CSRF checks added in users editor.

author Janusz Dobrowolski <janusz@frontaccouting.eu>

Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)

committer Janusz Dobrowolski <janusz@frontaccouting.eu>

Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)
author Janusz Dobrowolski <janusz@frontaccouting.eu>
Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)
committer Janusz Dobrowolski <janusz@frontaccouting.eu>
Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)
diff --git a/admin/users.php b/admin/users.php

index 9fde1d93b3f8d457a616aa2fd877a9e76d75ada7..c1de0027fc1659d372f878b325dbca6a0f391678 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
  
  //-------------------------------------------------------------------------------------------------
  
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
  {
  
         if (can_process())
@@ -91,7 +91,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
  
  //-------------------------------------------------------------------------------------------------
  
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
  {
         delete_user($selected_id);
         display_notification_centered(_("User has been deleted."));
author	Janusz Dobrowolski <janusz@frontaccouting.eu>
	Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)
committer	Janusz Dobrowolski <janusz@frontaccouting.eu>
	Wed, 25 May 2011 08:52:49 +0000 (10:52 +0200)