Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r6116054d29807ae2c1f274fc324a507c2b3a0910 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 6116054d29807ae2c1f274fc324a507c2b3a0910)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -14,6 +14,9 @@
 org.owasp.csrfguard.protected.forumAuthoringSave=/lams/tool/lafrum11/authoring/update.do
 org.owasp.csrfguard.protected.forumSubmissionDeadline=/lams/tool/lafrum11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.forumUpdateMark=/lams/tool/lafrum11/monitoring/updateMark.do
+org.owasp.csrfguard.protected.imageUpdateImage=/lams/tool/laimag10/monitoring/updateImage.do
+org.owasp.csrfguard.protected.imageSaveNewImage=/lams/tool/laimag10/learning/saveNewImage.do
+org.owasp.csrfguard.protected.imageToggleVisibility=/lams/tool/laimag10/monitoring/toggleImageVisibility.do
 org.owasp.csrfguard.protected.lamcSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.laqaSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.mindmapSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
Index: lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/LearningController.java
===================================================================
diff -u -rf9906f0846542026549f8e9cb1bc93adfd985852 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/LearningController.java	(.../LearningController.java)	(revision f9906f0846542026549f8e9cb1bc93adfd985852)
+++ lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/LearningController.java	(.../LearningController.java)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -71,6 +71,7 @@
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.multipart.MultipartFile;
 import org.springframework.web.util.HtmlUtils;
 
@@ -249,7 +250,7 @@
     /**
      * Save file or url imageGallery item into database.
      */
-    @RequestMapping("/saveNewImage")
+    @RequestMapping(path = "/saveNewImage", method = RequestMethod.POST)
     public String saveNewImage(@ModelAttribute ImageGalleryItemForm imageGalleryItemForm, HttpServletRequest request,
 	    HttpServletResponse response) throws IOException {
 
Index: lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/MonitoringController.java
===================================================================
diff -u -r190c89f5332a6fa6da4d16fd4e0eb668a6d930f7 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 190c89f5332a6fa6da4d16fd4e0eb668a6d930f7)
+++ lams_tool_images/src/java/org/lamsfoundation/lams/tool/imageGallery/web/controller/MonitoringController.java	(.../MonitoringController.java)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -55,6 +55,7 @@
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 
 @Controller
 @RequestMapping("/monitoring")
@@ -142,7 +143,7 @@
     /**
      * Update image's title and description set by monitor
      */
-    @RequestMapping("/updateImage")
+    @RequestMapping(path = "/updateImage", method = RequestMethod.POST)
     public String updateImage(@ModelAttribute ImageGalleryItemForm imageGalleryItemForm, HttpServletRequest request) {
 
 	// get back sessionMAP
@@ -181,7 +182,7 @@
     /**
      * Toggle image visibility, i.e. set its hide field to the opposite of the current value
      */
-    @RequestMapping("/toggleImageVisibility")
+    @RequestMapping(path = "/toggleImageVisibility", method = RequestMethod.POST)
     public String toggleImageVisibility(HttpServletRequest request) {
 
 	Long itemUid = WebUtil.readLongParam(request, ImageGalleryConstants.PARAM_IMAGE_UID);
Index: lams_tool_images/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_images/web/WEB-INF/tlds/security/csrfguard.tld	(revision 0)
+++ lams_tool_images/web/WEB-INF/tlds/security/csrfguard.tld	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<!--
+The OWASP CSRFGuard Project, BSD License
+Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011 
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+3. Neither the name of OWASP nor the names of its contributors may be used
+   to endorse or promote products derived from this software without specific
+   prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ -->
+<taglib xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd" version="2.0">
+	<tlib-version>1.2</tlib-version>
+	<jsp-version>2.0</jsp-version>
+	<short-name>Owasp CsrfGuard Tag Library</short-name>
+	<uri>http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld</uri>
+	<tag>
+		<name>token</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>tokenname</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenNameTag</tag-class>
+		<body-content>empty</body-content>
+	</tag>
+	<tag>
+		<name>tokenvalue</name>
+		<tag-class>org.owasp.csrfguard.tag.TokenValueTag</tag-class>
+		<body-content>empty</body-content>
+		<attribute>
+			<name>uri</name>
+			<required>false</required>
+			<rtexprvalue>true</rtexprvalue>
+		</attribute>
+	</tag>
+	<tag>
+		<name>a</name>
+		<tag-class>org.owasp.csrfguard.tag.ATag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+	<tag>
+		<name>form</name>
+		<tag-class>org.owasp.csrfguard.tag.FormTag</tag-class>
+		<dynamic-attributes>true</dynamic-attributes>
+	</tag>
+</taglib>
Index: lams_tool_images/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/web/WEB-INF/web.xml	(.../web.xml)	(revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_images/web/WEB-INF/web.xml	(.../web.xml)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -30,7 +30,10 @@
 			org.springframework.web.context.ContextLoaderListener
 		</listener-class>
 	</listener>
-
+    <filter>
+        <filter-name>CSRFGuard</filter-name>
+        <filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
+    </filter>
 	<filter>
 		<filter-name>hibernateFilter</filter-name>
 		<filter-class>
@@ -62,7 +65,11 @@
 	<filter-mapping>
 		<filter-name>hibernateFilter</filter-name>
 		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+    </filter-mapping>
+    <filter-mapping>
+        <filter-name>CSRFGuard</filter-name>
+        <url-pattern>*.do</url-pattern>
+    </filter-mapping>
 	<filter-mapping>
 		<filter-name>SystemSessionFilter</filter-name>
 		<url-pattern>/*</url-pattern>
@@ -149,8 +156,14 @@
 		<taglib>
 			<taglib-uri>tags-lams</taglib-uri>
 			<taglib-location>/WEB-INF/tlds/lams/lams.tld</taglib-location>
-		</taglib>
-
+        </taglib>
+        <!-- ======================================================== -->
+        <!-- CSRF Guard Tag Library -->
+        <!-- ======================================================== -->
+        <taglib>
+            <taglib-uri>csrfguard</taglib-uri>
+            <taglib-location>/WEB-INF/tlds/security/csrfguard.tld</taglib-location>
+        </taglib>
 	</jsp-config>
 
