From aea87c78e17f8e8f817852532e3498577f97f405 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 8 Sep 2007 16:23:00 +0200
Subject: Small fix for CSRF check in config and ACL plugins

darcs-hash:20070908142300-7ad00-ecb0aa5d77f6451b33988e6008e0297bd4425948.gz
---
 lib/plugins/config/admin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/plugins/config/admin.php')

diff --git a/lib/plugins/config/admin.php b/lib/plugins/config/admin.php
index f251eac7d..90b249202 100644
--- a/lib/plugins/config/admin.php
+++ b/lib/plugins/config/admin.php
@@ -58,8 +58,8 @@ class admin_plugin_config extends DokuWiki_Admin_Plugin {
       global $ID;
 
       if (!$this->_restore_session()) return $this->_close_session();
-      if (!checkSecurityToken()) return $this->_close_session();
       if (!isset($_REQUEST['save']) || ($_REQUEST['save'] != 1)) return $this->_close_session();
+      if (!checkSecurityToken()) return $this->_close_session();
 
       if (is_null($this->_config)) { $this->_config = new configuration($this->_file); }
 
-- 
cgit v1.2.3