From bac96528fcfcfa6eb80228db29294cdc492c1831 Mon Sep 17 00:00:00 2001
From: Cameron <e107inc@gmail.com>
Date: Mon, 16 Jul 2018 12:39:32 -0700
Subject: [PATCH] Token fix.

---
 e107_admin/users.php       | 9 +++++++--
 e107_handlers/admin_ui.php | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/e107_admin/users.php b/e107_admin/users.php
index a93490e7e2..bfa82ed1f8 100644
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@@ -10,6 +10,11 @@
 *
 */
 
+if(!empty($_POST) && !isset($_POST['e-token']))
+{
+	$_POST['e-token'] = ''; // make sure e-token hasn't been deliberately removed.
+}
+
 if (!defined('e107_INIT'))
 {
 	require_once("../class2.php");
@@ -149,7 +154,7 @@ public function runObservers($run_header = true)
 				case 'deluser':
 					if($_POST['userid'])
 					{
-						$id = $_POST['userid'];
+						$id = (int) $_POST['userid'];
 						$_POST['etrigger_delete'] = array($id => $id);
 						$user = e107::getDb()->retrieve('user', 'user_email, user_name', 'user_id='.$id);
 						$rplc_from = array('[x]', '[y]', '[z]');
@@ -960,7 +965,7 @@ public function AdminPage()
 		$response->appendBody($frm->open('adminperms'))
 			->appendBody($prm->renderPermTable('grouped', $sysuser->getValue('perms')))
 			->appendBody($prm->renderCheckAllButtons())
-			->appendBody($prm->renderSubmitButtons())
+			->appendBody($prm->renderSubmitButtons().$frm->token())
 			->appendBody($frm->close());
 		
 		$this->addTitle(str_replace(array('[x]', '[y]'), array($sysuser->getName(), $sysuser->getValue('email')), USRLAN_230));
diff --git a/e107_handlers/admin_ui.php b/e107_handlers/admin_ui.php
index 2f743f2261..fe2408bdcb 100755
--- a/e107_handlers/admin_ui.php
+++ b/e107_handlers/admin_ui.php
@@ -6682,7 +6682,7 @@ public function getConfirmDelete($ids, $ajax = false)
 			'table_rows' => '', // rows array (<td> tags)
 			'table_body' => '', // string body - used only if rows empty
 			'pre_triggers' => '',
-			'triggers' => array('hidden' => $this->hidden('etrigger_delete['.$ids.']', $ids), 'delete_confirm' => array(LAN_CONFDELETE, 'confirm', $ids), 'cancel' => array(LAN_CANCEL, 'cancel')),
+			'triggers' => array('hidden' => $this->hidden('etrigger_delete['.$ids.']', $ids) . $this->token(), 'delete_confirm' => array(LAN_CONFDELETE, 'confirm', $ids), 'cancel' => array(LAN_CANCEL, 'cancel')),
 		);
 		if($delcount > 1)
 		{