From 239f1f92fe33fe62669cfeef987af6e5a7340efc Mon Sep 17 00:00:00 2001
From: Floorb <132411956+Neetpone@users.noreply.github.com>
Date: Tue, 11 Jul 2023 03:22:14 -0400
Subject: [PATCH] fix: paste_action and user_action CSRF

---
 public/admin/paste_action.php | 2 ++
 public/admin/user_action.php  | 6 +-----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/public/admin/paste_action.php b/public/admin/paste_action.php
index 02c4ece..019b4b2 100644
--- a/public/admin/paste_action.php
+++ b/public/admin/paste_action.php
@@ -19,6 +19,8 @@ if (!$paste) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
+    header('Location: ' . urlForPaste($paste));
+    die();
 }
 
 if (isset($_POST['hide'])) {
diff --git a/public/admin/user_action.php b/public/admin/user_action.php
index 9e126d6..a3cf71e 100644
--- a/public/admin/user_action.php
+++ b/public/admin/user_action.php
@@ -18,11 +18,7 @@ if (!$user) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
-}
-
-$can_administrate = can('administrate', $user);
-
-if (!$can_administrate) {
+} elseif (!can('administrate', $user)) {
     flashError('Error: You do not have permission to administrate this user.');
 } else {
     if (isset($_POST['reset_password'])) {