From a312cd08e12daa55015f75d8642a621b2b460723 Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Fri, 19 Jul 2013 14:47:05 +1200
Subject: [PATCH] FIX: Ignore invalid tokens instead of throwing 403

---
 core/startup/ParameterConfirmationToken.php | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/core/startup/ParameterConfirmationToken.php b/core/startup/ParameterConfirmationToken.php
index acebc921c..e0ccf9d87 100644
--- a/core/startup/ParameterConfirmationToken.php
+++ b/core/startup/ParameterConfirmationToken.php
@@ -61,11 +61,8 @@ class ParameterConfirmationToken {
 		// Store the token
 		$this->token = isset($_GET[$parameterName.'token']) ? $_GET[$parameterName.'token'] : null;
 
-		// If a token was provided, but isn't valid, just throw a 403
-		if ($this->token && (!$this->checkToken($this->token))) {
-			header("HTTP/1.0 403 Forbidden", true, 403);
-			die;
-		}
+		// If a token was provided, but isn't valid, ignore it
+		if ($this->token && (!$this->checkToken($this->token))) $this->token = null;
 	}
 
 	public function parameterProvided() {