From: Janusz Dobrowolski <janusz@frontaccouting.eu>
Date: Wed, 25 May 2011 08:52:49 +0000 (+0200)
Subject: CSRF checks added in users editor.
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=ac6ad217e4e7fdfbb0b511534a5826bbb41a2177;p=textcart.git

CSRF checks added in users editor.
---

diff --git a/admin/users.php b/admin/users.php
index 9fde1d9..c1de002 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
 	if (can_process())
@@ -91,7 +91,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
 	delete_user($selected_id);
 	display_notification_centered(_("User has been deleted."));