summaryrefslogtreecommitdiff
path: root/lib/plugins/usermanager
diff options
context:
space:
mode:
Diffstat (limited to 'lib/plugins/usermanager')
-rw-r--r--lib/plugins/usermanager/admin.php8
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php
index 4d9288116..b32e8daf6 100644
--- a/lib/plugins/usermanager/admin.php
+++ b/lib/plugins/usermanager/admin.php
@@ -170,6 +170,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
ptln("<p>".sprintf($this->lang['nonefound'],$this->_auth->getUserCount())."</p>");
}
ptln("<form action=\"".wl($ID)."\" method=\"post\">");
+ formSecurityToken();
ptln(" <table class=\"inline\">");
ptln(" <thead>");
ptln(" <tr>");
@@ -268,6 +269,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
}
ptln("<form action=\"".wl($ID)."\" method=\"post\">",$indent);
+ formSecurityToken();
ptln(" <table class=\"inline\">",$indent);
ptln(" <thead>",$indent);
ptln(" <tr><th>".$this->lang["field"]."</th><th>".$this->lang["value"]."</th></tr>",$indent);
@@ -334,7 +336,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
}
function _addUser(){
-
+ if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('addUser')) return false;
list($user,$pass,$name,$mail,$grps) = $this->_retrieveUser();
@@ -362,7 +364,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
* Delete user
*/
function _deleteUser(){
-
+ if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('delUser')) return false;
$selected = $_REQUEST['delete'];
@@ -386,6 +388,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
* Edit user (a user has been selected for editing)
*/
function _editUser($param) {
+ if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('UserMod')) return false;
$user = cleanID(preg_replace('/.*:/','',$param));
@@ -407,6 +410,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin {
* Modify user (modified user data has been recieved)
*/
function _modifyUser(){
+ if (!checkSecurityToken()) return false;
if (!$this->_auth->canDo('UserMod')) return false;
// get currently valid user data
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-31 20:57:48 +0000