No access; incorrect code. [Update: It was another CSRF from june 2012. They fixed it.]