diff --git a/app/destinations/app_languages.php b/app/destinations/app_languages.php
index df70380356..5f99482d3a 100644
--- a/app/destinations/app_languages.php
+++ b/app/destinations/app_languages.php
@@ -61,6 +61,26 @@ $text['title-destination-add']['ru-ru'] = "Направление";
 $text['title-destination-add']['sv-se'] = "Destination";
 $text['title-destination-add']['uk-ua'] = "Номер";
 
+$text['title-destination_import']['en-us'] = "Destination Import";
+$text['title-destination_import']['ar-eg'] = "";
+$text['title-destination_import']['de-at'] = "Importieren"; //copied from de-de
+$text['title-destination_import']['de-ch'] = "Importieren"; //copied from de-de
+$text['title-destination_import']['de-de'] = "Importieren";
+$text['title-destination_import']['es-cl'] = "Importar";
+$text['title-destination_import']['es-mx'] = "Importar"; //copied from es-cl
+$text['title-destination_import']['fr-ca'] = "Importe"; //copied from fr-fr
+$text['title-destination_import']['fr-fr'] = "Importe";
+$text['title-destination_import']['he-il'] = "";
+$text['title-destination_import']['it-it'] = "";
+$text['title-destination_import']['nl-nl'] = "Importeer Bestemmingen";
+$text['title-destination_import']['pl-pl'] = "Importuj";
+$text['title-destination_import']['pt-br'] = "Importar"; //copied from pt-pt
+$text['title-destination_import']['pt-pt'] = "Importar";
+$text['title-destination_import']['ro-ro'] = "";
+$text['title-destination_import']['ru-ru'] = "Импорт";
+$text['title-destination_import']['sv-se'] = "Importera";
+$text['title-destination_import']['uk-ua'] = "Імпортувати";
+
 $text['button-outbound']['en-us'] = "Outbound";
 $text['button-outbound']['ar-eg'] = "صادر";
 $text['button-outbound']['de-at'] = "Ausgehend"; //copied from de-de
@@ -781,7 +801,7 @@ $text['header-destination-add']['ru-ru'] = "Направление";
 $text['header-destination-add']['sv-se'] = "Destination";
 $text['header-destination-add']['uk-ua'] = "Номер";
 
-$text['header-destination_import']['en-us'] = "Import Destinations";
+$text['header-destination_import']['en-us'] = "Destination Import";
 $text['header-destination_import']['ar-eg'] = "";
 $text['header-destination_import']['de-at'] = "Importieren"; //copied from de-de
 $text['header-destination_import']['de-ch'] = "Importieren"; //copied from de-de
diff --git a/app/destinations/destination_edit.php b/app/destinations/destination_edit.php
index 87aebe888b..32ddc493bc 100644
--- a/app/destinations/destination_edit.php
+++ b/app/destinations/destination_edit.php
@@ -697,10 +697,10 @@
 			if ($action == "update") {
 				message::add($text['message-update']);
 			}
-			header("Location: destination_edit.php?id=".escape($destination_uuid)."&type=".$destination_type);
+			header("Location: destination_edit.php?id=".urlencode($destination_uuid)."&type=".urlencode($destination_type));
 			return;
 
-	} //(count($_POST) > 0 && strlen($_POST["persistformvar"]) == 0)
+	}
 
 //initialize the destinations object
 	$destination = new destinations;
@@ -773,7 +773,7 @@
 	unset($limit);
 
 //remove previous fax details
-	$x=0;
+	$x = 0;
 	foreach($dialplan_details as $row) {
 		if ($row['dialplan_detail_data'] == "tone_detect_hits=1") {
 			unset($dialplan_details[$x]);
@@ -807,14 +807,14 @@
 	$object = new token;
 	$token = $object->create($_SERVER['PHP_SELF']);
 
-//show the header
-	require_once "resources/header.php";
+//include the header
 	if ($action == "update") {
 		$document['title'] = $text['title-destination-edit'];
 	}
 	else if ($action == "add") {
 		$document['title'] = $text['title-destination-add'];
 	}
+	require_once "resources/header.php";
 
 //js controls
 	echo "<script type='text/javascript'>\n";
@@ -853,14 +853,14 @@
 	//echo "			if (document.getElementById('tr_buy')) { document.getElementById('tr_buy').style.display = 'none'; }\n";
 	//echo "			if (document.getElementById('tr_carrier')) { document.getElementById('tr_carrier').style.display = 'none'; }\n";
 	//echo "			document.getElementById('tr_account_code').style.display = '';\n";
-//	echo "			document.getElementById('destination_context').value = '".$destination_context."'";
+	//echo "			document.getElementById('destination_context').value = '".$destination_context."'";
 	//echo "		}\n";
 	echo "		";
 	echo "	}\n";
 	echo "	\n";
 	echo "	function context_control() {\n";
 	echo "		destination_type = document.getElementById('destination_type');\n";
-	echo" 		destination_domain = document.getElementById('destination_domain');\n";
+	echo " 		destination_domain = document.getElementById('destination_domain');\n";
 	echo "		if (destination_type.options[destination_type.selectedIndex].value == 'outbound') {\n";
 	echo "			if (destination_domain.options[destination_domain.selectedIndex].value != '') {\n";
 	echo "				document.getElementById('destination_context').value = destination_domain.options[destination_domain.selectedIndex].innerHTML;\n";
@@ -873,31 +873,34 @@
 	echo "</script>\n";
 
 //show the content
-	echo "<form method='post' name='frm' action=''>\n";
-	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	echo "<tr>\n";
+	echo "<form method='post' name='frm'>\n";
+
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<div class='heading'>";
 	if ($action == "add") {
-		echo "<td align='left' width='30%' nowrap='nowrap' valign='top'><b>".$text['header-destination-add']."</b></td>\n";
+		echo "<b>".$text['header-destination-add']."</b>";
 	}
 	if ($action == "update") {
-		echo "<td align='left' width='30%' nowrap='nowrap' valign='top'><b>".$text['header-destination-edit']."</b></td>\n";
+		echo "<b>".$text['header-destination-edit']."</b>";
 	}
-	echo "<td width='70%' align='right' valign='top'>";
-	echo "	<input type='button' class='btn' alt='".$text['button-back']."' onclick=\"window.location='destinations.php?type=".escape($destination_type)."'\" value='".$text['button-back']."'>";
-	echo "	<input type='submit' class='btn' value='".$text['button-save']."'>\n";
-	echo "</td>\n";
-	echo "</tr>\n";
-	echo "<tr>\n";
-	echo "<td align='left' colspan='2'>\n";
-	echo $text['description-destinations']."<br /><br />\n";
-	echo "</td>\n";
-	echo "</tr>\n";
+	echo 	"</div>\n";
+	echo "	<div class='actions'>\n";
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'destinations.php?type='.urlencode($destination_type)]);
+	echo button::create(['type'=>'submit','label'=>$text['button-save'],'icon'=>$_SESSION['theme']['button_icon_save']]);
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
+	echo "</div>\n";
+
+	echo $text['description-destinations']."\n";
+	echo "<br /><br />\n";
+
+	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "	".$text['label-destination_type']."\n";
 	echo "</td>\n";
-	echo "<td class='vtable' align='left'>\n";
+	echo "<td width='70%' class='vtable' align='left'>\n";
 	echo "	<select class='formfld' name='destination_type' id='destination_type' onchange='type_control(this.options[this.selectedIndex].value);context_control();'>\n";
 	switch ($destination_type) {
 		case "inbound" :	$selected[0] = "selected='selected'";	break;
@@ -1190,20 +1193,17 @@
 	echo $text['description-destination_description']."\n";
 	echo "</td>\n";
 	echo "</tr>\n";
-	echo "	<tr>\n";
-	echo "		<td colspan='2' align='right'>\n";
-	if ($action == "update") {
-		echo "		<input type='hidden' name='db_destination_number' value='".escape($destination_number)."'>\n";
-		echo "		<input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
-		echo "		<input type='hidden' name='destination_uuid' value='".escape($destination_uuid)."'>\n";
-	}
-	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
-	echo "			<br>";
-	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>\n";
-	echo "		</td>\n";
-	echo "	</tr>";
+
 	echo "</table>";
 	echo "<br><br>";
+
+	if ($action == "update") {
+		echo "<input type='hidden' name='db_destination_number' value='".escape($destination_number)."'>\n";
+		echo "<input type='hidden' name='dialplan_uuid' value='".escape($dialplan_uuid)."'>\n";
+		echo "<input type='hidden' name='destination_uuid' value='".escape($destination_uuid)."'>\n";
+	}
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+
 	echo "</form>";
 
 //adjust form if outbound destination
@@ -1214,4 +1214,4 @@
 //include the footer
 	require_once "resources/footer.php";
 
-?>
+?>
\ No newline at end of file
diff --git a/app/destinations/destination_imports.php b/app/destinations/destination_imports.php
index 3c0c9a3665..f400553a8d 100644
--- a/app/destinations/destination_imports.php
+++ b/app/destinations/destination_imports.php
@@ -17,7 +17,7 @@
 
 	The Initial Developer of the Original Code is
 	Mark J Crane <markjcrane@fusionpbx.com>
-	Portions created by the Initial Developer are Copyright (C) 2018 - 2019
+	Portions created by the Initial Developer are Copyright (C) 2018-2019
 	the Initial Developer. All Rights Reserved.
 
 	Contributor(s):
@@ -25,7 +25,7 @@
 */
 
 //includes
-	include "root.php";
+	require_once "root.php";
 	require_once "resources/require.php";
 	require_once "resources/check_auth.php";
 
@@ -147,8 +147,13 @@
 //upload the destination csv
 	if (file_exists($_SESSION['file']) && $action == 'add') {
 
-		//form to match the fields to the column names
-			//require_once "resources/header.php";
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: destination_imports.php');
+				exit;
+			}
 
 		//user selected fields
 			$fields = $_POST['fields'];
@@ -444,68 +449,24 @@
 						$message = $database->message;
 					}
 
-				//send the redirect header
-					header("Location: destinations.php?type=".$destination_type);
-					return;
 			}
 
-		//show the header
-			require_once "resources/header.php";
-			echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-			echo "<tr>\n";
-			echo "<td align='left' width='30%' nowrap='nowrap'><b>".$text['header-destinations_import']."</b></td>\n";
-			echo "<td width='70%' align='right'>\n";
-			echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='/app/destinations/destinations.php'\" value='".$text['button-back']."'>\n";
-			echo "</td>\n";
-			echo "</tr>\n";
-			echo "<tr>\n";
-			echo "<td align='left' colspan='2'>\n";
-			echo "	".$text['message-results']."<br /><br />\n";
-			echo "</td>\n";
-			echo "</tr>\n";
-			echo "</table>\n";
-
-		//show the results
-			echo "<table width='100%'  border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
-			echo "<tr>\n";
-			echo "	<th>".$text['label-destination_name']."</th>\n";
-			echo "	<th>".$text['label-destination_organization']."</th>\n";
-			//echo "	<th>".$text['label-destination_email']."</th>\n";
-			echo "	<th>".$text['label-destination_url']."</th>\n";
-			echo "</tr>\n";
-			if ($results) {
-				foreach($results as $row) {
-					echo "<tr>\n";
-					echo "	<td class='vncell' valign='top' align='left'>\n";
-					echo 		escape($row['FirstName'])." ".escape($row['LastName']);
-					echo "	</td>\n";
-					echo "	<td class='vncell' valign='top' align='left'>\n";
-					echo 	escape($row['Company'])."&nbsp;\n";
-					echo "	</td>\n";
-					echo "	<td class='vncell' valign='top' align='left'>\n";
-					echo 		escape($row['EmailAddress'])."&nbsp;\n";
-					echo "	</td>\n";
-					echo "	<td class='vncell' valign='top' align='left'>\n";
-					echo 		escape($row['Web Page'])."&nbsp;\n";
-					echo "	</td>\n";
-					echo "</tr>\n";
-				}
-			}
-			echo "</table>\n";
-
-		//include the footer
-			require_once "resources/footer.php";
-
-		//end the script
+		//send the redirect header
+			header("Location: destinations.php?type=".$destination_type);
 			exit;
-	}
 
+	}
 
 //upload the destination csv
 	if (file_exists($_SESSION['file']) && $action == 'delete') {
 
-		//form to match the fields to the column names
-			//require_once "resources/header.php";
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: destination_imports.php');
+				exit;
+			}
 
 		//user selected fields
 			$fields = $_POST['fields'];
@@ -686,34 +647,31 @@
 //match the column names to the field names
 	if (strlen($delimiter) > 0 && file_exists($_SESSION['file']) && ($action !== 'add' or $action !== 'delete')) {
 
-		//form to match the fields to the column names
+		//create token
+			$object = new token;
+			$token = $object->create($_SERVER['PHP_SELF']);
+
+		//include the header
+			$document['title'] = $text['title-destination_import'];
 			require_once "resources/header.php";
 
-			echo "<form action='' method='POST' enctype='multipart/form-data' name='frmUpload' onSubmit=''>\n";
+		//form to match the fields to the column names
+			echo "<form name='frmUpload' method='post' enctype='multipart/form-data'>\n";
+
+			echo "<div class='action_bar' id='action_bar'>\n";
+			echo "	<div class='heading'><b>".$text['header-destination_import']."</b></div>\n";
+			echo "	<div class='actions'>\n";
+			echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'destination_imports.php']);
+			echo button::create(['type'=>'submit','label'=>$text['button-import'],'icon'=>$_SESSION['theme']['button_icon_import']]);
+			echo "	</div>\n";
+			echo "	<div style='clear: both;'></div>\n";
+			echo "</div>\n";
+
+			echo $text['description-destination_import']."\n";
+			echo "<br /><br />\n";
+
 			echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
 
-			echo "	<tr>\n";
-			echo "	<td valign='top' align='left' nowrap='nowrap'>\n";
-			echo "		<b>".$text['header-destination_import']."</b><br />\n";
-			echo "	</td>\n";
-			echo "	<td valign='top' align='right'>\n";
-			echo "		<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='/app/destinations/destinations.php'\" value='".$text['button-back']."'>\n";
-			echo "		<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-			echo "	</td>\n";
-			echo "	</tr>\n";
-			echo "	<tr>\n";
-			echo "	<td colspan='2' align='left'>\n";
-			echo "		".$text['description-destination_import']."\n";
-			echo "	</td>\n";
-			echo "	</tr>\n";
-
-			//echo "<tr>\n";
-			//echo "<td align='left' width='30%' nowrap='nowrap'><b>".$text['header-destinations_import']."</b></td>\n";
-			//echo "<td width='70%' align='right'>\n";
-			//echo "	<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='/app/destinations/destinations.php'\" value='".$text['button-back']."'>\n";
-			//echo "</td>\n";
-			//echo "</tr>\n";
-
 			//loop through user columns
 			$x = 0;
 			foreach ($line_fields as $line_field) {
@@ -748,10 +706,10 @@
 			}
 
 			echo "<tr>\n";
-			echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+			echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 			echo "	".$text['label-destination_type']."\n";
 			echo "</td>\n";
-			echo "<td class='vtable' align='left'>\n";
+			echo "<td width='70%' class='vtable' align='left'>\n";
 			echo "	<select class='formfld' name='destination_type' id='destination_type' onchange='type_control(this.options[this.selectedIndex].value);'>\n";
 			switch ($destination_type) {
 				case "inbound" : 	$selected[1] = "selected='selected'";	break;
@@ -865,17 +823,15 @@
 			echo "</td>\n";
 			echo "</tr>\n";
 
-			echo "		<tr>\n";
-			echo "			<td colspan='2' valign='top' align='right' nowrap='nowrap'>\n";
-			echo "				<input name='from_row' type='hidden' value='".$from_row."'>\n";
-			echo "				<input name='data_delimiter' type='hidden' value='".$delimiter."'>\n";
-			echo "				<input name='data_enclosure' type='hidden' value='".$enclosure."'>\n";
-			echo "				<input type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-			echo "			</td>\n";
-			echo "		</tr>\n";
+			echo "</table>\n";
+
+			echo "<input name='from_row' type='hidden' value='".$from_row."'>\n";
+			echo "<input name='data_delimiter' type='hidden' value='".$delimiter."'>\n";
+			echo "<input name='data_enclosure' type='hidden' value='".$enclosure."'>\n";
+			echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 
-			echo "	</table>\n";
 			echo "</form>\n";
+
 			require_once "resources/footer.php";
 
 		//normalize the column names
@@ -891,33 +847,36 @@
 			exit;
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //include the header
+	$document['title'] = $text['title-destination_import'];
 	require_once "resources/header.php";
 
