From efb63f787360a8e9d734801733dc02fa8c4de543 Mon Sep 17 00:00:00 2001
From: Flavio Copes <copesc@gmail.com>
Date: Tue, 10 Nov 2015 17:53:09 +0100
Subject: [PATCH] Only check nonce on POST requests

---
 classes/controller.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/classes/controller.php b/classes/controller.php
index cbb83607..1df85340 100644
--- a/classes/controller.php
+++ b/classes/controller.php
@@ -86,9 +86,11 @@ class AdminController
      */
     public function execute()
     {
-        if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
-            $this->admin->setMessage('Unauthorized', 'error');
-            return false;
+        if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
+            if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
+                $this->admin->setMessage('Unauthorized', 'error');
+                return false;
+            }
         }
 
         $success = false;