From 9b38abc32ce569eab96ae41e82de298eb80d2b88 Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Mon, 24 Aug 2020 12:02:24 -0400
Subject: [PATCH] Re-allow anonymous use of CSRF tokens

---
 src/BaseModule.php | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/src/BaseModule.php b/src/BaseModule.php
index a9f67f2375..c1f35533be 100644
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -140,11 +140,7 @@ abstract class BaseModule
 			return false;
 		}
 
-		if (empty($a->user)) {
-			return false;
-		}
-
-		$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
+		$sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $x[0] . $typename);
 
 		return ($sec_hash == $x[1]);
 	}