* [Security/CSRF] Fixed a medium risk CSRF (cross-site request forger…

…y) vulnerability reported by High-Tech Bridge (HTB23269). We don't have any evidence of this having taken place in the wild, but we were able to reproduce the results with the proof-of-concept in the advisory. A logged in worker could be tricked into visiting a URL that could perform certain actions in their browser session. Cerb now uses the Synchronizer pattern: a session-based token included with every HTML FORM and Ajax request that is compared to the active session. This verifies that such requests are coming from an existing Cerb page rather than an external source. When a potential CSRF attack is detected, the event is now logged in the PHP log as a warning.
wgm · Aug 13, 2015 · 12de87f · 12de87f
1 parent f911b25
commit 12de87f
Show file tree

Hide file tree

Showing 196 changed files with 308 additions and 17 deletions.
diff --git a/features/cerberusweb.core/api/uri/login.php b/features/cerberusweb.core/api/uri/login.php
@@ -304,6 +304,9 @@ private function _processAuthenticated($worker) { /* @var $worker Model_Worker *
 
 		$session->setVisit($visit);
 
+		// Generate a CSRF token for the session
+		$_SESSION['csrf_token'] = CerberusApplication::generatePassword(256);
+
 		if(isset($_SESSION['login_post_url'])) {
 			$redirect_path = explode('/', $_SESSION['login_post_url']);
 

diff --git a/features/cerberusweb.core/templates/configuration/section/acl/edit_role.tpl b/features/cerberusweb.core/templates/configuration/section/acl/edit_role.tpl
@@ -4,6 +4,7 @@
 <input type="hidden" name="action" value="saveRole">
 <input type="hidden" name="id" value="{if !empty($role->id)}{$role->id}{else}0{/if}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 {if $saved}
 <div class="ui-widget">

diff --git a/features/cerberusweb.core/templates/configuration/section/branding/index.tpl b/features/cerberusweb.core/templates/configuration/section/branding/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="branding">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>Settings</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/cache/peek.tpl b/features/cerberusweb.core/templates/configuration/section/cache/peek.tpl
@@ -3,6 +3,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="cache">
 <input type="hidden" name="action" value="saveCachePeek">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 {foreach from=$engines item=engine key=engine_id}
 <fieldset class="peek" style="margin-bottom:0;">

diff --git a/features/cerberusweb.core/templates/configuration/section/license/index.tpl b/features/cerberusweb.core/templates/configuration/section/license/index.tpl
@@ -28,6 +28,7 @@
 <input type="hidden" name="section" value="license">
 <input type="hidden" name="action" value="saveJson">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>Update License</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/localization/index.tpl b/features/cerberusweb.core/templates/configuration/section/localization/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="localization">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>Date &amp; Time</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_failed/peek.tpl b/features/cerberusweb.core/templates/configuration/section/mail_failed/peek.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="savePeekPopup">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>storage/mail/fail/{$filename}:</b>
 <div>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_failed/view.tpl b/features/cerberusweb.core/templates/configuration/section/mail_failed/view.tpl
@@ -28,6 +28,8 @@
 <input type="hidden" name="section" value="mail_failed">
 <input type="hidden" name="action" value="">
 <input type="hidden" name="explore_from" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="5" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_filtering/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_filtering/index.tpl
@@ -11,11 +11,13 @@
 {/foreach}
 
 {if !$has_atleast_one}
-<form action="{devblocks_url}{/devblocks_url}">
+<form action="{devblocks_url}{/devblocks_url}" method="POST">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="mail_filtering">
 <input type="hidden" name="action" value="createDefaultVa">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <div class="help-box" style="padding:5px;border:0;">
 	<h1 style="margin-bottom:5px;text-align:left;">Create a global Virtual Attendant</h1>
 

