diff --git a/app/dialplans/dialplan_detail_edit.php b/app/dialplans/dialplan_detail_edit.php
index 80e642b3bb..11294bdbb3 100644
--- a/app/dialplans/dialplan_detail_edit.php
+++ b/app/dialplans/dialplan_detail_edit.php
@@ -77,6 +77,14 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		$dialplan_detail_uuid = $_POST["dialplan_detail_uuid"];
 	}
 
+	//validate the token
+		$token = new token;
+		if (!$token->validate($_SERVER['PHP_SELF'])) {
+			message::add($text['message-invalid_token'],'negative');
+			header('Location: dialplans.php');
+			exit;
+		}
+
 	//check for all required data
 		if (strlen($dialplan_detail_tag) == 0) { $msg .= $text['message-required'].$text['label-tag']."<br>\n"; }
 		if (strlen($dialplan_detail_order) == 0) { $msg .= $text['message-required'].$text['label-order']."<br>\n"; }
@@ -200,6 +208,10 @@ if (count($_POST)>0 && strlen($_POST["persistformvar"]) == 0) {
 		unset($sql, $parameters, $row);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	$document['title'] = $text['title-dialplan_detail'];
@@ -468,6 +480,7 @@ function replace_param(obj){
 	if ($action == "update") {
 		echo "		<input type='hidden' name='dialplan_detail_uuid' value='$dialplan_detail_uuid'>\n";
 	}
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "			<br>";
 	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
diff --git a/app/dialplans/dialplan_edit.php b/app/dialplans/dialplan_edit.php
index f95ef31b0f..db79bb8b13 100644
--- a/app/dialplans/dialplan_edit.php
+++ b/app/dialplans/dialplan_edit.php
@@ -102,6 +102,14 @@
 				$dialplan_uuid = check_str($_POST["dialplan_uuid"]);
 			}
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: dialplans.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($dialplan_name) == 0) { $msg .= $text['message-required'].$text['label-name']."<br>\n"; }
@@ -341,6 +349,10 @@
 			ksort($details);
 		}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 	$document['title'] = $text['title-dialplan_edit'];
@@ -872,6 +884,7 @@
 	if ($action == "update") {
 		echo "	<input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
 	}
+	echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "	<input type='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "</div>\n";
 	echo "<br><br>\n";