From: Janusz Dobrowolski <janusz@frontaccouting.eu>
Date: Wed, 25 May 2011 08:52:49 +0000 (+0200)
Subject: CSRF checks added in users editor.
X-Git-Tag: 2.3-final~640
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=74ff3a4755c77af8883fa4f348ddca098ca49888;p=fa-stable.git

CSRF checks added in users editor.
---

diff --git a/admin/users.php b/admin/users.php
index 9fde1d93..c1de0027 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
 	if (can_process())
@@ -91,7 +91,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
 	delete_user($selected_id);
 	display_notification_centered(_("User has been deleted."));