From ac6ad217e4e7fdfbb0b511534a5826bbb41a2177 Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccouting.eu>
Date: Wed, 25 May 2011 10:52:49 +0200
Subject: [PATCH] CSRF checks added in users editor.

---
 admin/users.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/admin/users.php b/admin/users.php
index 9fde1d9..c1de002 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -55,7 +55,7 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
 	if (can_process())
@@ -91,7 +91,7 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
 	delete_user($selected_id);
 	display_notification_centered(_("User has been deleted."));
-- 
2.30.2