Applying security fix

http://docs.orchardproject.net/Documentation/Patch-20150519

src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs

@@ -293,6 +293,7 @@ namespace Orchard.Users.Controllers {
             return RedirectToAction("Index");
         }
 
+        [HttpPost]
         public ActionResult SendChallengeEmail(int id) {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
                 return new HttpUnauthorizedResult();
@@ -313,7 +314,9 @@ namespace Orchard.Users.Controllers {
             return RedirectToAction("Index");
         }
 
-        public ActionResult Approve(int id) {
+        [HttpPost]
+        public ActionResult Approve(int id)
+        {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
                 return new HttpUnauthorizedResult();
 
@@ -330,7 +333,9 @@ namespace Orchard.Users.Controllers {
             return RedirectToAction("Index");
         }
 
-        public ActionResult Moderate(int id) {
+        [HttpPost]
+        public ActionResult Moderate(int id)
+        {
             if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users")))
                 return new HttpUnauthorizedResult();
 

src/Orchard.Web/Modules/Orchard.Users/Views/Admin/Index.cshtml

@@ -71,12 +71,12 @@
                     @Html.ActionLink(T("Edit").ToString(), "Edit", new { entry.User.Id }) |
                     @Html.ActionLink(T("Delete").ToString(), "Delete", new { entry.User.Id}, new { itemprop = "RemoveUrl UnsafeUrl" }) |
                     @if (entry.User.RegistrationStatus == UserStatus.Pending) {
-                        @Html.ActionLink(T("Approve").ToString(), "Approve", new { entry.User.Id })
+                        @Html.ActionLink(T("Approve").ToString(), "Approve", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
                     } else {
-                        @Html.ActionLink(T("Disable").ToString(), "Moderate", new { entry.User.Id })
+                        @Html.ActionLink(T("Disable").ToString(), "Moderate", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
                     }
                     @if (entry.User.EmailStatus == UserStatus.Pending) { <text>|</text>
-                        @Html.ActionLink(T("Send challenge E-mail").ToString(), "SendChallengeEmail", new { entry.User.Id })
+                        @Html.ActionLink(T("Send challenge E-mail").ToString(), "SendChallengeEmail", new { entry.User.Id }, new { itemprop = "UnsafeUrl" })
                     } 
                 </td>
             </tr>