From 8fe5a577995204bceef966be71cb0b18e35363b0 Mon Sep 17 00:00:00 2001
From: Linty <lintydev@gmail.com>
Date: Fri, 13 Mar 2026 18:18:21 +0100
Subject: [PATCH] fixes #2539 always set pwg_token for API key requests

Simplify pwg_token setup during PWG_API_KEY_REQUEST by unconditionally assigning get_pwg_token() to both $_POST['pwg_token'] and $_GET['pwg_token']. Removes prior isset() checks so the token is always present for API key requests; be aware this will overwrite any existing pwg_token values in request arrays.
---
 include/user.inc.php | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/include/user.inc.php b/include/user.inc.php
index daf835976..a2255954a 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -78,15 +78,7 @@ if (
     define('PWG_API_KEY_REQUEST', true);
 
     // set pwg_token for api_key request
-    if (isset($_POST['pwg_token']))
-    {
-      $_POST['pwg_token'] = get_pwg_token();
-    }
-
-    if (isset($_GET['pwg_token']))
-    {
-      $_GET['pwg_token'] = get_pwg_token();
-    }
+    $_POST['pwg_token'] = $_GET['pwg_token'] = get_pwg_token();
 
     // logger
     global $logger;