Commit 7e0fd8da authored by Nigel McNie's avatar Nigel McNie Committed by Penny Leach
Browse files

Only check the session key if the user is logged in, otherwise it becomes...

Only check the session key if the user is logged in, otherwise it becomes impossible to submit the login form when the session key is invalid (required for some future changes)
parent ae05c363
...@@ -1024,7 +1024,7 @@ function pieform_validate(Pieform $form, $values) { ...@@ -1024,7 +1024,7 @@ function pieform_validate(Pieform $form, $values) {
if (!isset($values['sesskey'])) { if (!isset($values['sesskey'])) {
throw new UserException('No session key'); throw new UserException('No session key');
} }
if ($USER && $USER->get('sesskey') != $values['sesskey']) { if ($USER && $USER->is_logged_in() && $USER->get('sesskey') != $values['sesskey']) {
throw new UserException('Invalid session key'); throw new UserException('Invalid session key');
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment