From 1a1d28a8af2fecd016ff46cd7361ce9adc3d9d14 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Sat, 7 Oct 2017 09:58:05 +0200
Subject: [PATCH] allow to set token if not yet done

---
 lam/lib/security.inc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lam/lib/security.inc b/lam/lib/security.inc
index 247ab3aa..0aff6d63 100644
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@@ -514,8 +514,13 @@ function getClientIPForLogging() {
 
 /**
  * Adds a security token to the session to prevent CSRF attacks.
+ *
+ * @param boolean $overwrite overwrite existing token
  */
-function addSecurityTokenToSession() {
+function addSecurityTokenToSession($overwrite = true) {
+	if (!empty($_SESSION[getSecurityTokenName()]) && !$overwrite) {
+		return;
+	}
 	$_SESSION[getSecurityTokenName()] = getRandomNumber();
 }