Merge pull request #78 from tijsverkoyen/check-token-correctly

Check token correctly
forkcms · Dec 17, 2020 · e86d149 · e86d149
2 parents f7439a4 + 68eb811
commit e86d149
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/spoon/form/form.php b/spoon/form/form.php
@@ -1140,10 +1140,17 @@ public function validate()
 		$errors = [];
 
 		// if we use tokens, we validate them here
-		if($this->getUseToken())
+		if($this->getUseToken() && $this->isSubmitted())
 		{
-			if ($this->getMethod() === 'get' && !isset($_GET['form_token'])
-				|| $this->getMethod() === 'post' && !isset($_POST['form_token'])) {
+			$submittedToken = '';
+			if ($this->getMethod() === 'get' && isset($_GET['form_token'])) {
+				$submittedToken = (string) $_GET['form_token'];
+			}
+			if ($this->getMethod() === 'post' && isset($_POST['form_token'])) {
+				$submittedToken = (string) $_POST['form_token'];
+			}
+
+			if ($submittedToken === '') {
 				$errors[] = $this->tokenError;
 			}
 
@@ -1155,10 +1162,6 @@ public function validate()
 			// token was found
 			else
 			{
-				// get the submitted token
-				$submittedToken = $this->getField('form_token')->getValue();
-
-				// compare tokens
 				if($submittedToken != $this->getTokenFromSession()) $errors[] = $this->tokenError;
 			}
 		}