Merge pull request #99 from silinternational/feature/handle-absent-csrf-gracefully

Only add the CSRF token to the login form if one was provided

Author: forevermatt

themes/material/core/loginuserpass.php

@@ -54,9 +54,13 @@ function onRecaptchaLoad() {
             <input type="hidden" name="AuthState" value="<?= htmlentities($this->data['stateparams']['AuthState']) ?>" />
 
             <?php
-            $csrfToken = htmlentities($this->data['csrfToken']);
+            if (key_exists('csrfToken', $this->data)) {
+                $csrfToken = htmlentities($this->data['csrfToken']);
+                ?>
+                <input type="hidden" name="csrf-token" value="<?= $csrfToken ?>" />
+                <?php
+            }
             ?>
-            <input type="hidden" name="csrf-token" value="<?= $csrfToken ?>" />
 
             <div class="mdl-card mdl-shadow--8dp fill-phone-viewport">
                 <div class="mdl-card__media white-bg margin" layout-children="column">