Remove CSRF protection from username/password login and from OpenID login.

1 files changed, 0 insertions, 9 deletions

diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php
index 20d6e070c..f3a5c8847 100644
--- a/plugins/OpenID/openidlogin.php
+++ b/plugins/OpenID/openidlogin.php
@@ -42,14 +42,6 @@ class OpenidloginAction extends Action
 
             oid_assert_allowed($openid_url);
 
-            # CSRF protection
-            $token = $this->trimmed('token');
-            if (!$token || $token != common_session_token()) {
-                // TRANS: Message given when there is a problem with the user's session token.
-                $this->showForm(_m('There was a problem with your session token. Try again, please.'), $openid_url);
-                return;
-            }
-
             $rememberme = $this->boolean('rememberme');
 
             common_ensure_session();
@@ -136,7 +128,6 @@ class OpenidloginAction extends Action
         $this->elementStart('fieldset');
         // TRANS: OpenID plugin logon form legend.
         $this->element('legend', null, _m('OpenID login'));
-        $this->hidden('token', common_session_token());
 
         $this->elementStart('ul', 'form_data');
         $this->elementStart('li');