From 4ffb69e5746a3a6ba65260745cbbe478e5462f9e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Sat, 10 Nov 2012 14:00:14 +0000 Subject: [PATCH] Do not append the session id on form method 'get' as it conflicts with other form fields --- inc/expression-functions.php | 2 +- inc/filters.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/inc/expression-functions.php b/inc/expression-functions.php index e70d284bd8..4b64265df5 100644 --- a/inc/expression-functions.php +++ b/inc/expression-functions.php @@ -444,7 +444,7 @@ function doExpressionForm ($data) { if ($value == 'formmethodpost') { // Use it $data['__form_method'] = 'post'; - } elseif (($value == 'formmethodget') && (!isSpider()) && (!isSessionValid())) { + } elseif (($value == 'formmethodpost') && (!isSpider()) && (!isSessionValid())) { // Then expand 'value' with session id if (strpos($data['value'], '?') !== FALSE) { // '?' is set diff --git a/inc/filters.php b/inc/filters.php index 4852a2c12d..e1c892448f 100644 --- a/inc/filters.php +++ b/inc/filters.php @@ -1343,7 +1343,7 @@ function FILTER_REDIRECT_WRONG_SERVER_NAME ($filterData) { // Filter for adding hidden session id function FILTER_ADD_INPUT_HIDDEN_SESSION_ID ($filterData) { // Is a spider detected? - if ((!isSpider()) && (!isSessionValid())) { + if ((!isSpider()) && (!isSessionValid()) && ($filterData['__form_method'] == 'get')) { // No, then add the hidden field $filterData['__replacer'] .= ''; } // END - if -- 2.39.5