From 8b450be09bacada8e4ae96079065783bbdacdf5b Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Fri, 10 Sep 2021 12:05:43 -0400
Subject: [PATCH] Move unsecured GET endpoint handlers before security token
 check in Module\Contact

---
 src/Module/Contact.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/Module/Contact.php b/src/Module/Contact.php
index bcdebf28d1..2b17deab40 100644
--- a/src/Module/Contact.php
+++ b/src/Module/Contact.php
@@ -365,6 +365,14 @@ class Contact extends BaseModule
 				throw new NotFoundException(DI::l10n()->t('Contact not found'));
 			}
 
+			if ($cmd === 'posts') {
+				return self::getPostsHTML($a, $contact_id);
+			}
+
+			if ($cmd === 'conversations') {
+				return self::getConversationsHMTL($a, $contact_id, $update);
+			}
+
 			self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
 
 			$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
@@ -440,12 +448,6 @@ class Contact extends BaseModule
 				DI::baseUrl()->redirect('contact');
 				// NOTREACHED
 			}
-			if ($cmd === 'posts') {
-				return self::getPostsHTML($a, $contact_id);
-			}
-			if ($cmd === 'conversations') {
-				return self::getConversationsHMTL($a, $contact_id, $update);
-			}
 		}
 
 		$_SESSION['return_path'] = DI::args()->getQueryString();