luci-base: consider empty parameters as well when testing POST requirement

The cbi class will react on an empty "cbi.submit" parameter as well so we
must intercept GET requests using that too.

Fixes 186e690c0 ("luci-base: dispatcher: reject non-POST requests with any cbi.submit value")

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

modules/luci-base/luasrc/dispatcher.lua

@@ -136,8 +136,7 @@ local function require_post_security(target)
 
 				if (type(required_val) == "string" and
 				    request_val ~= required_val) or
-				   (required_val == true and
+				   (required_val == true and request_val == nil)
-				    (request_val == nil or request_val == ""))
 				then
 					return false
 				end