Refs #3733 Installer was broken because there is not yet a token_auth during installer, disabling csrf protectionif piwik is not installed

2 files changed, 7 insertions, 2 deletions

diff --git a/plugins/LanguagesManager/Controller.php b/plugins/LanguagesManager/Controller.php
index 878393f58d..4553143783 100644
--- a/plugins/LanguagesManager/Controller.php
+++ b/plugins/LanguagesManager/Controller.php
@@ -22,7 +22,11 @@ class Piwik_LanguagesManager_Controller extends Piwik_Controller
 	public function saveLanguage()
 	{
 		$language = Piwik_Common::getRequestVar('language');
-		$this->checkTokenInUrl();
+
+		// Prevent CSRF only when piwik is not installed yet (During install user can change language)
+		if(Piwik::isInstalled()) {
+			$this->checkTokenInUrl();
+		}
 		Piwik_LanguagesManager::setLanguageForSession($language);
 		if(Zend_Registry::isRegistered('access')) {
 			$currentUser = Piwik::getCurrentUserLogin();
diff --git a/plugins/LanguagesManager/templates/languages.tpl b/plugins/LanguagesManager/templates/languages.tpl
index fbf1c618a5..c1c84e8ffa 100644
--- a/plugins/LanguagesManager/templates/languages.tpl
+++ b/plugins/LanguagesManager/templates/languages.tpl
@@ -7,7 +7,8 @@
 			<option value="{$language.code}" {if $language.code == $currentLanguageCode}selected="selected"{/if} title="{$language.name} ({$language.english_name})">{$language.name}</option>
 			{/foreach}
 		</select>
-		<input type="hidden" name="token_auth" value="{$token_auth}"/>
+		{* During installation token_auth is not set *}
+		{if !empty($token_auth)}<input type="hidden" name="token_auth" value="{$token_auth}"/>{/if}
 		<input type="submit" value="go" />
 		</form>
 	</span>