diff --git a/public/admin/paste_action.php b/public/admin/paste_action.php
index 02c4ece..019b4b2 100644
--- a/public/admin/paste_action.php
+++ b/public/admin/paste_action.php
@@ -19,6 +19,8 @@ if (!$paste) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
+    header('Location: ' . urlForPaste($paste));
+    die();
 }
 
 if (isset($_POST['hide'])) {
diff --git a/public/admin/user_action.php b/public/admin/user_action.php
index 9e126d6..a3cf71e 100644
--- a/public/admin/user_action.php
+++ b/public/admin/user_action.php
@@ -18,11 +18,7 @@ if (!$user) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
-}
-
-$can_administrate = can('administrate', $user);
-
-if (!$can_administrate) {
+} elseif (!can('administrate', $user)) {
     flashError('Error: You do not have permission to administrate this user.');
 } else {
     if (isset($_POST['reset_password'])) {