diff --git a/lib/init.php b/lib/init.php
index 25e7a67b..fc57a956 100644
--- a/lib/init.php
+++ b/lib/init.php
@@ -308,7 +308,18 @@ UI::twig()->addGlobal('page', $page);
UI::twig()->addGlobal('area', AREA);
UI::twig()->addGlobal('gSearchText', $gSearchText);
-/**
- * Initialize the mailingsystem
- */
+// Initialize the mailingsystem
$mail = new Mailer(true);
+
+// initialize csrf
+if (CurrentUser::hasSession()) {
+ $new_token = Froxlor::genSessionId(20);
+ UI::twig()->addGlobal('csrf_token', $new_token);
+ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+ $current_token = $_POST['csrf_token'];
+ if ($current_token != CurrentUser::getField('csrf_token')) {
+ Response::dynamicError('CSRF validation failed');
+ }
+ }
+ CurrentUser::setField('csrf_token', $new_token);
+}
diff --git a/templates/Froxlor/form/form.html.twig b/templates/Froxlor/form/form.html.twig
index b4925c65..381ce161 100644
--- a/templates/Froxlor/form/form.html.twig
+++ b/templates/Froxlor/form/form.html.twig
@@ -26,6 +26,7 @@
{% if nosubmit == false %}
+
{% if hiddenid is not empty %}
{% endif %}
diff --git a/templates/Froxlor/form/yesnoquestion.html.twig b/templates/Froxlor/form/yesnoquestion.html.twig
index 326f3735..077719f6 100644
--- a/templates/Froxlor/form/yesnoquestion.html.twig
+++ b/templates/Froxlor/form/yesnoquestion.html.twig
@@ -18,6 +18,7 @@
{% endif %}
{% endif %}
+
{% for id,field in url_params %}
diff --git a/templates/Froxlor/settings/detailpart.html.twig b/templates/Froxlor/settings/detailpart.html.twig
index 7c1ec438..1ba98a66 100644
--- a/templates/Froxlor/settings/detailpart.html.twig
+++ b/templates/Froxlor/settings/detailpart.html.twig
@@ -27,6 +27,7 @@
+
diff --git a/templates/Froxlor/user/2fa.html.twig b/templates/Froxlor/user/2fa.html.twig
index c03998c2..331490a1 100644
--- a/templates/Froxlor/user/2fa.html.twig
+++ b/templates/Froxlor/user/2fa.html.twig
@@ -41,6 +41,7 @@
+
{% if userinfo.type_2fa == 0 %}
diff --git a/templates/Froxlor/user/change_language.html.twig b/templates/Froxlor/user/change_language.html.twig
index a03fde01..c035f1f9 100644
--- a/templates/Froxlor/user/change_language.html.twig
+++ b/templates/Froxlor/user/change_language.html.twig
@@ -20,6 +20,7 @@
+
+
+