Move unsecured GET endpoint handlers before security token check in Module\Contact

diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index bcdebf28d135f829e042c16ad5c7529928e36517..2b17deab40df98e1887be7e381cd2455d10a1cd4 100644 (file)
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -365,6 +365,14 @@ class Contact extends BaseModule
                                throw new NotFoundException(DI::l10n()->t('Contact not found'));
                        }
 
+                       if ($cmd === 'posts') {
+                               return self::getPostsHTML($a, $contact_id);
+                       }
+
+                       if ($cmd === 'conversations') {
+                               return self::getConversationsHMTL($a, $contact_id, $update);
+                       }
+
                        self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
 
                        $cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
@@ -440,12 +448,6 @@ class Contact extends BaseModule
                                DI::baseUrl()->redirect('contact');
                                // NOTREACHED
                        }
-                       if ($cmd === 'posts') {
-                               return self::getPostsHTML($a, $contact_id);
-                       }
-                       if ($cmd === 'conversations') {
-                               return self::getConversationsHMTL($a, $contact_id, $update);
-                       }
                }
 
                $_SESSION['return_path'] = DI::args()->getQueryString();