fix: paste_action and user_action CSRF

public/admin/paste_action.php

@@ -19,6 +19,8 @@ if (!$paste) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
+    header('Location: ' . urlForPaste($paste));
+    die();
 }
 
 if (isset($_POST['hide'])) {

public/admin/user_action.php

@@ -18,11 +18,7 @@ if (!$user) {
 
 if (!verifyCsrfToken()) {
     flashError('Invalid CSRF token (do you have cookies enabled?)');
-}
+} elseif (!can('administrate', $user)) {
-
-$can_administrate = can('administrate', $user);
-
-if (!$can_administrate) {
     flashError('Error: You do not have permission to administrate this user.');
 } else {
     if (isset($_POST['reset_password'])) {