Index: lams_central/conf/security/Owasp.CsrfGuard.properties
===================================================================
diff -u -r7e1926a1f28d55c8de63720fbc97f918de5cc711 -reacf8690251ab940327df77e457801bbe436476f
--- lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision 7e1926a1f28d55c8de63720fbc97f918de5cc711)
+++ lams_central/conf/security/Owasp.CsrfGuard.properties	(.../Owasp.CsrfGuard.properties)	(revision eacf8690251ab940327df77e457801bbe436476f)
@@ -18,6 +18,7 @@
 org.owasp.csrfguard.protected.imageSaveNewImage=/lams/tool/laimag10/learning/saveNewImage.do
 org.owasp.csrfguard.protected.imageToggleVisibility=/lams/tool/laimag10/monitoring/toggleImageVisibility.do
 org.owasp.csrfguard.protected.lamcSubmissionDeadline=/lams/tool/lamc11/monitoring/setSubmissionDeadline.do
+org.owasp.csrfguard.protected.lamcSaveUserMark=/lams/tool/lamc11/monitoring/saveUserMark.do
 org.owasp.csrfguard.protected.laqaSubmissionDeadline=/lams/tool/laqa11/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.mindmapSubmissionDeadline=/lams/tool/lamind10/monitoring/setSubmissionDeadline.do
 org.owasp.csrfguard.protected.notebookSubmissionDeadline=/lams/tool/lantbk11/monitoring/setSubmissionDeadline.do
Index: lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java
===================================================================
diff -u -r1beaa4cc5e224dd433297d543c5511234c0bfc10 -reacf8690251ab940327df77e457801bbe436476f
--- lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java	(.../McMonitoringController.java)	(revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
+++ lams_tool_lamc/src/java/org/lamsfoundation/lams/tool/mc/web/controller/McMonitoringController.java	(.../McMonitoringController.java)	(revision eacf8690251ab940327df77e457801bbe436476f)
@@ -472,7 +472,7 @@
 	return responseJSON.toString();
     }
 
-    @RequestMapping("/saveUserMark")
+    @RequestMapping(path = "/saveUserMark", method = RequestMethod.POST)
     public String saveUserMark(HttpServletRequest request) {
 
 	if ((request.getParameter(McAppConstants.PARAM_NOT_A_NUMBER) == null)
Index: lams_tool_lamc/web/monitoring/SummaryContent.jsp
===================================================================
diff -u -r1beaa4cc5e224dd433297d543c5511234c0bfc10 -reacf8690251ab940327df77e457801bbe436476f
--- lams_tool_lamc/web/monitoring/SummaryContent.jsp	(.../SummaryContent.jsp)	(revision 1beaa4cc5e224dd433297d543c5511234c0bfc10)
+++ lams_tool_lamc/web/monitoring/SummaryContent.jsp	(.../SummaryContent.jsp)	(revision eacf8690251ab940327df77e457801bbe436476f)
@@ -114,7 +114,7 @@
 	  			   	{name:'grade', index:'grade', width:80, sorttype:"int", editable:true, editoptions: {size:4, maxlength: 4}, align:"right" }
 			   	],
 			   	multiselect: false,
-				cellurl: '<c:url value="/monitoring/saveUserMark.do"/>',
+				cellurl: '<c:url value="/monitoring/saveUserMark.do"/>?<csrf:token/>',
   				cellEdit: true,
   				afterEditCell: function (rowid,name,val,iRow,iCol){
   					oldValue = eval(val);