From 0ca5a5e7298fac0527292b290eefb3c635c5646b Mon Sep 17 00:00:00 2001
From: Matthias Schmidt <gravatronics@live.com>
Date: Sat, 30 Mar 2019 14:18:28 +0100
Subject: [PATCH] Fix validation of security token for Ajax form builder forms

See #2509
---
 .../files/lib/system/form/builder/FormDocument.class.php        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php b/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
index 8ef0fb942e..34bca7cd0c 100644
--- a/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
+++ b/wcfsetup/install/files/lib/system/form/builder/FormDocument.class.php
@@ -626,7 +626,7 @@ class FormDocument implements IFormDocument {
 	 */
 	public function validate() {
 		// check security token
-		if (!isset($_POST['t']) || !WCF::getSession()->checkSecurityToken($_POST['t'])) {
+		if (!isset($_REQUEST['t']) || !WCF::getSession()->checkSecurityToken($_REQUEST['t'])) {
 			$this->invalid();
 			
 			$this->errorMessage('wcf.global.form.error.securityToken');
-- 
2.20.1