From fee959675dd4bb74778bcee7bd5bf80b4c04de8c Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Sat, 13 May 2017 09:32:09 +0000
Subject: [PATCH] Only perform login action on explicit POST (#25653).

Patch by Holger Just.

git-svn-id: http://svn.redmine.org/redmine/trunk@16554 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/account_controller.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 842df6045..fd5c48d59 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -34,12 +34,12 @@ class AccountController < ApplicationController
 
   # Login request and validation
   def login
-    if request.get?
+    if request.post?
+      authenticate_user
+    else
       if User.current.logged?
         redirect_back_or_default home_url, :referer => true
       end
-    else
-      authenticate_user
     end
   rescue AuthSourceException => e
     logger.error "An error occurred when authenticating #{params[:username]}: #{e.message}"