.git

Fix validation of security token for Ajax form builder forms

See #2509
---

diff --git a/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php b/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
index 8ef0fb942e..34bca7cd0c 100644
--- a/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
+++ b/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
@@ -626,7 +626,7 @@ class FormDocument implements IFormDocument {
 	 */
 	public function validate() {
 		// check security token
-		if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) {
+		if (!isset($_REQUEST['t']) || !WCF::getSession()->checkSecurityToken($_REQUEST['t'])) {
 			$this->invalid();
 			
 			$this->errorMessage('wcf.global.form.error.securityToken');