backport

diff --git a/include/admin/templates.inc.php b/include/admin/templates.inc.php
index f30b8d0d44bea467b9f5e860cd5178d8939f5ec5..b0cda1adf5381b73f76c6ecabfc85d1f2d68274f 100644 (file)
--- a/include/admin/templates.inc.php
+++ b/include/admin/templates.inc.php
@@ -69,7 +69,7 @@ if (file_exists($serendipity['serendipityPath'] . $serendipity['templatePath'] .
 if (is_array($template_config)) {
     serendipity_plugin_api::hook_event('backend_templates_configuration_top', $template_config);
 
-    if ($serendipity['POST']['adminAction'] == 'configure') {
+    if ($serendipity['POST']['adminAction'] == 'configure' && serendipity_checkFormToken()) {
         foreach($serendipity['POST']['template'] AS $option => $value) {
             template_option::set_config($option, $value);
         }
@@ -77,6 +77,7 @@ if (is_array($template_config)) {
     }
 
     echo '<form method="post" action="serendipity_admin.php">';
+    echo serendipity_setformToken();
     echo '<input type="hidden" name="serendipity[adminModule]" value="templates" />';
     echo '<input type="hidden" name="serendipity[adminAction]" value="configure" />';