Merge branch 'develop' of github.com:xpressengine/xe-core into develop

classes/module/ModuleHandler.class.php

@@ -410,8 +410,8 @@ class ModuleHandler extends Handler
 
 		$logged_info = Context::get('logged_info');
 
-		// check CSRF for admin actions
-		if(Context::getRequestMethod() === 'POST' && Context::isInstalled() && !checkCSRF()) {
+		// check CSRF for POST actions
+		if(Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) {
 			$this->error = 'msg_invalid_request';
 			$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
 			$oMessageObject->setError(-1);

modules/member/conf/module.xml

@@ -62,8 +62,8 @@
 		<action name="procMemberSaveDocument" type="controller" standalone="true" />
 		<action name="procMemberDeleteSavedDocument" type="controller" standalone="true" />
 
-		<action name="procMemberFindAccount" type="controller" ruleset="findAccount" standalone="true" />
-		<action name="procMemberFindAccountByQuestion" type="controller" standalone="true" />
+		<action name="procMemberFindAccount" type="controller" method="GET|POST" ruleset="findAccount" standalone="true" />
+		<action name="procMemberFindAccountByQuestion" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberAuthAccount" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberAuthEmailAddress" type="controller" method="GET|POST" standalone="true" />
 		<action name="procMemberResendAuthMail" type="controller" ruleset="resendAuthMail" standalone="true" />