diff --git a/core/filter_api.php b/core/filter_api.php
index ac6a630ced..bee19cdc0d 100644
--- a/core/filter_api.php
+++ b/core/filter_api.php
@@ -2451,8 +2451,11 @@ function filter_draw_selection_area2( $p_page_number, $p_for_screen = true, $p_e
filter_print_view_type_toggle( $t_url, $t_filter['_view_type'] );
if( access_has_project_level( config_get( 'create_permalink_threshold' ) ) ) {
+ # Add CSRF protection, see #22702
+ $t_permalink_url = urlencode( filter_get_url( $t_filter ) )
+ . form_security_param( 'permalink' );
echo '
';
- echo '';
+ echo '';
echo ' ' . lang_get( 'create_filter_link' );
echo '';
echo '';
diff --git a/permalink_page.php b/permalink_page.php
index 87a9058916..b73ccabf0b 100644
--- a/permalink_page.php
+++ b/permalink_page.php
@@ -36,6 +36,7 @@
require_once( 'core.php' );
require_api( 'access_api.php' );
require_api( 'config_api.php' );
+require_api( 'form_api.php' );
require_api( 'gpc_api.php' );
require_api( 'html_api.php' );
require_api( 'lang_api.php' );
@@ -43,6 +44,8 @@
require_api( 'string_api.php' );
require_api( 'utility_api.php' );
+form_security_validate( 'permalink' );
+
layout_page_header();
layout_page_begin();
@@ -75,4 +78,5 @@
?>