diff --git a/app/conference_profiles/conference_profile_edit.php b/app/conference_profiles/conference_profile_edit.php
index a37135d0ca..9c3aea83c2 100644
--- a/app/conference_profiles/conference_profile_edit.php
+++ b/app/conference_profiles/conference_profile_edit.php
@@ -41,6 +41,14 @@
 				$conference_profile_uuid = $_POST["conference_profile_uuid"];
 			}
 	
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: conference_profiles.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($profile_name) == 0) { $msg .= $text['message-required']." ".$text['label-profile_name']."<br>\n"; }
@@ -108,6 +116,10 @@
 		unset($sql, $parameters);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 
@@ -171,9 +183,10 @@
 	echo "	<tr>\n";
 	echo "		<td colspan='2' align='right'>\n";
 	if ($action == "update") {
-		echo "				<input type='hidden' name='conference_profile_uuid' value='".escape($conference_profile_uuid)."'>\n";
+		echo "			<input type='hidden' name='conference_profile_uuid' value='".escape($conference_profile_uuid)."'>\n";
 	}
-	echo "				<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";
 	echo "</table>";
diff --git a/app/conference_profiles/conference_profile_param_edit.php b/app/conference_profiles/conference_profile_param_edit.php
index f981969f39..f02ac205a8 100644
--- a/app/conference_profiles/conference_profile_param_edit.php
+++ b/app/conference_profiles/conference_profile_param_edit.php
@@ -48,6 +48,14 @@
 				$conference_profile_param_uuid = $_POST["conference_profile_param_uuid"];
 			}
 	
+		//validate the token
+			$token = new token;
+			if (!$token->validate($_SERVER['PHP_SELF'])) {
+				message::add($text['message-invalid_token'],'negative');
+				header('Location: conference_profiles.php');
+				exit;
+			}
+
 		//check for all required data
 			$msg = '';
 			if (strlen($profile_param_name) == 0) { $msg .= $text['message-required']." ".$text['label-profile_param_name']."<br>\n"; }
@@ -119,6 +127,10 @@
 		unset($sql, $parameters);
 	}
 
+//create token
+	$object = new token;
+	$token = $object->create($_SERVER['PHP_SELF']);
+
 //show the header
 	require_once "resources/header.php";
 
@@ -192,11 +204,12 @@
 	echo "</tr>\n";
 	echo "	<tr>\n";
 	echo "		<td colspan='2' align='right'>\n";
-	echo "				<input type='hidden' name='conference_profile_uuid' value='$conference_profile_uuid'>\n";
+	echo "			<input type='hidden' name='conference_profile_uuid' value='$conference_profile_uuid'>\n";
 	if ($action == "update") {
-		echo "				<input type='hidden' name='conference_profile_param_uuid' value='$conference_profile_param_uuid'>\n";
+		echo "			<input type='hidden' name='conference_profile_param_uuid' value='$conference_profile_param_uuid'>\n";
 	}
-	echo "				<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
+	echo "			<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
+	echo "			<input type='submit' name='submit' class='btn' value='".$text['button-save']."'>\n";
 	echo "		</td>\n";
 	echo "	</tr>";
 	echo "</table>";