 	<!-- Security Constraint -->
@@ -261,4 +274,4 @@
 		<error-code>404</error-code>
 		<location>/404.jsp</location>
 	</error-page>
-</web-app>
\ No newline at end of file
+</web-app>
Index: lams_tool_images/web/common/taglibs.jsp
===================================================================
diff -u -r9e395fca5d7eb4a5ac4c9768642a336723a950f7 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision 9e395fca5d7eb4a5ac4c9768642a336723a950f7)
+++ lams_tool_images/web/common/taglibs.jsp	(.../taglibs.jsp)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -4,5 +4,6 @@
 <%@ taglib uri="tags-fmt" prefix="fmt" %>
 <%@ taglib uri="tags-xml" prefix="x" %>
 <%@ taglib uri="tags-lams" prefix="lams" %>
+<%@ taglib uri="csrfguard" prefix="csrf" %>
 <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> 
 
Index: lams_tool_images/web/pages/authoring/parts/addimage.jsp
===================================================================
diff -u -r89d6d5ff79899a6419b2237f06d6547886bddb28 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/web/pages/authoring/parts/addimage.jsp	(.../addimage.jsp)	(revision 89d6d5ff79899a6419b2237f06d6547886bddb28)
+++ lams_tool_images/web/pages/authoring/parts/addimage.jsp	(.../addimage.jsp)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -1,10 +1,11 @@
 <%@ include file="/common/taglibs.jsp"%>
+<c:set var="csrfToken"><csrf:token/></c:set>
 <c:choose>
 	<c:when test="${saveUsingLearningAction}">
-		<c:set var="FORM_ACTION" value="../learning/saveNewImage.do"/>
+		<c:set var="FORM_ACTION" value="../learning/saveNewImage.do?${csrfToken}"/>
 	</c:when>
 	<c:otherwise>
-		<c:set var="FORM_ACTION" value="saveOrUpdateImage.do"/>
+		<c:set var="FORM_ACTION" value="saveOrUpdateImage.do?${csrfToken}"/>
 	</c:otherwise>
 </c:choose>
 
@@ -78,4 +79,4 @@
 		</div>
 	</div>
 
-</form:form>
\ No newline at end of file
+</form:form>
Index: lams_tool_images/web/pages/monitoring/imagesummary.jsp
===================================================================
diff -u -r9e395fca5d7eb4a5ac4c9768642a336723a950f7 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/web/pages/monitoring/imagesummary.jsp	(.../imagesummary.jsp)	(revision 9e395fca5d7eb4a5ac4c9768642a336723a950f7)
+++ lams_tool_images/web/pages/monitoring/imagesummary.jsp	(.../imagesummary.jsp)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -45,8 +45,8 @@
 		</div>
 			
 		<div class="panel-body">
-
-			<form:form action="updateImage.do" method="post" modelAttribute="imageGalleryItemForm" id="imageGalleryItemForm">
+            <c:set var="csrfToken"><csrf:token/></c:set>
+			<form:form action="updateImage.do?${csrfToken}" method="post" modelAttribute="imageGalleryItemForm" id="imageGalleryItemForm">
 				<form:hidden path="imageUid" />		
 				<form:hidden path="sessionMapID" value="${sessionMapID}"/>
 				
Index: lams_tool_images/web/pages/monitoring/monitoring.jsp
===================================================================
diff -u -r5d60e2334cf6775f4e4afe5755a0e56ef78540c0 -r7e1926a1f28d55c8de63720fbc97f918de5cc711
--- lams_tool_images/web/pages/monitoring/monitoring.jsp	(.../monitoring.jsp)	(revision 5d60e2334cf6775f4e4afe5755a0e56ef78540c0)
+++ lams_tool_images/web/pages/monitoring/monitoring.jsp	(.../monitoring.jsp)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
@@ -120,7 +120,7 @@
 					
 					$.ajax({
 				    	type: 'POST',
-				    	url: "<c:url value='/monitoring/toggleImageVisibility.do'/>",
+				    	url: "<c:url value='/monitoring/toggleImageVisibility.do'/>?<csrf:token/>",
 				    	data : {
 							'imageUid' : imageUid,
 							'sessionMapID' : '${sessionMapID}'