Index: modules/system/system.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/system/system.module,v
retrieving revision 1.440.2.15
diff -u -F^f -r1.440.2.15 system.module
--- modules/system/system.module	26 Jul 2007 19:16:48 -0000	1.440.2.15
+++ modules/system/system.module	17 Oct 2007 19:52:08 -0000
@@ -2116,12 +2116,12 @@ function system_node_type($op, $info) {
  * Output a confirmation form
  *
  * This function returns a complete form for confirming an action. A link is
- * offered to go back to the item that is being changed in case the user changes
- * his/her mind.
+ * offered to go back to the item that is being changed in case the user 
+ * changes his/her mind.
  *
- * You can check for the existence of $_POST[$name] (where $name
- * is usually 'confirm') to check if the confirmation was successful or
- * use the regular submit model.
+ * If the submit handler for this form is invoked, the user successfully
+ * confirmed the action. You should never directly inspect $_POST to see if an
+ * action was confirmed.
  *
  * @param $form
  *   Additional elements to inject into the form, for example hidden elements.
Index: modules/user/user.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/user/user.module,v
retrieving revision 1.745.2.13
diff -u -F^f -r1.745.2.13 user.module
--- modules/user/user.module	26 Jul 2007 19:16:50 -0000	1.745.2.13
+++ modules/user/user.module	17 Oct 2007 19:52:08 -0000
@@ -1414,16 +1414,11 @@ function user_edit($category = 'account'
     drupal_set_message(t('The account does not exist or has already been deleted.'));
     drupal_goto('admin/user/user');
   }
+
   $edit = $_POST['op'] ? $_POST : (array)$account;
 
   if (arg(2) == 'delete') {
-    if (!empty($edit['confirm'])) {
-      user_delete($edit, $account->uid);
-      drupal_goto('admin/user/user');
-    }
-    else {
-      return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
-    }
+    return drupal_get_form('user_confirm_delete', $account->name, $account->uid);
   }
   else if ($_POST['op'] == t('Delete')) {
     if ($_REQUEST['destination']) {
@@ -1448,13 +1443,20 @@ function user_edit($category = 'account'
 }
 
 function user_confirm_delete($name, $uid) {
-  return confirm_form(array(),
+  $form['uid'] = array('#type' => 'value', '#value' => $uid);
+  return confirm_form($form,
     t('Are you sure you want to delete the account %name?', array('%name' => $name)),
     'user/'. $uid,
     t('All submissions made by this user will be attributed to the anonymous account. This action cannot be undone.'),
     t('Delete'), t('Cancel'));
 }
 
+function user_confirm_delete_submit($form_id, $form_values) {
+  $account = user_load(array('uid' => $form_values['uid']));
+  user_delete((array) $account, $form_values['uid']);
+  return 'admin/user/user';
+}
+
 /**
  * Delete a user.
  *