From e5c2467f717632b47f935a0e59a310de2e2867f3 Mon Sep 17 00:00:00 2001
From: Alexander Ebert <ebert@woltlab.com>
Date: Thu, 2 Jul 2015 00:38:00 +0200
Subject: [PATCH] Ignore security token for guests

---
 .../install/files/lib/action/AbstractSecureAction.class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/wcfsetup/install/files/lib/action/AbstractSecureAction.class.php b/wcfsetup/install/files/lib/action/AbstractSecureAction.class.php
index a0a0b5b379..c80afbab54 100644
--- a/wcfsetup/install/files/lib/action/AbstractSecureAction.class.php
+++ b/wcfsetup/install/files/lib/action/AbstractSecureAction.class.php
@@ -21,8 +21,10 @@ abstract class AbstractSecureAction extends AbstractAction {
 	public function readParameters() {
 		parent::readParameters();
 		
-		// check security token
-		$this->checkSecurityToken();
+		// check security token (unless it is a guest)
+		if (WCF::getSession()->userID) {
+			$this->checkSecurityToken();
+		}
 	}
 	
 	/**
-- 
2.20.1