diff --git a/phpBB/privmsg.php b/phpBB/privmsg.php
index d6688e3a53..3d958081c4 100644
--- a/phpBB/privmsg.php
+++ b/phpBB/privmsg.php
@@ -668,6 +668,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
{
$s_hidden_fields = '';
$s_hidden_fields .= ( isset($HTTP_POST_VARS['delete']) ) ? '' : '';
+ $s_hidden_fields .= '';
for($i = 0; $i < count($mark_list); $i++)
{
@@ -698,7 +699,7 @@ else if ( ( $delete && $mark_list ) || $delete_all )
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
- else if ( $confirm )
+ else if ($confirm && $_POST['sid'] === $userdata['session_id'])
{
$delete_sql_id = '';