-//begin the content
-	echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
-	echo "	<tr>\n";
-	echo "	<td valign='top' align='left' width='30%' nowrap='nowrap'>\n";
-	echo "		<b>".$text['header-destination_import']."</b><br />\n";
-	echo "		".$text['description-destination_import']."\n";
-	echo "	</td>\n";
-	echo "	<td valign='top' width='70%' align='right'>\n";
-	echo "		<input type='button' class='btn' name='' alt='".$text['button-back']."' onclick=\"window.location='/app/destinations/destinations.php'\" value='".$text['button-back']."'>\n";
-	//echo "		<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-	echo "	</td>\n";
-	echo "	</tr>\n";
-	echo "</table>";
+//show the content
+	echo "<form name='frmUpload' method='post' enctype='multipart/form-data'>\n";
 
-	echo "<br />\n";
+	echo "<div class='action_bar' id='action_bar'>\n";
+	echo "	<div class='heading'><b>".$text['header-destination_import']."</b></div>\n";
+	echo "	<div class='actions'>\n";
+	echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px;','link'=>'destinations.php']);
+	echo button::create(['type'=>'submit','label'=>$text['button-continue'],'icon'=>$_SESSION['theme']['button_icon_upload']]);
+	echo "	</div>\n";
+	echo "	<div style='clear: both;'></div>\n";
+	echo "</div>\n";
 
-	echo "<form action='' method='POST' enctype='multipart/form-data' name='frmUpload' onSubmit=''>\n";
-	echo "	<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+	echo $text['description-destination_import']."\n";
+	echo "<br /><br />\n";
+
+	echo "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
 
 	echo "<tr>\n";
-	echo "<td class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
+	echo "<td width='30%' class='vncell' valign='top' align='left' nowrap='nowrap'>\n";
 	echo "    ".$text['label-import_data']."\n";
 	echo "</td>\n";
-	echo "<td class='vtable' align='left'>\n";
+	echo "<td width='70%' class='vtable' align='left'>\n";
 	echo "    <textarea name='data' id='data' rows='7' class='formfld' style='width: 100%;' wrap='off'>$data</textarea>\n";
 	echo "<br />\n";
 	echo $text['description-import_data']."\n";
@@ -983,20 +942,15 @@
 		echo "</tr>\n";
 	}
 
-	echo "	<tr>\n";
-	echo "		<td valign='bottom'>\n";
-	echo "		</td>\n";
-	echo "		<td valign='bottom' align='right' nowrap>\n";
-	echo "			<input name='type' type='hidden' value='csv'>\n";
-	echo "			<br />\n";
-	echo "			<input name='submit' type='submit' class='btn' id='import' value=\"".$text['button-import']."\">\n";
-	echo "		</td>\n";
-	echo "	</tr>\n";
-	echo "	</table>\n";
+	echo "</table>\n";
 	echo "<br><br>";
+
+	echo "<input name='type' type='hidden' value='csv'>\n";
+	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+
 	echo "</form>";
 
 //include the footer
 	require_once "resources/footer.php";
 
-?>
+?>
\ No newline at end of file

".$text['header-destination-add']."	".$text['header-destination-edit']."	"; - echo " "; - echo " \n"; - echo "
\n"; - echo $text['description-destinations']." \n"; - echo "
\n"; + echo "	\n"; echo " ".$text['label-destination_type']."\n"; echo "	\n"; + echo "	\n"; echo "
\n"; - if ($action == "update") { - echo " \n"; - echo " \n"; - echo " \n"; - } - echo " \n"; - echo " "; - echo " \n"; - echo "
".$text['header-destinations_import']."	\n"; - echo " \n"; - echo "
\n"; - echo " ".$text['message-results']." \n"; - echo "
\n"; - echo " ".$text['header-destination_import']." \n"; - echo "	\n"; - echo " \n"; - echo " \n"; - echo "
\n"; - echo " ".$text['description-destination_import']."\n"; - echo "
".$text['header-destinations_import']."	\n"; - //echo " \n"; - //echo "
\n"; + echo "	\n"; echo " ".$text['label-destination_type']."\n"; echo "	\n"; + echo "	\n"; echo "
\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "
\n"; + echo "	\n"; echo " ".$text['label-import_data']."\n"; echo "	\n"; + echo "	\n"; echo " $data\n"; echo " \n"; echo $text['description-import_data']."\n"; @@ -983,20 +942,15 @@ echo "
\n"; - echo "	\n"; - echo " \n"; - echo " \n"; - echo " \n"; - echo "