Add token to prevent CSRF.
Created by: racke
This is a slightly adjusted version of the CSRF patch provided by @mpkut. I tested in my working copy over the weekend and I didn't run into a regression. This is scheduled to be part of the next beta release, as agreed with @ikedas.