Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -rfaaf36eefd3eed3baeae46071e5f754e8b24a7b0 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision faaf36eefd3eed3baeae46071e5f754e8b24a7b0)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -129,8 +129,11 @@
 
 org.owasp.csrfguard.protected.larsrcAuthoringSave=/lams/tool/larsrc11/authoring/update.do
 org.owasp.csrfguard.protected.larsrcAuthoringDefineLater=/lams/tool/larsrc11/authoring/definelater.do
+org.owasp.csrfguard.protected.larsrcAuthoringSaveOrUpdateItem=/lams/tool/larsrc11/authoring/saveOrUpdateItem.do
+org.owasp.csrfguard.protected.larsrcAuthoringRemoveItem=/lams/tool/larsrc11/authoring/removeItem.do
 org.owasp.csrfguard.protected.larsrcChangeItemVisibility=/lams/tool/larsrc11/monitoring/changeItemVisibility.do
 
+
 org.owasp.csrfguard.protected.mindmapAuthoringSave=/lams/tool/lamind10/authoring/updateContent.do
 org.owasp.csrfguard.protected.mindmapAuthoringDefineLater=/lams/tool/lamind10/authoring/definelater.do
 org.owasp.csrfguard.protected.mindmapMonitoringSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
@@ -178,6 +181,8 @@
 
 org.owasp.csrfguard.protected.voteAuthoringSave=/lams/tool/lavote11/authoring/submitAllContent.do
 org.owasp.csrfguard.protected.voteAuthoringDefineLater=/lams/tool/lavote11/authoring/definelater.do
+org.owasp.csrfguard.protected.voteAuthoringAddNomination=/lams/tool/lavote11/authoring/addSingleNomination.do
+org.owasp.csrfguard.protected.voteAuthoringRemoveNomination=/lams/tool/lavote11/authoring/removeNomination.do
 org.owasp.csrfguard.protected.voteMonitoringSubmissionDeadline=/lams/tool/lavote11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.voteHideOpenVote=/lams/tool/lavote11/monitoring/hideOpenVote.do
 org.owasp.csrfguard.protected.voteShowOpenVote=/lams/tool/lavote11/monitoring/showOpenVote.do
Index: lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/AuthoringController.java
===================================================================
diff -u -r845b503553ad948cb5db7b89950f7c5251ada5d7 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/AuthoringController.java	(.../AuthoringController.java)	(revision 845b503553ad948cb5db7b89950f7c5251ada5d7)
+++ lams_tool_larsrc/src/java/org/lamsfoundation/lams/tool/rsrc/web/controller/AuthoringController.java	(.../AuthoringController.java)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -119,7 +119,7 @@
      * authoring rule, all persist only happen when user submit whole page. So
      * this remove is just impact HttpSession values.
      */
-    @RequestMapping("/removeItem")
+    @RequestMapping(path = "/removeItem", method = RequestMethod.POST)
     private String removeItem(@ModelAttribute ResourceItemForm resourceItemForm, HttpServletRequest request) {
 	SessionMap<String, Object> sessionMap = getSessionMap(request);
 
@@ -210,7 +210,7 @@
      * <code>HttpSession</code> temporarily. Only they will be persist when the
      * entire authoring page is being persisted.
      */
-    @RequestMapping(value = "/saveOrUpdateItem")
+    @RequestMapping(path = "/saveOrUpdateItem", method = RequestMethod.POST)
     private String saveOrUpdateItem(@ModelAttribute ResourceItemForm resourceItemForm, HttpServletRequest request) {
 	// get instructions:
 	List<String> instructionList = getInstructionsFromRequest(request);
@@ -1028,4 +1028,4 @@
 	return (SessionMap<String, Object>) request.getSession().getAttribute(sessionMapID);
     } 
 
-}
\ No newline at end of file
+}
Index: lams_tool_larsrc/web/pages/authoring/basic.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/web/pages/authoring/basic.jsp	(.../basic.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_larsrc/web/pages/authoring/basic.jsp	(.../basic.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -42,7 +42,8 @@
 			{
 				itemIndex: idx,
 				reqID: reqIDVar.getTime(), 
-				sessionMapID: sessionMapID
+				sessionMapID: sessionMapID,
+				"<csrf:tokenname/>":"<csrf:tokenvalue/>"
 			},
 			function() {
 				deleteItemComplete();
@@ -104,4 +105,4 @@
 		<i class="fa fa-plus"></i>&nbsp;<fmt:message key="label.authoring.basic.add.learning.object" /> </button>
 </div>
 
