Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-05 15:20:59 +01:00
Code Issues Packages Projects Releases Activity

Only check nonce on POST requests

Browse Source
This commit is contained in:
Flavio Copes
2015-11-10 17:53:09 +01:00
parent 21236b2fb9
commit efb63f7873
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
classes/controller.php
View File

@@ -86,9 +86,11 @@ class AdminController
*/
public function execute()
{
if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
if (strtolower($_SERVER['REQUEST_METHOD']) == 'post') {
if (!isset($this->post['admin-nonce']) || !Utils::verifyNonce($this->post['admin-nonce'], 'admin-form')) {
$this->admin->setMessage('Unauthorized', 'error');
return false;
}
}
$success = false;