Index: /mods/wpsg_mod_deliverynote.class.php
===================================================================
--- /mods/wpsg_mod_deliverynote.class.php	(revision 7552)
+++ /mods/wpsg_mod_deliverynote.class.php	(revision 7553)
@@ -258,7 +258,7 @@
 		public function order_ajax() {
 			
-			\check_admin_referer('wpsg-deliverynote-order_ajax-'.wpsg_getStr($_REQUEST['edit_id']));
-			
-			if(isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
+			\check_admin_referer('wpsg-deliverynote-order_ajax-deliverynote-'.wpsg_getStr($_REQUEST['edit_id']));
+			
+			if (isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
 
 			if (isset($_REQUEST['wpsg_mod_deliverynote_preview']))
Index: /mods/wpsg_mod_rechnungen.class.php
===================================================================
--- /mods/wpsg_mod_rechnungen.class.php	(revision 7552)
+++ /mods/wpsg_mod_rechnungen.class.php	(revision 7553)
@@ -309,5 +309,5 @@
 			$this->shop->update_option("wpsg_gutschrift_format", $_REQUEST['wpsg_gutschrift_format'], false, false, WPSG_SANITIZE_TEXTFIELD);
 			$this->shop->update_option('wpsg_rechnungen_adresszeile', $_REQUEST['wpsg_rechnungen_adresszeile'], false, false, WPSG_SANITIZE_TEXTFIELD);
-			$this->shop->update_option('wpsg_rechnungen_foottext_standard', $_REQUEST['wpsg_rechnungen_foottext_standard'], false, false, WPSG_SANITIZE_CHECKBOX);
+			$this->shop->update_option('wpsg_rechnungen_foottext_standard', $_REQUEST['wpsg_rechnungen_foottext_standard'], false, false, WPSG_SANITIZE_CHECKBOX, ['allowEmpty' => true]);
 			$this->shop->update_option('wpsg_mod_rechnungen_hideCountry', $_REQUEST['wpsg_mod_rechnungen_hideCountry'], false, false, WPSG_SANITIZE_CHECKBOX);
 
@@ -396,5 +396,7 @@
 			if (isset($_REQUEST['wpsg_rechnungen_preview']))
 			{
-
+				
+				\check_admin_referer('wpsg-mod_invoice-order_ajax-rechnung-'.wpsg_getInt($_REQUEST['edit_id']));
+				
 				// Vorschau einer Rechnung aus der Bestellverwaltung
 				$this->writeRechnung(wpsg_getInt($_REQUEST['edit_id']), true, true);
@@ -402,7 +404,7 @@
 				die();
 
-			}
-			else if (isset($_REQUEST['wpsg_rechnungen_write']))
-			{
+			} else if (isset($_REQUEST['wpsg_rechnungen_write'])) {
+				
+				\check_admin_referer('wpsg-mod_invoice-order_ajax-rechnung-'.wpsg_getInt($_REQUEST['edit_id']));
 				
 				try
@@ -421,19 +423,20 @@
 				die();
 				
-			}
-			else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'getRechnung')
-			{
+			} else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'getRechnung') {
+				
+				\check_admin_referer('wpsg-mod_invoice-order_ajax-getRechnung-'.wpsg_getInt($_REQUEST['r_id']));
 				
 			 	$this->doDownload($_REQUEST['r_id']);
 								
 			}
-			else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'storno')
-			{
+			else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'storno') {
+				
+				\check_admin_referer('wpsg-mod_invoice-order_ajax-storno-'.wpsg_getInt($_REQUEST['edit_id']));
 				
 				$this->stornoAction();
 				
-			}
-			else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'copy')
-			{
+			} else if (isset($_REQUEST['do']) && $_REQUEST['do'] == 'copy') {
+				
+				\check_admin_referer('wpsg-mod_invoice-order_ajax-copy-'.wpsg_getInt($_REQUEST['edit_id']));
 				
