/** * If we are trying to edit and no token is set, supply one. * * @param DerivativeContext $context */ private function setEditTokenFromUser(DerivativeContext $context) { $request = $context->getRequest(); // Edits via GET are a security issue and should not succeed. On the other hand, not all // POST requests are edits, but should ignore unused parameters. if (!$request->getCheck('wpEditToken') && $request->wasPosted()) { $request->setVal('wpEditToken', $context->getUser()->getEditToken()); } }