diff --git a/plugins/box/system/system.admin.php b/plugins/box/system/system.admin.php
old mode 100644
new mode 100755
index 95489b7..44bf110
--- a/plugins/box/system/system.admin.php
+++ b/plugins/box/system/system.admin.php
@@ -66,20 +66,27 @@
 
                 // Create Sitemap
                 // -------------------------------------  
-                if (Request::get('sitemap')) {
-                    if ('create' == Request::get('sitemap')) {
+                if (Request::get('sitemap') == 'create') {
+
+                    if (Security::check(Request::get('token'))) {
+
                         Notification::set('success', __('Sitemap created', 'system'));
+                        
                         Sitemap::create();
-                        Request::redirect('index.php?id=system');
-                    }            
+
+                        Request::redirect('index.php?id=system');                    
+
+                    } else { die('csrf detected!'); }
+
                 }
 
 
                 // Delete temporary files
                 // -------------------------------------  
-                if (Request::get('temporary_files')) {
-                    if ('delete' == Request::get('temporary_files')) {
+                if (Request::get('temporary_files') == 'delete') {
 
+                    if (Security::check(Request::get('token'))) {
+                    
                         $namespaces = Dir::scan(CACHE);
                         if (count($namespaces) > 0) {
                             foreach ($namespaces as $namespace) {
@@ -104,13 +111,19 @@
                 // Set maintenance state on or off
                 // -------------------------------------  
                 if (Request::get('maintenance')) {
-                    if ('on' == Request::get('maintenance')) {                            
-                        Option::update('maintenance_status', 'on');
-                        Request::redirect('index.php?id=system');
-                    }
-                    if ('off' == Request::get('maintenance')) {                                
-                        Option::update('maintenance_status', 'off');
-                        Request::redirect('index.php?id=system');
+
+                    if (Security::check(Request::get('token'))) {
+
+                        if ('on' == Request::get('maintenance')) {                            
+                            Option::update('maintenance_status', 'on');
+                            Request::redirect('index.php?id=system');
+                        }
+                        
+                        if ('off' == Request::get('maintenance')) {                                
+                            Option::update('maintenance_status', 'off');
+                            Request::redirect('index.php?id=system');
+                        }
+
                     }
                 }
 
diff --git a/plugins/box/system/views/backend/index.view.php b/plugins/box/system/views/backend/index.view.php
old mode 100644
new mode 100755
index 6f1ba0f..cb6490d
--- a/plugins/box/system/views/backend/index.view.php
+++ b/plugins/box/system/views/backend/index.view.php
@@ -4,12 +4,12 @@
 
 <?php if (Notification::get('success')) Alert::success(Notification::get('success')); ?>
 
-<?php echo Html::anchor(__('Create sitemap', 'system'), 'index.php?id=system&sitemap=create', array('class' => 'btn')).Html::nbsp(2); ?>
-<?php echo Html::anchor(__('Delete temporary files', 'system'), 'index.php?id=system&temporary_files=delete', array('class' => 'btn')).Html::nbsp(2); ?>
+<?php echo Html::anchor(__('Create sitemap', 'system'), 'index.php?id=system&sitemap=create&token='.Security::token(), array('class' => 'btn')).Html::nbsp(2); ?>
+<?php echo Html::anchor(__('Delete temporary files', 'system'), 'index.php?id=system&temporary_files=delete&token='.Security::token(), array('class' => 'btn')).Html::nbsp(2); ?>
 <?php if ('off' == Option::get('maintenance_status', 'system')) { ?>
-<?php echo Html::anchor(__('Maintenance Mode On', 'system'), 'index.php?id=system&maintenance=on', array('class' => 'btn')); ?>
+<?php echo Html::anchor(__('Maintenance Mode On', 'system'), 'index.php?id=system&maintenance=on&token='.Security::token(), array('class' => 'btn')); ?>
 <?php } else { ?>
-<?php echo Html::anchor(__('Maintenance Mode Off', 'system'), 'index.php?id=system&maintenance=off', array('class' => 'btn btn-danger')); ?>
+<?php echo Html::anchor(__('Maintenance Mode Off', 'system'), 'index.php?id=system&maintenance=off&token='.Security::token(), array('class' => 'btn btn-danger')); ?>
 <?php } ?>
 <?php Action::run('admin_system_extra_buttons'); ?>