 				$rechnung = $this->db->fetchRow("SELECT * FROM `".WPSG_TBL_RECHNUNGEN."` WHERE `id` = '".wpsg_q($_REQUEST['r_id'])."'");
Index: /views/mods/mod_deliverynote/order_view_content.phtml
===================================================================
--- /views/mods/mod_deliverynote/order_view_content.phtml	(revision 7552)
+++ /views/mods/mod_deliverynote/order_view_content.phtml	(revision 7553)
@@ -29,6 +29,6 @@
 				
 				<form target="_blank" method="post" id="deliverynote_order_backend" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=ajax&mod=wpsg_mod_deliverynote&cmd=deliverynote&noheader=1&edit_id=<?php echo $this->view['data']['id']; ?>">
-				
-					<?php \wp_nonce_field('wpsg-deliverynote-order_ajax-'.$this->view['data']['id']); ?>
+									
+					<?php \wp_nonce_field('wpsg-deliverynote-order_ajax-deliverynote-'.$this->view['data']['id']); ?>
 					
 					<div>
Index: /views/mods/mod_rechnungen/order_view.phtml
===================================================================
--- /views/mods/mod_rechnungen/order_view.phtml	(revision 7552)
+++ /views/mods/mod_rechnungen/order_view.phtml	(revision 7553)
@@ -111,6 +111,14 @@
                     ?>
 
-                    <a target="_blank" onclick="if (!confirm('<?php echo __('Sind Sie sicher, dass Sie eine Kopie dieser Rechnung/Rechnungskorrektur erneut an den Kunden senden mÃ¶chten?', 'wpsg'); ?>')) return false;" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&mod=wpsg_mod_rechnungen&noheader=1&action=ajax&edit_id=<?php echo $this->view['data']['id']; ?>&r_id=<?php echo $r['id']; ?>&do=copy"><?php echo ' &nbsp;'.__("Kopie senden", "wpsg"); ?></a>&nbsp;
-                    <a target="_blank" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=ajax&noheader=1&mod=wpsg_mod_rechnungen&do=getRechnung&edit_id=<?php echo $this->view['data']['id']; ?>&r_id=<?php echo $r['id']; ?>"><?php echo __("Ansehen", "wpsg"); ?></a>
+                    <a target="_blank" onclick="if (!confirm('<?php echo __('Sind Sie sicher, dass Sie eine Kopie dieser Rechnung/Rechnungskorrektur erneut an den Kunden senden mÃ¶chten?', 'wpsg'); ?>')) return false;" href="<?php 
+						
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&mod=wpsg_mod_rechnungen&noheader=1&action=ajax&edit_id='.$this->view['data']['id'].'&r_id='.$r['id'].'&do=copy', 'wpsg-mod_invoice-order_ajax-copy-'.$this->view['data']['id']);
+
+					?>"><?php echo ' &nbsp;'.__("Kopie senden", "wpsg"); ?></a>&nbsp;
+                    <a target="_blank" href="<?php 
+						
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=ajax&noheader=1&mod=wpsg_mod_rechnungen&do=getRechnung&edit_id='.$this->view['data']['id'].'&r_id='.$r['id'], 'wpsg-mod_invoice-order_ajax-getRechnung-'.$this->view['data']['id']);						
+						
+					?>"><?php echo __("Ansehen", "wpsg"); ?></a>
 
                 </td>
@@ -126,5 +134,7 @@
             <div style="padding:10px;">
                 <form id="storno_form" target="_blank" method="post" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&noheader=1&action=ajax&mod=wpsg_mod_rechnungen&edit_id=<?php echo $this->view['data']['id']; ?>&do=storno">
-
+	
+					<?php \wp_nonce_field('wpsg-mod_invoice-order_ajax-storno-'.$this->view['data']['id']); ?>
+					
                     <input type="hidden" name="send" value="1" />
 
@@ -188,5 +198,7 @@
 
                 <form target="_blank" method="post" id="rechnungen_order_backend" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=ajax&mod=wpsg_mod_rechnungen&cmd=rechnung&noheader=1&edit_id=<?php echo $this->view['data']['id']; ?>">
-
+	
+					<?php \wp_nonce_field('wpsg-mod_invoice-order_ajax-rechnung-'.$this->view['data']['id']); ?>
+					
                     <input type="hidden" name="send" value="1" />
 
