Skip diagnostic CSRF warning if the user is not logged in

2026-05-04 17:44:38 +09:00 · 2017-03-13 16:41:57 +09:00 · 2017-03-13 16:41:57 +09:00 · df59e541c9
commit df59e541c9
parent 9a34341759
1 changed files with 5 additions and 1 deletions
--- a/common/framework/security.php
+++ b/common/framework/security.php
@ -321,7 +321,11 @@ class Security
 		}
 		else
 		{
-			trigger_error('CSRF token missing in POST request: ' . (\Context::get('act') ?: '(no act)'), \E_USER_WARNING);
+			if (Session::getMemberSrl())
 			{
 				trigger_error('CSRF token missing in POST request: ' . (\Context::get('act') ?: '(no act)'), \E_USER_WARNING);
 			}
 			$referer = strval($referer ?: $_SERVER['HTTP_REFERER']);
 			if ($referer !== '')
 			{