Be more strict on user removal checking array id and also username to avoid removing wrong users when browser back button is used. It should fix #3856

1 files changed, 3 insertions, 1 deletions

diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php
index 6f5ea6f..9dfd814 100644
--- a/usr/local/www/system_usermanager.php
+++ b/usr/local/www/system_usermanager.php
@@ -81,7 +81,7 @@ if (isset($id) && $a_user[$id]) {
 
 if ($_POST['act'] == "deluser") {
 
-	if (!$a_user[$id]) {
+	if (!isset($_POST['username']) || !isset($a_user[$id]) || ($_POST['username'] != $a_user[$id]['name'])) {
 		pfSenseHeader("system_usermanager.php");
 		exit;
 	}
@@ -858,6 +858,7 @@ function sshkeyClicked(obj) {
 				<form action="system_usermanager.php" method="post" name="iform2" id="iform2">
 					<input type="hidden" id="act" name="act" value="" />
 					<input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" />
+					<input type="hidden" id="username" name="username" value="" />
 					<input type="hidden" id="privid" name="privid" value="" />
 					<input type="hidden" id="certid" name="certid" value="" />
 					<table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary="">
@@ -939,6 +940,7 @@ function sshkeyClicked(obj) {
 									<input type="image" name="deluser[]" width="17" height="17" border="0"
 										src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif"
 										onclick="document.getElementById('userid').value='<?=$i;?>';
+											document.getElementById('username').value='<?=$userent['name'];?>';
 											document.getElementById('act').value='<?php echo "deluser";?>';
 											return confirm('<?=gettext("Do you really want to delete this user?");?>');"
 										title="<?=gettext("delete user");?>" />