X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fusers.php;h=c1de0027fc1659d372f878b325dbca6a0f391678;hb=9e37cca6ce38f289b56374f6984f609360bb1e98;hp=9fde1d93b3f8d457a616aa2fd877a9e76d75ada7;hpb=46c5f7a65a7659a44ae8254c63152074363d3987;p=fa-stable.git

diff --git a/admin/users.php b/admin/users.php
index 9fde1d93..c1de0027 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
 	if (can_process())
@@ -91,7 +91,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
 	delete_user($selected_id);
 	display_notification_centered(_("User has been deleted."));