apply suggestions

Author: michalsn

system/Security/Security.php

@@ -298,20 +298,18 @@ private function removeTokenInRequest(IncomingRequest $request): void
             $json = null;
         }
 
-        if (is_object($json) && property_exists($json, $tokenName)) {
-            unset($json->{$tokenName});
-            $request->setBody(json_encode($json));
+        if (is_object($json)) {
+            if (property_exists($json, $tokenName)) {
+                unset($json->{$tokenName});
+                $request->setBody(json_encode($json));
+            }
 
             return;
         }
 
         // If the token is found in form-encoded data, we can safely remove it.
         parse_str($body, $result);
 
-        if (! array_key_exists($tokenName, $result)) {
-            return;
-        }
-
         unset($result[$tokenName]);
         $request->setBody(http_build_query($result));
     }