From 1c8a33f7a9bd6af602b52c716beb91aaa5f1000f Mon Sep 17 00:00:00 2001
From: Flavio Copes <copesc@gmail.com>
Date: Tue, 17 Nov 2015 23:31:58 +0100
Subject: [PATCH] Make sure we don't process the nonce as a Data value

---
 classes/controller.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/classes/controller.php b/classes/controller.php
index 021346c3..967ffbec 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -92,6 +92,7 @@ class AdminController
                     $this->admin->setMessage('Unauthorized', 'error');
                     return false;
                 }
+                unset($this->post['admin-nonce']);
             } else {
                if ($this->task == 'logout') {
                     $nonce = $this->grav['uri']->param('logout-nonce');