diff --git a/inc/Form/Form.php b/inc/Form/Form.php
index 91e85d72abc9720ecfe97bfe10ef9571ec75d971..92bbd30f4daf73087e4903190b9a2a15cf142d77 100644
--- a/inc/Form/Form.php
+++ b/inc/Form/Form.php
@@ -24,8 +24,9 @@ class Form extends Element {
* Creates a new, empty form with some default attributes
*
* @param array $attributes
+ * @param bool $unsafe if true, then the security token is ommited
*/
- public function __construct($attributes = array()) {
+ public function __construct($attributes = array(), $unsafe = false) {
global $ID;
parent::__construct('form', $attributes);
@@ -49,7 +50,9 @@ class Form extends Element {
}
// add the security token by default
- $this->setHiddenField('sectok', getSecurityToken());
+ if (!$unsafe) {
+ $this->setHiddenField('sectok', getSecurityToken());
+ }
// identify this as a new form based form in HTML
$this->addClass('doku_form');
diff --git a/inc/Ui/Search.php b/inc/Ui/Search.php
index cbbd9755b8b1614f6558b73fd67bdcb52ead1962..0db71d0a6a96f48723d80ae1c2dffc16152d6c92 100644
--- a/inc/Ui/Search.php
+++ b/inc/Ui/Search.php
@@ -65,7 +65,7 @@ class Search extends Ui
{
global $lang, $ID, $INPUT;
- $searchForm = (new Form())->attrs(['method' => 'get'])->addClass('search-results-form');
+ $searchForm = (new Form(['method' => 'get'], true))->addClass('search-results-form');
$searchForm->setHiddenField('do', 'search');
$searchForm->setHiddenField('id', $ID);
$searchForm->setHiddenField('sf', '1');
diff --git a/inc/template.php b/inc/template.php
index 0d46f272a68d6b90622f8f1d5693e430a458f6af..1d0f9199175d3ba9e4d8aa9c10d8ae1f3ad5e670 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -667,7 +667,7 @@ function tpl_searchform($ajax = true, $autocomplete = true) {
'role' => 'search',
'class' => 'search',
'id' => 'dw__search',
- ]);
+ ], true);
$searchForm->addTagOpen('div')->addClass('no');
$searchForm->setHiddenField('do', 'search');
$searchForm->setHiddenField('id', $ID);