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_from/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_from/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="mail_from">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <div style="margin-bottom:10px;">
 	<button type="button" onclick="genericAjaxPopup('peek','c=config&a=handleSectionAction&section=mail_from&action=peek&id=0',null,false,'550');"><span class="glyphicons glyphicons-circle-plus" style="color:rgb(0,180,0);"></span> {'common.add'|devblocks_translate|capitalize}</button>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_from/peek.tpl b/features/cerberusweb.core/templates/configuration/section/mail_from/peek.tpl
@@ -4,6 +4,7 @@
 <input type="hidden" name="section" value="mail_from">
 <input type="hidden" name="action" value="savePeek">
 <input type="hidden" name="id" value="{$address->address_id}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset class="peek">
 	<legend>Send worker replies as:</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_html/peek.tpl b/features/cerberusweb.core/templates/configuration/section/mail_html/peek.tpl
@@ -6,6 +6,7 @@
 <input type="hidden" name="view_id" value="{$view_id}">
 {if !empty($model) && !empty($model->id)}<input type="hidden" name="id" value="{$model->id}">{/if}
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <div id="mailTemplateTabs">
 	<ul>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_html/view.tpl b/features/cerberusweb.core/templates/configuration/section/mail_html/view.tpl
@@ -33,6 +33,8 @@
 <input type="hidden" name="section" value="html_template">
 <input type="hidden" name="action" value="">
 <input type="hidden" name="explore_from" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="5" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_import/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_import/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="mail_import">
 <input type="hidden" name="action" value="parseMessageJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>Paste a message source:</b>
 <div>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_incoming/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_incoming/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="mail_incoming">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>{'common.settings'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_relay/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_relay/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="mail_relay">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <p>
 The email relay enables workers to respond to messages from external mail applications (e.g. Gmail, mobile phones, Outlook, etc) instead of always requiring them to use Cerb in the web browser.  

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_routing/index.tpl b/features/cerberusweb.core/templates/configuration/section/mail_routing/index.tpl
@@ -12,6 +12,7 @@
 	<input type="hidden" name="a" value="handleSectionAction">
 	<input type="hidden" name="section" value="mail_routing">
 	<input type="hidden" name="action" value="saveRouting">
+	<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 	<b>Which group should receive any unrouted new mail?</b><br> 
 	<select name="default_group_id">

diff --git a/features/cerberusweb.core/templates/configuration/section/mail_routing/peek.tpl b/features/cerberusweb.core/templates/configuration/section/mail_routing/peek.tpl
@@ -4,6 +4,7 @@
 <input type="hidden" name="section" value="mail_routing">
 <input type="hidden" name="action" value="saveMailRoutingRuleAdd">
 <input type="hidden" name="id" value="{$rule->id}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>Rule Name:</b> (e.g. ProductX Support)<br>
 <input type="text" name="name" value="{$rule->name}" size="45" style="width:95%;"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/plugin_library/download_popup.tpl b/features/cerberusweb.core/templates/configuration/section/plugin_library/download_popup.tpl
@@ -1,12 +1,5 @@
 <form action="{devblocks_url}{/devblocks_url}" method="POST" id="frmCerb6PluginDownload">
-{*
-<input type="hidden" name="c" value="config">
-<input type="hidden" name="a" value="handleSectionAction">
-<input type="hidden" name="section" value="plugin_library">
-<input type="hidden" name="action" value="saveDownloadPopup">
-<input type="hidden" name="plugin_id" value="{$plugin->id}">
-<input type="hidden" name="view_id" value="{$view_id}">
-*}
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>{$plugin->name}</b><br>
 <br>

diff --git a/features/cerberusweb.core/templates/configuration/section/plugin_library/view.tpl b/features/cerberusweb.core/templates/configuration/section/plugin_library/view.tpl
@@ -26,6 +26,8 @@
 <input type="hidden" name="context_id" value="">
 <input type="hidden" name="id" value="{$view->id}">
 <input type="hidden" name="explore_from" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/plugins/popup.tpl b/features/cerberusweb.core/templates/configuration/section/plugins/popup.tpl
@@ -6,6 +6,7 @@
 <input type="hidden" name="plugin_id" value="{$plugin->id}">
 <input type="hidden" name="view_id" value="{$view_id}">
 {if $is_uninstallable}<input type="hidden" name="uninstall" value="0">{/if}
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <div>
 	<b>{'common.status'|devblocks_translate|capitalize}:</b> 

