From eb29d689587682746494866ec4c1f559da6415f8 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Thu, 7 Jan 2016 14:10:58 -0700
Subject: [PATCH 1/2] Safety check for array of nonces

---
 system/src/Grav/Common/Utils.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/system/src/Grav/Common/Utils.php b/system/src/Grav/Common/Utils.php
index 0efa1ba5f..a8eacdeae 100644
--- a/system/src/Grav/Common/Utils.php
+++ b/system/src/Grav/Common/Utils.php
@@ -560,6 +560,11 @@ abstract class Utils
      */
     public static function verifyNonce($nonce, $action)
     {
+        //Safety check for multiple nonces
+        if (is_array($nonce)) {
+            $nonce = array_shift($nonce);
+        }
+
         //Nonce generated 0-12 hours ago
         if ($nonce == self::getNonce($action)) {
             return true;

From eff72b73ab26c2bd3344b81b3682c257db1f61b1 Mon Sep 17 00:00:00 2001
From: Andy Miller <rhuk@mac.com>
Date: Thu, 7 Jan 2016 14:21:48 -0700
Subject: [PATCH 2/2] version update

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 36a9695cc..fdbd2c9e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@
     * Fix for markdown attributes on external URLs
     * Fixed issue where `data:` page header was acting as `publish_date:`
     * Fix for special characters in URL parameters (e.g. /tag:c++) #541
+    * Safety check for an array of nonces to only use the first one
 
 # v1.0.6
 ## 12/22/2015