Merge pull request #10688 from MrPetovan/task/10672-contact-module-security-token

Move unsecured GET endpoint handlers before security token check in Module\Contact

src/Module/Contact.php

@@ -365,6 +365,14 @@ class Contact extends BaseModule
 				throw new NotFoundException(DI::l10n()->t('Contact not found'));
 			}
 
+			if ($cmd === 'posts') {
+				return self::getPostsHTML($a, $contact_id);
+			}
+
+			if ($cmd === 'conversations') {
+				return self::getConversationsHMTL($a, $contact_id, $update);
+			}
+
 			self::checkFormSecurityTokenRedirectOnError('contact/' . $contact_id, 'contact_action', 't');
 
 			$cdata = Model\Contact::getPublicAndUserContactID($orig_record['id'], local_user());
@@ -440,12 +448,6 @@ class Contact extends BaseModule
 				DI::baseUrl()->redirect('contact');
 				// NOTREACHED
 			}
-			if ($cmd === 'posts') {
-				return self::getPostsHTML($a, $contact_id);
-			}
-			if ($cmd === 'conversations') {
-				return self::getConversationsHMTL($a, $contact_id, $update);
-			}
 		}
 
 		$_SESSION['return_path'] = DI::args()->getQueryString();