diff --git a/features/cerberusweb.core/templates/configuration/section/plugins/view.tpl b/features/cerberusweb.core/templates/configuration/section/plugins/view.tpl
@@ -26,6 +26,8 @@
 <input type="hidden" name="context_id" value="">
 <input type="hidden" name="id" value="{$view->id}">
 <input type="hidden" name="explore_from" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/settings/index.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/settings/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="saveTabSettings">
 <input type="hidden" name="portal" value="{$instance->code}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>Portal Name:</b> ("Support Portal", "Contact Form", "ProductX FAQ")<br>
 <input type="text" name="portal_name" value="{if !empty($instance->name)}{$instance->name}{else}{$instance->manifest->name}{/if}" size="65"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/add.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/add.tpl
@@ -7,6 +7,7 @@
 		<input type="hidden" name="action" value="saveAddTemplatePeek">
 		<input type="hidden" name="view_id" value="{$view_id}">
 		<input type="hidden" name="portal" value="{$portal}">
+		<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 		<b>Template:</b><br>
 		<select name="template">

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/bulk.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/bulk.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="doTemplatesBulkUpdate">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="ids" value="{$ids}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>{'common.bulk_update.with'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/export.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/export.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="saveExportTemplatesPeek">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="portal" value="{$portal}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>Filename:</b> (.xml)<br>
 <input type="text" name="filename" size="45" value="cerb_portal_templates_{$smarty.const.APP_BUILD}.xml"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/import.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/import.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="saveImportTemplatesPeek">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="portal" value="{$portal}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>Import File:</b> (.xml)<br>
 <input type="file" name="import_file" size="45"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/peek.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/peek.tpl
@@ -6,6 +6,7 @@
 <input type="hidden" name="id" value="{$template->id}">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>{$template->path}:</b><br>
 <textarea name="content" wrap="off" style="height:300px;width:98%;">{$template->content}</textarea><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/view.tpl b/features/cerberusweb.core/templates/configuration/section/portal/tabs/templates/view.tpl
@@ -20,6 +20,8 @@
 <input type="hidden" name="view_id" value="{$view->id}">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/portals/add.tpl b/features/cerberusweb.core/templates/configuration/section/portals/add.tpl
@@ -4,6 +4,7 @@
 	<input type="hidden" name="a" value="handleSectionAction">
 	<input type="hidden" name="section" value="portals">
 	<input type="hidden" name="action" value="saveAddPortalPeek">
+	<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 	<b>Portal Name:</b> ("Support Portal", "Contact Form", "ProductX FAQ")<br>
 	<input type="text" name="name" value="" style="width:98%;" autofocus="true"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/portals/view.tpl b/features/cerberusweb.core/templates/configuration/section/portals/view.tpl
@@ -21,6 +21,8 @@
 <input type="hidden" name="view_id" value="{$view->id}">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/scheduler/job_edit.tpl b/features/cerberusweb.core/templates/configuration/section/scheduler/job_edit.tpl
@@ -14,6 +14,7 @@
 	<input type="hidden" name="section" value="scheduler">
 	<input type="hidden" name="action" value="saveJobJson">
 	<input type="hidden" name="id" value="{$job->manifest->id}">
+	<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 	<label><input type="checkbox" name="enabled" value="1" {if $enabled}checked{/if}> <b>Enabled</b></label>
 

diff --git a/features/cerberusweb.core/templates/configuration/section/search/peek.tpl b/features/cerberusweb.core/templates/configuration/section/search/peek.tpl
@@ -4,6 +4,7 @@
 <input type="hidden" name="section" value="search">
 <input type="hidden" name="action" value="saveSearchSchemaPeek">
 <input type="hidden" name="schema_extension_id" value="{$schema->id}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 {foreach from=$search_engines item=engine key=engine_id}
 <fieldset class="peek">