-<div id="resourceInputArea" name="resourceInputArea" class="voffset10"></div>
\ No newline at end of file
+<div id="resourceInputArea" name="resourceInputArea" class="voffset10"></div>
Index: lams_tool_larsrc/web/pages/authoring/parts/addfile.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/web/pages/authoring/parts/addfile.jsp	(.../addfile.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_larsrc/web/pages/authoring/parts/addfile.jsp	(.../addfile.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -70,8 +70,8 @@
 			<div class="panel-body">
 
 			<lams:errors/>
-
-			<form:form action="saveOrUpdateItem.do" method="post" modelAttribute="resourceItemForm"  id="resourceItemForm">
+			<c:set var="csrfToken"><csrf:token/></c:set>
+			<form:form action="saveOrUpdateItem.do?${csrfToken}" method="post" modelAttribute="resourceItemForm" id="resourceItemForm" enctype="multipart/form-data">
 				<input type="hidden" name="instructionList" id="instructionList" />
 				<form:hidden path="sessionMapID" />
 				<input type="hidden" name="itemType" id="itemType" value="2" />
Index: lams_tool_larsrc/web/pages/authoring/parts/addlearningobject.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/web/pages/authoring/parts/addlearningobject.jsp	(.../addlearningobject.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_larsrc/web/pages/authoring/parts/addlearningobject.jsp	(.../addlearningobject.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -70,8 +70,8 @@
 			<div class="panel-body">
 
 			<lams:errors/>
-
-			<form:form action="saveOrUpdateItem.do" method="post" modelAttribute="resourceItemForm" id="resourceItemForm">
+			<c:set var="csrfToken"><csrf:token/></c:set>
+			<form:form action="saveOrUpdateItem.do?${csrfToken}" method="post" modelAttribute="resourceItemForm" id="resourceItemForm" enctype="multipart/form-data">
 				<input type="hidden" name="instructionList" id="instructionList" />
 				<form:hidden path="sessionMapID" />
 				<input type="hidden" name="itemType" id="itemType" value="4" />
Index: lams_tool_larsrc/web/pages/authoring/parts/addurl.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/web/pages/authoring/parts/addurl.jsp	(.../addurl.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_larsrc/web/pages/authoring/parts/addurl.jsp	(.../addurl.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -44,8 +44,8 @@
 			<div class="panel-body">
 
 			<lams:errors/>
-	
-			<form:form action="saveOrUpdateItem.do" method="post" modelAttribute="resourceItemForm" id="resourceItemForm">
+			<c:set var="csrfToken"><csrf:token/></c:set>
+			<form:form action="saveOrUpdateItem.do?${csrfToken}" method="post" modelAttribute="resourceItemForm" id="resourceItemForm">
 				<form:hidden path="sessionMapID" />
 				<input type="hidden" name="instructionList" id="instructionList" />
 				<input type="hidden" name="itemType" id="itemType" value="1" />
Index: lams_tool_larsrc/web/pages/authoring/parts/addwebsite.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_larsrc/web/pages/authoring/parts/addwebsite.jsp	(.../addwebsite.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_larsrc/web/pages/authoring/parts/addwebsite.jsp	(.../addwebsite.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -70,8 +70,8 @@
 			<div class="panel-body">
 
 			<lams:errors/>
-			
-			<form:form action="saveOrUpdateItem.do" method="post" modelAttribute="resourceItemForm"	id="resourceItemForm">
+			<c:set var="csrfToken"><csrf:token/></c:set>
+			<form:form action="saveOrUpdateItem.do?${csrfToken}" method="post" modelAttribute="resourceItemForm" id="resourceItemForm" enctype="multipart/form-data">
 				<form:hidden path="sessionMapID" />
 				<input type="hidden" name="instructionList" id="instructionList" />
 				<input type="hidden" name="itemType" id="itemType" value="3" />
@@ -112,4 +112,4 @@
 
 
 	</body>
-</lams:html>
\ No newline at end of file
+</lams:html>
Index: lams_tool_vote/web/authoring/newNominationBox.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r26661ca85899e95649257c3d5e59eb6b9841ad3c
--- lams_tool_vote/web/authoring/newNominationBox.jsp	(.../newNominationBox.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_vote/web/authoring/newNominationBox.jsp	(.../newNominationBox.jsp)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
@@ -17,6 +17,7 @@
 		<div class="panel-body">
 
 		<form:form action="addSingleNomination.do" modelAttribute="voteAuthoringForm" id="newNominationForm" method="POST">
+			<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
 			<form:hidden path="toolContentID" />
 			<form:hidden path="currentTab" />
 			<form:hidden path="httpSessionID" />