Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r26661ca85899e95649257c3d5e59eb6b9841ad3c -r47c01513981c11359304562c8f9ba39a2f0c0ba5
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 26661ca85899e95649257c3d5e59eb6b9841ad3c)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 47c01513981c11359304562c8f9ba39a2f0c0ba5)
@@ -172,6 +172,7 @@
 
 org.owasp.csrfguard.protected.surveyAuthoringSave=/lams/tool/lasurv11/authoring/update.do
 org.owasp.csrfguard.protected.surveyAuthoringDefineLater=/lams/tool/lasurv11/authoring/definelater.do
+org.owasp.csrfguard.protected.surveyAuthoringSaveOrUpdate=/lams/tool/lasurv11/authoring/saveOrUpdateItem.do
 org.owasp.csrfguard.protected.surveyMonitoringSubmissionDeadline=/lams/tool/lasurv11/monitoring/setSubmissionDeadline.do
 
 org.owasp.csrfguard.protected.taskAuthoringSave=/lams/tool/latask10/authoring/update.do
Index: lams_tool_survey/web/pages/authoring/basic.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r47c01513981c11359304562c8f9ba39a2f0c0ba5
--- lams_tool_survey/web/pages/authoring/basic.jsp	(.../basic.jsp)	(revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_survey/web/pages/authoring/basic.jsp	(.../basic.jsp)	(revision 47c01513981c11359304562c8f9ba39a2f0c0ba5)
@@ -33,7 +33,7 @@
 	function deleteItem(idx,sessionMapID){
 	    var reqIDVar = new Date();
 		var param = "itemIndex=" + idx +"&reqID="+reqIDVar.getTime()+"&sessionMapID="+sessionMapID;;
-		var url = "<c:url value="/authoring/removeItem.do"/>?"+param;
+		var url = "<c:url value="/authoring/removeItem.do"/>?<csrf:token/>&"+param;
 		deleteItemLoading();
 		$("#surveyListArea").load(url,deleteItemComplete);
 	}
Index: lams_tool_survey/web/pages/authoring/parts/addchoicequestion.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r47c01513981c11359304562c8f9ba39a2f0c0ba5
--- lams_tool_survey/web/pages/authoring/parts/addchoicequestion.jsp	(.../addchoicequestion.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_survey/web/pages/authoring/parts/addchoicequestion.jsp	(.../addchoicequestion.jsp)	(revision 47c01513981c11359304562c8f9ba39a2f0c0ba5)
@@ -18,6 +18,7 @@
 			
 	
 			<form:form action="saveOrUpdateItem.do" modelAttribute="surveyItemForm" id="surveyItemForm" method="post">
+				<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
 			
 			<lams:errors/>
 				<%-- This field is not belong STRUTS form --%>
Index: lams_tool_survey/web/pages/authoring/parts/addopenquestion.jsp
===================================================================
diff -u -raced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194 -r47c01513981c11359304562c8f9ba39a2f0c0ba5
--- lams_tool_survey/web/pages/authoring/parts/addopenquestion.jsp	(.../addopenquestion.jsp)	(revision aced7ba6c1e7c5a9a50d3f64d8cdd96dd7e76194)
+++ lams_tool_survey/web/pages/authoring/parts/addopenquestion.jsp	(.../addopenquestion.jsp)	(revision 47c01513981c11359304562c8f9ba39a2f0c0ba5)
@@ -15,6 +15,7 @@
 		
 
 		<form:form action="saveOrUpdateItem.do" method="post" modelAttribute="surveyItemForm" id="surveyItemForm">
+			<input type="hidden" name="<csrf:tokenname/>" value="<csrf:tokenvalue/>"/>
 			<form:hidden path="sessionMapID" />
 			<form:hidden path="contentFolderID" />
 			<form:hidden path="itemIndex" />