diff --git a/features/cerberusweb.core/templates/configuration/section/security/index.tpl b/features/cerberusweb.core/templates/configuration/section/security/index.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="a" value="handleSectionAction">
 <input type="hidden" name="section" value="security">
 <input type="hidden" name="action" value="saveJson">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>Remote Administration</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/sessions/bulk.tpl b/features/cerberusweb.core/templates/configuration/section/sessions/bulk.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="doSessionsBulkUpdate">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="ids" value="{$ids}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>{'common.bulk_update.with'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/sessions/view.tpl b/features/cerberusweb.core/templates/configuration/section/sessions/view.tpl
@@ -21,6 +21,8 @@
 <input type="hidden" name="view_id" value="{$view->id}">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="3" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_attachments/bulk.tpl b/features/cerberusweb.core/templates/configuration/section/storage_attachments/bulk.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="doAttachmentsBulkUpdate">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="ids" value="{$ids}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>{'common.bulk_update.with'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_attachments/view.tpl b/features/cerberusweb.core/templates/configuration/section/storage_attachments/view.tpl
@@ -21,6 +21,8 @@
 <input type="hidden" name="view_id" value="{$view->id}">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_content/index.tpl b/features/cerberusweb.core/templates/configuration/section/storage_content/index.tpl
@@ -3,6 +3,7 @@
 <form action="{devblocks_url}{/devblocks_url}" method="POST" style="margin-bottom:5px;">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset>
 	<legend>Database</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_content/peek.tpl b/features/cerberusweb.core/templates/configuration/section/storage_content/peek.tpl
@@ -4,6 +4,7 @@
 <input type="hidden" name="section" value="storage_content">
 <input type="hidden" name="action" value="saveStorageSchemaPeek">
 <input type="hidden" name="ext_id" value="{$schema->manifest->id}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 {$schema->renderConfig()}
 

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_profiles/peek.tpl b/features/cerberusweb.core/templates/configuration/section/storage_profiles/peek.tpl
@@ -14,6 +14,7 @@
 <input type="hidden" name="id" value="{$profile->id}">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <b>{'common.name'|devblocks_translate|capitalize}:</b><br>
 <input type="text" name="name" value="{$profile->name}" style="width:98%;" autofocus="true"><br>

diff --git a/features/cerberusweb.core/templates/configuration/section/storage_profiles/view.tpl b/features/cerberusweb.core/templates/configuration/section/storage_profiles/view.tpl
@@ -19,6 +19,8 @@
 <input type="hidden" name="view_id" value="{$view->id}">
 <input type="hidden" name="c" value="config">
 <input type="hidden" name="a" value="">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
+
 <table cellpadding="1" cellspacing="0" border="0" width="100%" class="worklistBody">
 
 	{* Column Headers *}

diff --git a/features/cerberusweb.core/templates/configuration/section/workers/bulk.tpl b/features/cerberusweb.core/templates/configuration/section/workers/bulk.tpl
@@ -5,6 +5,7 @@
 <input type="hidden" name="action" value="doWorkersBulkUpdate">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="ids" value="{$ids}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset class="peek">
 	<legend>{'common.bulk_update.with'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/configuration/section/workers/peek.tpl b/features/cerberusweb.core/templates/configuration/section/workers/peek.tpl
@@ -6,6 +6,7 @@
 <input type="hidden" name="id" value="{$worker->id}">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="do_delete" value="0">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset class="peek">
 	<legend>{'common.properties'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/contacts/addresses/bulk.tpl b/features/cerberusweb.core/templates/contacts/addresses/bulk.tpl
@@ -3,6 +3,7 @@
 <input type="hidden" name="a" value="doAddressBatchUpdate">
 <input type="hidden" name="view_id" value="{$view_id}">
 <input type="hidden" name="ids" value="{$ids}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset class="peek">
 	<legend>{'common.bulk_update.with'|devblocks_translate|capitalize}</legend>

diff --git a/features/cerberusweb.core/templates/contacts/addresses/peek.tpl b/features/cerberusweb.core/templates/contacts/addresses/peek.tpl
@@ -7,6 +7,7 @@
 <input type="hidden" name="link_context_id" value="{$link_context_id}">
 {/if}
 <input type="hidden" name="view_id" value="{$view_id}">
+<input type="hidden" name="_csrf_token" value="{$session.csrf_token}">
 
 <fieldset class="peek">
 	<legend>{'common.properties'|devblocks_translate}</legend>