From 1ebde074c5bc934da966443802d7333391b75b2b Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Thu, 12 Dec 2013 13:49:10 +0100
Subject: [PATCH] Fixed CSRF protection for new password form

---
 wcfsetup/install/files/lib/form/NewPasswordForm.class.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/wcfsetup/install/files/lib/form/NewPasswordForm.class.php b/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
index ec5fd7289f..47fb3b2683 100644
--- a/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
+++ b/wcfsetup/install/files/lib/form/NewPasswordForm.class.php
@@ -61,6 +61,11 @@ class NewPasswordForm extends AbstractForm {
 		
 		if (isset($_REQUEST['u'])) $this->userID = intval($_REQUEST['u']);
 		if (isset($_REQUEST['k'])) $this->lostPasswordKey = StringUtil::trim($_REQUEST['k']);
+		
+		// disable check for security token for GET requests
+		if ($this->userID || $this->lostPasswordKey) {
+			$_POST['t'] = WCF::getSession()->getSecurityToken();
+		}
 	}
 	
 	/**
-- 
2.20.1