Move isset check of gettoken upto level of $salt !== false. If gettoken is set, the module isn't going to do anything else (and therefore no point seeing if there is a token set, let alone attempting to validate it)
// Die if token required, but not provided (unless there is a gettoken parameter)
$salt = $module->getTokenSalt();
- if ( $salt !== false )
+ if ( $salt !== false && !isset( $moduleParams['gettoken'] ) )
{
- if ( !isset( $moduleParams['token'] ) && !isset( $moduleParams['gettoken'] ) ) {
+ if ( !isset( $moduleParams['token'] ) ) {
$this->dieUsageMsg( array( 'missingparam', 'token' ) );
} else {
global $wgUser;