From 61214d63e509bb4ae17f1115e57bd9e60d6515b6 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 18 Jan 2019 13:15:35 +0100
Subject: [PATCH] Fixed CSRF check failure discarding posts.

---
 public/forum/posting.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/public/forum/posting.php b/public/forum/posting.php
index 27c56fc0..8c0270d6 100644
--- a/public/forum/posting.php
+++ b/public/forum/posting.php
@@ -115,6 +115,11 @@ if ($mode === 'edit') {
 $notices = [];
 
 if (!empty($_POST)) {
+    $topicTitle = $_POST['post']['title'] ?? '';
+    $postText = $_POST['post']['text'] ?? '';
+    $postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);
+    $topicType = isset($_POST['post']['type']) ? (int)$_POST['post']['type'] : null;
+
     if (!csrf_verify('forum_post', $_POST['csrf'] ?? '')) {
         $notices[] = 'Could not verify request.';
     } else {
@@ -127,11 +132,9 @@ if (!empty($_POST)) {
         }
 
         if ($isEditingTopic) {
-            $topicTitle = $_POST['post']['title'] ?? '';
             $originalTopicTitle = $topic['topic_title'] ?? null;
             $topicTitleChanged = $topicTitle !== $originalTopicTitle;
             $originalTopicType = (int)($topic['topic_type'] ?? MSZ_TOPIC_TYPE_DISCUSSION);
-            $topicType = isset($_POST['post']['type']) ? (int)$_POST['post']['type'] : null;
             $topicTypeChanged = $topicType !== null && $topicType !== $originalTopicType;
 
             switch (forum_validate_title($topicTitle)) {
@@ -151,9 +154,6 @@ if (!empty($_POST)) {
             }
         }
 
-        $postText = $_POST['post']['text'] ?? '';
-        $postParser = (int)($_POST['post']['parser'] ?? MSZ_PARSER_BBCODE);
-
         if (!parser_is_valid($postParser)) {
             $notices[] = 'Invalid parser selected.';
         }