diff --git a/core/groups/groupadd.php b/core/groups/groupadd.php
index ea644f4dd1..4212e73870 100644
--- a/core/groups/groupadd.php
+++ b/core/groups/groupadd.php
@@ -54,6 +54,14 @@
 			}
 			$group_description = $_POST["group_description"];
 
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: groups.php');
+				exit;
+			}
+
 		//check for global/domain duplicates
 			$sql = "select count(*) from v_groups where ";
 			$sql .= "group_name = :group_name ";
@@ -94,6 +102,10 @@
 			return;
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //include the header
 	include "resources/header.php";
 	$document['title'] = $text['title-group_add'];
@@ -155,6 +167,7 @@
 
 	echo "<tr>\n";
 	echo "<td colspan='2' align='right'>\n";
+	echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "	<br />";
 	echo "	<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";
 	echo "</td>\n";
diff --git a/core/groups/groupedit.php b/core/groups/groupedit.php
index fb91228355..5a347f7074 100644
--- a/core/groups/groupedit.php
+++ b/core/groups/groupedit.php
@@ -400,9 +400,7 @@
 
 	echo "<tr>\n";
 	echo "<td colspan='2' align='right'>\n";
-	if (is_uuid($group_uuid)) {
-		echo "	<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
-	}
+	echo "	<input type='hidden' name='group_uuid' value='".escape($group_uuid)."'>\n";
 	echo "	<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
 	echo "	<br />";
 	echo "	<input type='submit' class='btn' value=\"".$text['button-save']."\">\n";