diff --git a/app/extensions/extension_edit.php b/app/extensions/extension_edit.php
index 89b31d729f..6dbc1f3343 100644
--- a/app/extensions/extension_edit.php
+++ b/app/extensions/extension_edit.php
@@ -185,6 +185,14 @@
//set the domain_uuid
$domain_uuid = permission_exists('extension_domain') ? $_POST["domain_uuid"] : $_SESSION['domain_uuid'];
+ //validate the token
+ $token = new token;
+ if (!$token->validate($_SERVER['PHP_SELF'])) {
+ message::add($text['message-invalid_token'],'negative');
+ header('Location: extensions.php');
+ exit;
+ }
+
//check for all required data
$msg = '';
if (strlen($extension) == 0) { $msg .= $text['message-required'].$text['label-extension']."
\n"; }
@@ -811,6 +819,10 @@
if (strlen($call_timeout) == 0) { $call_timeout = '30'; }
if (strlen($call_screen_enabled) == 0) { $call_screen_enabled = 'false'; }
+//create token
+ $object = new token;
+ $token = $object->create($_SERVER['PHP_SELF']);
+
//begin the page content
require_once "resources/header.php";
if ($action == "update") {
@@ -1943,6 +1955,7 @@
echo " ";
echo " ";
}
+ echo " \n";
echo "
";
echo " \n";
echo " \n";