summaryrefslogtreecommitdiffstats
path: root/admin/users.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin/users.php')
-rw-r--r--admin/users.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/admin/users.php b/admin/users.php
index 2726b740..9e6f138b 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -149,7 +149,11 @@ switch ($_REQUEST['action']) {
require_once Config::get('prefix') . '/templates/show_edit_user.inc.php';
break;
case 'confirm_delete':
- if (Config::get('demo_mode')) { break; }
+ if (Config::get('demo_mode')) { break; }
+ if (!Core::form_verify('delete_user')) {
+ access_denied();
+ exit;
+ }
$client = new User($_REQUEST['user_id']);
if ($client->delete()) {
show_confirmation(_('User Deleted'), sprintf(_('%s has been Deleted'), $client->username), Config::get('web_path'). "/admin/users.php");
@@ -163,7 +167,7 @@ switch ($_REQUEST['action']) {
$client = new User($_REQUEST['user_id']);
show_confirmation(_('Deletion Request'),
sprintf(_('Are you sure you want to permanently delete %s?'), $client->fullname),
- Config::get('web_path')."/admin/users.php?action=confirm_delete&user_id=" . $_REQUEST['user_id'],1);
+ Config::get('web_path')."/admin/users.php?action=confirm_delete&user_id=" . $_REQUEST['user_id'],1,'delete_user');
break;
/* Show IP History for the Specified User */
case 'show_ip_history':
generated by cgit (git 2.34.1) at 2025-08-13 20:08:14 +0000