diff --git a/libraries/csrf-magic/csrf-magic.php b/libraries/csrf-magic/csrf-magic.php
index 9237a13bd0db09e1364ab5a7f9657dbfffc2a7f0..02919c8735331cd84202262f954ab8eb6a6e10e3 100644
--- a/libraries/csrf-magic/csrf-magic.php
+++ b/libraries/csrf-magic/csrf-magic.php
@@ -233,7 +233,7 @@ function csrf_get_tokens() {
     // any cookies. It may or may not be used, depending on whether or not
     // the cookies "stick"
     $secret = csrf_get_secret();
-    if (!$has_cookies && $secret) {
+    if (!$has_cookies && $secret && isset($_SERVER['IP_ADDRESS'])) {
         // :TODO: Harden this against proxy-spoofing attacks
         $ip = ';ip:' . csrf_hash($_SERVER['IP_ADDRESS']);
     } else {
diff --git a/vtlib/Vtiger/Functions.php b/vtlib/Vtiger/Functions.php
index b2ab241f9fcf836708f75f2248a822ad32bb8464..c3be5245323522655dbd72a9a8f0ca79b6577d0c 100644
--- a/vtlib/Vtiger/Functions.php
+++ b/vtlib/Vtiger/Functions.php
@@ -1473,7 +1473,7 @@ class Vtiger_Functions {
      */
     public static function validateRequestParameters($request) {
         foreach (self::$type as $param => $type) {
-            if ($request[$param] && !self::validateRequestParameter($type, $request[$param])) {
+            if ( isset($request[$param])&& $request[$param] && !self::validateRequestParameter($type, $request[$param])) {
                 http_response_code(400);
                 throw new Exception('Bad Request');
             }