From aea87c78e17f8e8f817852532e3498577f97f405 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 8 Sep 2007 16:23:00 +0200
Subject: Small fix for CSRF check in config and ACL plugins

darcs-hash:20070908142300-7ad00-ecb0aa5d77f6451b33988e6008e0297bd4425948.gz
---
 lib/plugins/acl/admin.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'lib/plugins/acl/admin.php')

diff --git a/lib/plugins/acl/admin.php b/lib/plugins/acl/admin.php
index dd50bfb39..190ead761 100644
--- a/lib/plugins/acl/admin.php
+++ b/lib/plugins/acl/admin.php
@@ -79,12 +79,12 @@ class admin_plugin_acl extends DokuWiki_Admin_Plugin {
       $perm  = (int) $perm;
       if($perm > AUTH_DELETE) $perm = AUTH_DELETE;
 
-      // check token
-      if(!checkSecurityToken()) return;
-
       //nothing to do?
       if(empty($cmd) || empty($scope) || empty($user)) return;
 
+      // check token
+      if(!checkSecurityToken()) return;
+
 
       if($cmd == 'save'){
         $this->admin_acl_del($scope, $user);
-- 
cgit v1.2.3