case 'update':
-check_admin_referer();
+check_admin_referer('update-user_' . $user_id);
$errors = array();
$errors = edit_user($user_id);
if(count($errors) == 0) {
- header("Location: user-edit.php?user_id=$user_id&updated=true");
+ wp_redirect("user-edit.php?user_id=$user_id&updated=true");
exit;
}
<h2><?php _e('Edit User'); ?></h2>
<form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />