Index: /controller/wpsg_OrderController.class.php
===================================================================
--- /controller/wpsg_OrderController.class.php	(revision 7560)
+++ /controller/wpsg_OrderController.class.php	(revision 7561)
@@ -21,4 +21,6 @@
 			} else if (wpsg_isSizedString($_REQUEST['subaction'], 'add')) {
 			    
+				check_admin_referer('wpsg-order-add');
+			 
 			    $this->addAction();
 			    
@@ -31,7 +33,5 @@
 			    $this->updateOrderAction();
 			    
-            }
-			if (wpsg_isSizedString($_REQUEST['subaction'], 'shippingData'))
-			{
+            } if (wpsg_isSizedString($_REQUEST['subaction'], 'shippingData')) {
 				$this->shippingDataAction();
 			}
@@ -143,7 +143,5 @@
         
         public function addAction() {
-
-            check_admin_referer('order-index-add');
-		    
+ 
             $customer_id = false;
             
@@ -245,5 +243,5 @@
                 $this->addBackendMessage(__('Die neue Bestellung wurde vorbereitet.', 'wpsg'));
                 
-                $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$order_id);
+                $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$order_id, 'wpsg-order-edit-'.$order_id));
                                 
             }
@@ -1105,5 +1103,5 @@
 			}
 
-			$this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$_REQUEST['edit_id']);
+			$this->redirect(wpsg_admin_url('Order', 'view', ['edit_id' => $_REQUEST['edit_id']]));
 
 		} // public function switchStatusAction()
@@ -1112,6 +1110,7 @@
 		 * Wird beim stornieren einer einzelnen Bestellung aufgerufen
 		 */
-		public function stornoAction()
-		{
+		public function stornoAction() {
+			
+			wpsg_checkNounce('Order', 'storno', ['edit_id' => wpsg_getInt($_REQUEST['edit_id'])]);
 
 			$this->shop->setOrderStatus($_REQUEST['edit_id'], 500, true);
@@ -1125,7 +1124,6 @@
 		 * Zeigt eine Bestellung an
 		 */
-		public function viewAction()
-		{
-
+		public function viewAction() {
+									
 			if (wpsg_isSizedString($_REQUEST['subaction'], 'updateCalculation')) {
 
@@ -1150,5 +1148,7 @@
 				
 			} else if (wpsg_isSizedString($_REQUEST['subaction'], 'removeProduct')) {
-
+				
+				wpsg_checkNounce('Order', 'view', ['subaction' => 'removeProduct', 'edit_id' => $_REQUEST['edit_id']]);
+				
                 $oCalculation = new \wpsg\wpsg_calculation();
                 $oCalculation->fromDB($_REQUEST['edit_id']);
@@ -1165,5 +1165,7 @@
 
 			} else if (wpsg_isSizedString($_REQUEST['subaction'], 'sendMail')) {
-		    	
+				
+				wpsg_checkNounce('Order', 'view', ['subaction' => 'sendMail', 'do' => 'customer', 'edit_id' => $_REQUEST['edit_id']]);
+				
 		    	$oBasket = new wpsg_basket();
 		    	$oBasket->initFromDB($_REQUEST['edit_id']);
@@ -1285,7 +1287,9 @@
 		        
             } else if (wpsg_isSizedString($_REQUEST['subaction'], 'addProduct')) {
-
+				
 		        if (wpsg_isSizedString($_REQUEST['do'], 'search')) {
-
+			
+		        	wpsg_checkNounce('Order', 'view', ['subaction' => 'addProduct', 'edit_id' => $_REQUEST['edit_id'], 'do' => 'search']);
+		        	
                     $arReturn = [];
 
@@ -1321,5 +1325,7 @@
 		        	
                 } else if (wpsg_isSizedString($_REQUEST['do'], 'product')) {
-
+			
+					wpsg_checkNounce('Order', 'view', ['subaction' => 'addProduct', 'do' => 'product', 'edit_id' => $_REQUEST['edit_id']]);
+		        	
 		            if (wpsg_isSizedInt($_REQUEST['product_id'])) {
 
@@ -1345,5 +1351,7 @@
 		            
                 } else if (wpsg_isSizedString($_REQUEST['do'], 'submit')) {
-
+			
+					wpsg_checkNounce('Order', 'view', ['subaction' => 'addProduct', 'do' => 'submit', 'edit_id' => $_REQUEST['edit_id']]);
+		        	
                     $oCalculation = new \wpsg\wpsg_calculation();
                     $oCalculation->fromDB($_REQUEST['edit_id']);
@@ -1364,4 +1372,7 @@
 			
 					$oCalculation->toDB($_REQUEST['edit_id']);
+					
+					$oCalculation = new \wpsg\wpsg_calculation();
+					$oCalculation->fromDB($_REQUEST['edit_id']);
 			
 					$this->shop->view['oCalculation'] = $oCalculation;
@@ -1371,5 +1382,9 @@
 					]);
 					 		            
-                }
+                } else {
+			 
+					wpsg_checkNounce('Order', 'view', ['subaction' => 'addProduct', 'edit_id' => $_REQUEST['edit_id']]);
+		        	
+				}
 		        
                 $this->shop->render(WPSG_PATH_VIEW.'/order/backendEdit/addProduct.phtml');
@@ -1377,5 +1392,13 @@
                 exit;
 		        
-            }
+            } else {
+				
+				if (!(wpsg_isSizedString($_REQUEST['subaction'], 'editPayShipping'))) {
+				
+					wpsg_checkNounce('Order', 'view', ['edit_id' => wpsg_getInt($_REQUEST['edit_id'])]);
+					
+				}
+				
+			}
 		   
 			$this->shop->view['data'] = $this->db->fetchRow("
@@ -1412,5 +1435,7 @@
 			
             if (wpsg_isSizedString($_REQUEST['subaction'], 'editPayShipping')) {
-
+	
+				wpsg_checkNounce('Order', 'view', ['subaction' => 'editPayShipping', 'edit_id' => $_REQUEST['edit_id']]);
+            	
                 $this->shop->render(WPSG_PATH_VIEW.'/order/backendEdit/editPayShipping.phtml');
 
@@ -1528,9 +1553,9 @@
 		 * Übernimmt das löschen von Bestellungen
 		 */
-		public function deleteAction()
-		{
-
-			if (!isset($_REQUEST['edit_id']))
-			{
+		public function deleteAction() {
+			
+			wpsg_checkNounce('Order', 'delete', ['edit_id' => wpsg_getInt($_REQUEST['edit_id'])]);
+
+			if (!isset($_REQUEST['edit_id'])) {
 
 				$this->shop->addBackendError(__('Keine Bestellnummer ÃŒbergeben.', 'wpsg'));
@@ -1547,6 +1572,5 @@
 		} // public function deleteAction()
 
-		public function indexAction()
-		{
+		public function indexAction() {
 
 			if (wpsg_isSizedString($_REQUEST['do'], 'writeMultiRechnung') || wpsg_isSizedString($_REQUEST['wpsg_action'], 'showRechnung'))
@@ -1749,4 +1773,6 @@
 
 			}
+			
+			if (isset($_REQUEST['submit-button'])) check_admin_referer('wpsg-order-search');
 
 			$nPerPage = $this->get_option('wpsg_order_perpage');
Index: /controller/wpsg_ProduktController.class.php
===================================================================
--- /controller/wpsg_ProduktController.class.php	(revision 7560)
+++ /controller/wpsg_ProduktController.class.php	(revision 7561)
@@ -152,7 +152,8 @@
 		 * Stellt die Übersicht der Produkte im Backend dar
 		 */
-		public function indexAction()
-		{
-
+		public function indexAction() {
+						
+			if (isset($_REQUEST['submit-button'])) check_admin_referer('wpsg-product-search');
+						
 			$nPerPage = $this->shop->get_option('wpsg_produkte_perpage');
 			if ($nPerPage <= 0) $nPerPage = 10;
@@ -168,17 +169,18 @@
 			$this->shop->view['pages'] = 1;
 
-			if (wpsg_isSizedArray($_REQUEST['filter']))
-			{
-
-				$_REQUEST['filter']['s'] = wpsg_xss($_REQUEST['filter']['s']);
-				$_REQUEST['filter']['productgroup_ids'] = sanitize_key($_REQUEST['filter']['productgroup_ids']);
-				$_REQUEST['filter']['productcategory_ids'] = sanitize_key($_REQUEST['filter']['productcategory_ids']);
+			if (wpsg_isSizedInt($_REQUEST['search']['pgruppe'])) {
+				
+				$_REQUEST['filter']['productgroup_ids'] = $_REQUEST['search']['pgruppe'];
+				
+			}
+			
+			if (wpsg_isSizedArray($_REQUEST['filter'])) {
+
+				$_REQUEST['filter']['s'] = wpsg_xss($_REQUEST['filter']['s']); 
 
 				$this->shop->view['arFilter'] = $_REQUEST['filter'];
 				$this->shop->view['hasFilter'] = true;
 
-			}
-			else if (wpsg_isSizedArray($_SESSION['wpsg']['backend']['products']['arFilter']))
-			{
+			} else if (wpsg_isSizedArray($_SESSION['wpsg']['backend']['products']['arFilter'])) {
 
 				//$this->shop->view['arFilter'] = $_SESSION['wpsg']['backend']['customer']['arFilter'];
@@ -208,14 +210,18 @@
 
 		} // public function indexAction()
-
+		
 		/**
 		 * Wird beim exportieren der Produkte aufgerufen
+		 * @param bool $bReturnData
+		 * @return array|void
+		 * @throws \wpsg\Exception
 		 */
-		public function exportAction($bReturnData = false)
-		{
+		public function exportAction($bReturnData = false, $noNounce = false) {
+			
+			if (!$noNounce) check_admin_referer('wpsg-product-export');
 
 			$arData = $this->db->fetchAssoc("SELECT * FROM `".wpsg_q(WPSG_TBL_PRODUCTS)."` WHERE `deleted` != '1'");
 
-			if (!wpsg_isSizedArray($arData)) { $this->addBackendError(__('Keine Daten zum Exportieren vorhanden.', 'wpsg')); $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&amp;action=index'); return; }
+			if (!wpsg_isSizedArray($arData)) { $this->addBackendError(__('Keine Daten zum Exportieren vorhanden.', 'wpsg')); $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=index'); return; }
 
 			foreach ($arData as $k => $v)
@@ -282,6 +288,7 @@
 		} // public function exportAction()
 
-		public function exportMediaAction()
-		{
+		public function exportMediaAction() {
+	 
+			check_admin_referer('wpsg-product-exportMedia');
 
 			@ini_set('memory_limit', '2000M');
@@ -291,9 +298,8 @@
 			$zip = new ZipArchive();
 
-			if ($zip->open($zip_file, ZIPARCHIVE::CREATE) == true)
-			{
+			if ($zip->open($zip_file, ZIPARCHIVE::CREATE) == true) {
 
 				// Produktdaten, wie normaler Export
-				list($product_export_file, $arData) = $this->exportAction(true);
+				list($product_export_file, $arData) = $this->exportAction(true, true);
 				$zip->addFile($product_export_file, 'productdata.csv');
 
@@ -328,10 +334,9 @@
 
 				$zip->close();
-
+ 
 				wpsg_header::ZIP($zip_file, 'wpsg_export.zip');
-
-			}
-			else
-			{
+				exit;
+
+			} else {
 
 				$this->addBackendError(_('Konnte ZIP Archiv nicht erstellen.', 'wpsg'));
@@ -346,13 +351,13 @@
 		 * Wird beim importieren der Produkte aufgerufen. Zeichnet das Upload Formular und fÃŒhrt auch den Import durch
 		 */
-		public function importAction()
-		{
-
+		public function importAction() {
+			
 			@ini_set('memory_limit', '2000M');
 			@set_time_limit(3600);
 
-			if (isset($_REQUEST['wpsg_import']) && file_exists($_FILES['wpsg_importfile']['tmp_name']))
-			{
-
+			if (isset($_REQUEST['wpsg_import']) && file_exists($_FILES['wpsg_importfile']['tmp_name'])) {
+				
+				check_admin_referer('wpsg-product-import-do');
+				
 				// Import starten
 
@@ -549,11 +554,13 @@
 				die($this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&amp;action=index'));
 
-			}
-			else if (isset($_REQUEST['wpsg_import']))
-			{
+			} else if (isset($_REQUEST['wpsg_import'])) {
 
 				$this->shop->addBackendError(__('Keine Datei zum Import angegeben.', 'wpsg'));
 				$this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&amp;action=import');
 
+			} else {
+				
+				check_admin_referer('wpsg-product-import');
+				
 			}
 
@@ -565,6 +572,7 @@
 		 * Wird beim bearbeiten aufgerufen
 		 */
-		public function editAction()
-		{
+		public function editAction() {
+			
+			check_admin_referer('wpsg-product-edit-'.intval($_REQUEST['edit_id']));
 
 			// VerfÃŒgbare Produkttemplates
@@ -781,4 +789,6 @@
 		public function copyAction() {
 			
+			check_admin_referer('wpsg-product-copy-'.intval($_REQUEST['edit_id']));
+			
 			if (!wpsg_checkInput($_REQUEST['edit_id'], WPSG_SANITIZE_INT)) throw new \Exception(__('Requestfehler', 'wpsg'));
 
@@ -836,7 +846,8 @@
 		 * Speichert ein Produkt
 		 */
-		public function saveAction()
-		{
-
+		public function saveAction() {
+			
+			check_admin_referer('wpsg-product-save-'.wpsg_getInt($_REQUEST['edit_id']));
+			
 			if ($this->shop->get_option('wpsg_options_nl2br') == '1') {
 
@@ -869,9 +880,7 @@
 
 				if (isset($_REQUEST['submit_index'])) $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=index');
-				else $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id'].'&wpsg_lang='.$_REQUEST['wpsg_lang']);
-
-			}
-			else
-			{
+				else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id'].'&wpsg_lang='.$_REQUEST['wpsg_lang'], 'wpsg-product-edit-'.wpsg_getInt($_REQUEST['edit_id'])));
+
+			} else {
 
 				// RegulÀres Produkt speichern
@@ -963,5 +972,5 @@
 
 				if (isset($_REQUEST['submit_index'])) $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=index');
-				else $this->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id']);
+				else $this->redirect(wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$_REQUEST['edit_id'], 'wpsg-product-edit-'.wpsg_getInt($_REQUEST['edit_id'])));
 
 			}
@@ -974,7 +983,8 @@
 		 * Wird beim erstellen eines neuen Produktes aufgerufen
 		 */
-		public function addAction()
-		{
-
+		public function addAction() {
+			
+			check_admin_referer('wpsg-product-admin');
+			
 			// VerfÃŒgbare Produkttemplates
 			$this->shop->view['templates'] = $this->shop->loadProduktTemplates();
@@ -1022,6 +1032,7 @@
 		 * Wird beim löschen eines Produktes aufgerufen
 		 */
-		public function delAction()
-		{
+		public function delAction() {
+			
+			check_admin_referer('wpsg-product-del-'.intval($_REQUEST['edit_id']));
 
 			$oProduct = wpsg_product::getInstance($_REQUEST['edit_id']);
Index: /controller/wpsg_ShopController.class.php
===================================================================
--- /controller/wpsg_ShopController.class.php	(revision 7560)
+++ /controller/wpsg_ShopController.class.php	(revision 7561)
@@ -931,12 +931,7 @@
 				wp_enqueue_script('jquery-ui-datepicker-de', $this->url(WPSG_URL_CONTENT.'plugins/'.WPSG_FOLDERNAME.'/lib/ui/jquery.ui.datepicker-de.js'), array('jquery', 'jquery-ui-core'));
 
-				//if (in_array(wpsg_getStr($_REQUEST['page']), array('wpsg-Admin', 'wpsg-Produkt', 'wpsg-Order')))
-				{
-
-					wp_enqueue_style('wpsg-bscss', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap-3.3.6-dist/css/bootstrap.css'));
-					wp_enqueue_style('wpsg-bs-theme-css', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap-3.3.6-dist/css/bootstrap-theme.css'));
-					wp_enqueue_style('wpsg_bs_editable', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap3-editable-1.5.1/bootstrap3-editable/css/bootstrap-editable.css'));
-
-				}
+				wp_enqueue_style('wpsg-bscss', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap-3.3.6-dist/css/bootstrap.css'));
+				wp_enqueue_style('wpsg-bs-theme-css', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap-3.3.6-dist/css/bootstrap-theme.css'));
+				wp_enqueue_style('wpsg_bs_editable', $GLOBALS['wpsg_sc']->getRessourceURL('js/bootstrap3-editable-1.5.1/bootstrap3-editable/css/bootstrap-editable.css'));
 
 				wp_enqueue_style('wp-jquery-ui-dialog');
Index: /lib/functions.inc.php
===================================================================
--- /lib/functions.inc.php	(revision 7560)
+++ /lib/functions.inc.php	(revision 7561)
@@ -1690,4 +1690,59 @@
 		
 	}	
+		
+	function wpsg_checkNounce($controller, $action = '', $arParam = []) {
+		
+		check_admin_referer(wpsg_getNounce($controller, $action, $arParam));
+		
+	}
+	
+	function wpsg_formNounce($controller, $action = '', $arParam = []) {
+		
+		echo wp_nonce_field(wpsg_getNounce($controller, $action, $arParam));
+		
+	}
+	
+	function wpsg_getNounce($controller, $action = '', $arParam = []) {
+		
+		$strNounce = 'wpsg-'.strtolower($controller).'-'.strtolower($action).'-';
+		
+		if (wpsg_isSizedArray($arParam)) {
+		
+			ksort($arParam);
+			
+			foreach ($arParam as $k => $v) {
+				
+				$strNounce .= $k.'-'.$v;
+				
+			}
+			
+		}
+		
+		return $strNounce;
+		
+	}
+	
+	function wpsg_admin_url($controller, $action = '', $arParam = [], $arParamNoNounce = [], $html_entity_decode = false) {
+		
+		$strURL = WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-'.$controller.'&action='.$action;
+		
+		if (wpsg_isSizedArray($arParam)) {
+			
+			$strURL .= '&'.http_build_query($arParam);
+						
+		}		
+		
+		if (wpsg_isSizedArray($arParamNoNounce)) {
+			
+			$strURL .= '&'.http_build_query($arParamNoNounce);
+			
+		}
+				
+		$url = wp_nonce_url($strURL, wpsg_getNounce($controller, $action, $arParam));
+		
+		if ($html_entity_decode) return html_entity_decode($url);
+		else return $url;
+		
+	}
 	
 	/**
Index: /mods/wpsg_mod_kundenverwaltung.class.php
===================================================================
--- /mods/wpsg_mod_kundenverwaltung.class.php	(revision 7560)
+++ /mods/wpsg_mod_kundenverwaltung.class.php	(revision 7561)
@@ -331,5 +331,11 @@
 			else if (wpsg_isSizedString($_REQUEST['action'], 'del')) $this->be_delAction();
 			else if (wpsg_isSizedString($_REQUEST['action'], 'save')) $this->be_saveAction();
-			else $this->be_indexAction();
+			else {
+				
+				if (isset($_REQUEST['submit-button'])) wpsg_checkNounce('Customer', 'search');
+				
+				$this->be_indexAction();
+				
+			}
 			
 		} // public function dispatch()
Index: /mods/wpsg_mod_productgroups.class.php
===================================================================
--- /mods/wpsg_mod_productgroups.class.php	(revision 7560)
+++ /mods/wpsg_mod_productgroups.class.php	(revision 7561)
@@ -616,25 +616,31 @@
 		} // public function getAllProductGroups()
 
-		public function dispatch()
-		{
-
-			if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "add")
-			{
+		public function dispatch() {
+
+			if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "add") {
+				
+				wpsg_checkNounce('Productgroups', '', ['wpsg_mod_action' => 'add']);
+				
 				$this->addAction();
-			}
-			else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "edit")
-			{
+				
+			} else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "edit") {
+				
+				wpsg_checkNounce('Productgroups', '', ['wpsg_mod_action' => 'edit', 'edit_id' => $_REQUEST['edit_id']]);
+				
 				$this->editAction();
-			}
-			else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "del")
-			{
+				
+			} else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "del") {
+				
+				wpsg_checkNounce('Productgroups', '', ['wpsg_mod_action' => 'del', 'edit_id' => $_REQUEST['edit_id']]);
+				
 				$this->delAction();
-			}
-			else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "save")
-			{
+				
+			} else if (isset($_REQUEST['wpsg_mod_action']) && $_REQUEST['wpsg_mod_action'] == "save") {
+				
+				\check_admin_referer('wpsg-productgroup-save-'.wpsg_getInt($_REQUEST['edit_id']));
+				
 				$this->saveAction();
-			}
-			else
-			{
+				
+			} else {
 				$this->indexAction();
 			}
@@ -642,6 +648,7 @@
 		} // public function dispatch()
 
-		public function indexAction()
-		{
+		public function indexAction() {
+			
+			if (isset($_REQUEST['submit-button'])) check_admin_referer('wpsg-mod-productgroups-search');
 
 			$nPerPage = 25;
@@ -692,6 +699,4 @@
 		public function delAction() {
 			
-			\check_admin_referer('wpsg-productgroup-del-'.intval($_REQUEST['edit_id']));
-			
 			$this->db->Query("DELETE FROM `".WPSG_TBL_PRODUCTS_GROUP."` WHERE `id` = '".wpsg_q($_REQUEST['edit_id'])."'");
 			$this->shop->addBackendMessage(__('Produktgruppe wurde erfolgreich gelöscht.', 'wpsg'));
@@ -702,7 +707,5 @@
 
 		public function saveAction() {
-			
-			\check_admin_referer('wpsg-productgroup-save-'.wpsg_getInt($_REQUEST['edit_id']));
-			
+						
 			$arTemplateFiles = [0] + $this->shop->loadProduktTemplates(true);
 			
@@ -760,5 +763,5 @@
 
 			if (isset($_REQUEST['submit_index'])) $this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=index');
-			else $this->shop->redirect(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=edit&edit_id='.$_REQUEST['edit_id']);
+			else $this->shop->redirect(wpsg_admin_url('Productgroups', '', ['wpsg_mod_action' => 'edit', 'edit_id' => $_REQUEST['edit_id']]));
 
 		} // public function saveAction()
Index: /views/mailtemplates/adminmail.phtml
===================================================================
--- /views/mailtemplates/adminmail.phtml	(revision 7560)
+++ /views/mailtemplates/adminmail.phtml	(revision 7561)
@@ -71,6 +71,5 @@
 <?php echo wpsg_pad_right(__('Zahlungsart', 'wpsg').':', 35); ?><?php echo $this->arPayment[$this->view['basket']['checkout']['payment']]['name']; ?>  
 <?php $this->callMods('mail_payment'); ?>
-    
-<?php echo wpsg_pad_right(__('Bestellung', 'wpsg').':', 35); ?><?php echo WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$this->view['o_id']; ?>    
+        
 <?php echo $this->render(WPSG_PATH_VIEW.'/mailtemplates/order.phtml'); ?>
 
Index: /views/mailtemplates/html/adminmail.phtml
===================================================================
--- /views/mailtemplates/html/adminmail.phtml	(revision 7560)
+++ /views/mailtemplates/html/adminmail.phtml	(revision 7561)
@@ -16,5 +16,5 @@
 <br />
 
-<h2><?php echo __('Warenkorb', 'wpsg'); ?> <a href="<?php echo WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Order&action=view&edit_id='.$this->view['o_id']; ?>"><?php echo __('Bestellverwaltung', 'wpsg'); ?></a>:</h2>
+<h2><?php echo __('Warenkorb', 'wpsg'); ?>:</h2>
 
 <?php $this->render(WPSG_PATH_VIEW.'/mailtemplates/html/order.phtml'); ?> 
Index: /views/mods/mod_kundenverwaltung/index.phtml
===================================================================
--- /views/mods/mod_kundenverwaltung/index.phtml	(revision 7560)
+++ /views/mods/mod_kundenverwaltung/index.phtml	(revision 7561)
@@ -42,4 +42,6 @@
 					<form method="post" id="filter_form">
 
+						<?php echo wpsg_formNounce('Customer', 'search'); ?>
+						
 						<input id="wpsg_seite" type="hidden" name="filter[page]" value="<?php echo @$this->view['arFilter']['page']; ?>" class="current-page" />
 
Index: /views/mods/mod_productgroups/index.phtml
===================================================================
--- /views/mods/mod_productgroups/index.phtml	(revision 7560)
+++ /views/mods/mod_productgroups/index.phtml	(revision 7561)
@@ -19,5 +19,9 @@
 					<li role="presentation" class="wpsg-customer-tab-a active"><a href="#" onclick="return false;"><?php echo wpsg_translate(__("Produktgruppenverwaltung (#1# Produktgruppen)", "wpsg"), $this->view['countAll']); ?></a></li>
                     <li role="presentation" class="wpsg-customer-tab-a wpsg_showhide_filter" id="wpsg-customer-tab-0"><a href="#" onclick="return false;"><span class="glyphicon glyphicon-search"></span><?php echo __("Suche", "wpsg"); ?></a></li>
-                    <li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'add'))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=add"><span class="glyphicon glyphicon-plus"></span><?php echo __("HinzufÃŒgen", "wpsg"); ?></a></li>
+                    <li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'add'))?'active':''); ?>"><a href="<?php 
+							
+						echo wpsg_admin_url('Productgroups', '', ['wpsg_mod_action' => 'add']);
+						
+					?>"><span class="glyphicon glyphicon-plus"></span><?php echo __("HinzufÃŒgen", "wpsg"); ?></a></li>
 				</ul>
 				<ul class="nav navbar-nav navbar-right">
@@ -31,4 +35,6 @@
                     <form method="post" id="filter_form">
 
+						<?php echo wp_nonce_field('wpsg-mod-productgroups-search'); ?>
+						
                         <input id="wpsg_seite" type="hidden" name="filter[page]" value="<?php echo @$this->view['page']; ?>" class="current-page" />
 
@@ -86,9 +92,13 @@
                             <strong><a title="<?php echo __("Diese Produktgruppe bearbeiten", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=edit&edit_id=<?php echo $pg->id; ?>" class="row-title"><?php echo $pg->name; ?></a></strong>
 					        <div class="row-actions">
-                                <span class="edit"><a title="<?php echo __("Diese Produktgruppe bearbeiten", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=edit&edit_id=<?php echo $pg->id; ?>"><?php echo __("Bearbeiten", "wpsg"); ?></a>
+                                <span class="edit"><a title="<?php echo __("Diese Produktgruppe bearbeiten", "wpsg"); ?>" href="<?php
+										
+									echo wpsg_admin_url('Productgroups', '', ['wpsg_mod_action' => 'edit', 'edit_id' => $pg->id]);
+										
+								?>"><?php echo __("Bearbeiten", "wpsg"); ?></a>
                                 |
                                 <span class="del"><a onclick="if (!confirm('<?php echo __("Sind Sie sich sicher?", "wpsg"); ?>')) return false;" title="<?php echo __("Diese Produktgruppe löschen", "wpsg"); ?>" href="<?php 
 										
-										echo \wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Productgroups&wpsg_mod_action=del&noheader=1&edit_id='.$pg->id, 'wpsg-productgroup-del-'.$pg->id); 
+									echo wpsg_admin_url('Productgroups', '', ['wpsg_mod_action' => 'del', 'edit_id' => $pg->id], ['noheader' => '1']); 
 										
 								?>"><?php echo __("Löschen", "wpsg"); ?></a>
Index: /views/order/backendEdit/addProduct.phtml
===================================================================
--- /views/order/backendEdit/addProduct.phtml	(revision 7560)
+++ /views/order/backendEdit/addProduct.phtml	(revision 7561)
@@ -26,5 +26,5 @@
     
 </form>
-
+ 
 <script>
     
@@ -34,5 +34,9 @@
         
         jQuery.ajax( {
-            url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=addProduct&do=product&noheader=1&edit_id=<?php $_REQUEST['edit_id']; ?>',
+            url: '<?php
+	
+				echo wpsg_admin_url('Order', 'view', ['subaction' => 'addProduct', 'do' => 'product', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true);
+				
+			?>',
             data: {
                 product_id: product_id,
@@ -53,5 +57,9 @@
         
         jQuery('#product_search').autocomplete( {
-            source: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=addProduct&do=search&noheader=1&edit_id=<?php echo $_REQUEST['edit_id']; ?>',
+            source: '<?php 
+				
+				echo wpsg_admin_url('Order', 'view', ['subaction' => 'addProduct', 'do' => 'search', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true); 
+				
+			?>',
             minLength: 2,
             appendTo: ".autocomplete_wrap",
Index: /views/order/index.phtml
===================================================================
--- /views/order/index.phtml	(revision 7560)
+++ /views/order/index.phtml	(revision 7561)
@@ -39,4 +39,6 @@
 					<form method="post" id="filter_form" >
 
+						<?php echo wp_nonce_field('wpsg-order-search'); ?>
+						
 						<input id="wpsg_seite" type="hidden" name="seite" value="<?php echo @$this->view['arFilter']['page']; ?>" class="current-page" />
 						<input id="wpsg_order" type="hidden" name="filter[order]" value="<?php echo @$this->view['arFilter']['order']; ?>" />
@@ -125,7 +127,7 @@
                         
                         <form method="POST" id="add_form" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&subaction=add&noheader=1">
-    
-                            <?php echo wp_nonce_field('order-index-add'); ?>
-                            
+	
+							<?php echo wp_nonce_field('wpsg-order-add'); ?>
+							                            
                             <br />
                             
@@ -251,9 +253,21 @@
 
                             <div class="actions">
-                                <span class="view"><a title="<?php echo __("Diese Bestellung ansehen", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&edit_id=<?php echo $oOrder->id; ?>"><?php echo __("Ansehen", "wpsg"); ?></a></span>
+                                <span class="view"><a title="<?php echo __("Diese Bestellung ansehen", "wpsg"); ?>" href="<?php
+		
+									echo wpsg_admin_url('Order', 'view', ['edit_id' => $oOrder->getId()]);
+	
+								?>"><?php echo __("Ansehen", "wpsg"); ?></a></span>
                                 |
-                                <span class="storno"><a onclick="return confirm('<?php echo __('Sind Sie sich sicher, dass Sie diese Bestellung stornieren möchten?', 'wpsg'); ?>');" title="<?php echo __("Diese Bestellung stornieren", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=storno&noheader=1&edit_id=<?php echo $oOrder->id; ?>"><?php echo __("Stornieren", "wpsg"); ?></a></span>
+                                <span class="storno"><a onclick="return confirm('<?php echo __('Sind Sie sich sicher, dass Sie diese Bestellung stornieren möchten?', 'wpsg'); ?>');" title="<?php echo __("Diese Bestellung stornieren", "wpsg"); ?>" href="<?php 
+										
+									echo wpsg_admin_url('Order', 'storno', ['edit_id' => $oOrder->getId()], ['noheader' => '1']); 
+										
+								?>"><?php echo __("Stornieren", "wpsg"); ?></a></span>
                                 |
-                                <span class="delete"><a onclick="return confirm('<?php echo __('Sind Sie sich sicher, dass Sie diese Bestellung löschen möchten?', 'wpsg'); ?>');" title="<?php echo __('Diese Bestellung löschen', 'wpsg'); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=delete&noheader=1&edit_id=<?php echo $oOrder->id; ?>"><?php echo __('Löschen', 'wpsg'); ?></a></span>
+                                <span class="delete"><a onclick="return confirm('<?php echo __('Sind Sie sich sicher, dass Sie diese Bestellung löschen möchten?', 'wpsg'); ?>');" title="<?php echo __('Diese Bestellung löschen', 'wpsg'); ?>" href="<?php
+									
+									echo wpsg_admin_url('Order', 'delete', ['edit_id' => $oOrder->getId()], ['noheader' => '1']);
+									
+								?>"><?php echo __('Löschen', 'wpsg'); ?></a></span>
                             </div>
 
Index: /views/order/view.phtml
===================================================================
--- /views/order/view.phtml	(revision 7560)
+++ /views/order/view.phtml	(revision 7561)
@@ -131,4 +131,5 @@
 	function wpsg_sendMail(oid)
 	{
+		
 		jQuery('#wpsg_produkte_table').html('<img src="<?php echo WPSG_URL; ?>views/gfx/ajax-loader.gif" alt="<?php echo __('Bitte warten ...', 'wpsg'); ?>" />');
 
Index: /views/order/view_orderdata.phtml
===================================================================
--- /views/order/view_orderdata.phtml	(revision 7560)
+++ /views/order/view_orderdata.phtml	(revision 7561)
@@ -52,5 +52,9 @@
 								
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=editPayShipping&edit_id=<?php echo $_REQUEST['edit_id']; ?>&noheader=1',
+					url: '<?php 
+						
+						echo wpsg_admin_url('Order', 'view', ['subaction' => 'editPayShipping', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true);
+					
+					?>',
 					success: function(data) {
 	
@@ -106,5 +110,9 @@
 				
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=addProduct&edit_id=<?php echo $_REQUEST['edit_id']; ?>&noheader=1',
+					url: '<?php 
+						
+						echo wpsg_admin_url('Order', 'view', ['subaction' => 'addProduct', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true); 
+						
+					?>',
 					success: function(data) {
 		
@@ -123,5 +131,9 @@
 				
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=removeProduct&noheader=1&edit_id=<?php echo $_REQUEST['edit_id']; ?>',
+					url: '<?php 
+						
+						echo wpsg_admin_url('Order', 'view', ['subaction' => 'removeProduct', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true);
+						
+					?>',
 					data: { 
 						order_product_id: order_product_id
@@ -145,5 +157,9 @@
 	
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=addProduct&edit_id=<?php echo $_REQUEST['edit_id']; ?>&noheader=1',
+					url: '<?php
+					
+						echo wpsg_admin_url('Order', 'view', ['subaction' => 'addProduct', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true);
+					
+					?>',
 					data: {
 						order_product_id: order_product_id  
@@ -166,5 +182,9 @@
 	
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=addProduct&do=submit&edit_id=<?php echo $_REQUEST['edit_id']; ?>&noheader=1',
+					url: '<?php 
+					
+						echo wpsg_admin_url('Order', 'view', ['edit_id' => $_REQUEST['edit_id'], 'do' => 'submit', 'subaction' => 'addProduct'], ['noheader' => '1'], true);
+						
+					?>',
 					data: jQuery('#wpsg_product_add_form').serialize(),
 					success: function(data) {
@@ -179,5 +199,5 @@
 			}
 		
-		}
+		};
 	
 		var WPSG_BE_Voucher = {
@@ -302,5 +322,9 @@
 
 				jQuery.ajax( {
-					url: '<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Order&action=view&subaction=sendMail&do=customer&edit_id=<?php echo $_REQUEST['edit_id']; ?>&noheader=1',
+					url: '<?php 
+						
+						echo wpsg_admin_url('Order', 'view', ['subaction' => 'sendMail', 'do' => 'customer', 'edit_id' => $_REQUEST['edit_id']], ['noheader' => '1'], true);				
+						
+					?>',
 					data: jQuery('#wpsg_be_discount_form').serialize(),
 					success: function(data) { alert(data); }
Index: /views/produkt/addedit.phtml
===================================================================
--- /views/produkt/addedit.phtml	(revision 7560)
+++ /views/produkt/addedit.phtml	(revision 7561)
@@ -33,4 +33,6 @@
 	<form method="POST" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&action=save&noheader=1" enctype="multipart/form-data">
 	
+		<?php echo wp_nonce_field('wpsg-product-save-'.wpsg_getInt($_REQUEST['edit_id'])); ?>
+		
 		<div class="wpsg_admin_submenu">
 		 
Index: /views/produkt/import.phtml
===================================================================
--- /views/produkt/import.phtml	(revision 7560)
+++ /views/produkt/import.phtml	(revision 7561)
@@ -30,4 +30,6 @@
 				<form method="POST" action="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&amp;action=import&noheader=1" id="import_form" enctype="multipart/form-data">
 				
+					<?php echo wp_nonce_field('wpsg-product-import-do'); ?>
+					
 					<div class="wpsg_hinweis"><?php echo __('Laden Sie ein vorher exportiertes CSV File hoch, die Produktdaten werden dann aus dieser Datei importiert.', 'wpsg'); ?></div>
 					<br />
Index: /views/produkt/index.phtml
===================================================================
--- /views/produkt/index.phtml	(revision 7560)
+++ /views/produkt/index.phtml	(revision 7561)
@@ -19,8 +19,11 @@
 			<div class="collapse navbar-collapse" id="wpsg-bs-headermenu">
 				<ul class="nav navbar-nav">
-					<li role="presentation" class="<?php echo ((!isset($_REQUEST['action']))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt"><?php echo wpsg_translate(__("ProduktÃŒbersicht (#1# Produkte)", "wpsg"), $this->view['countAll']); ?></a></li>
+					<li role="presentation" class="<?php echo ((!isset($_REQUEST['action']))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt'; ?>"><?php echo wpsg_translate(__("ProduktÃŒbersicht (#1# Produkte)", "wpsg"), $this->view['countAll']); ?></a></li>
 					<li role="presentation" class="wpsg_showhide_filter <?php echo (($this->view['submit'] === true)?'active':''); ?>"><a href="#" onclick="return false;"><span class="glyphicon glyphicon-search"></span><?php echo __("Suche", "wpsg"); ?></a></li>
-			 		<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'add'))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&action=add"><span class="glyphicon glyphicon-plus"></span><?php echo __("HinzufÃŒgen", "wpsg"); ?></a></li>
-                    
+			 		<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'add'))?'active':''); ?>"><a href="<?php
+							
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=add', 'wpsg-product-add');
+							
+					?>"><span class="glyphicon glyphicon-plus"></span><?php echo __("HinzufÃŒgen", "wpsg"); ?></a></li>                    
                     <?php /* Integration Exportprofile */ ?>
                     <?php if ($this->hasMod('wpsg_mod_export')) { $arProfile = $this->callMod('wpsg_mod_export', 'getProfile', array(wpsg_mod_export::TYPE_PRODUCT)); ?>
@@ -32,8 +35,20 @@
 				</ul>
 				<ul class="nav navbar-nav navbar-right">
-					<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'import'))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&action=import"><span class="glyphicon glyphicon-import"></span><?php echo __("Daten-Import", "wpsg"); ?></a></li>
+					<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'import'))?'active':''); ?>"><a href="<?php 
+							 
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=import', 'wpsg-product-import');
+							
+					?>"><span class="glyphicon glyphicon-import"></span><?php echo __("Daten-Import", "wpsg"); ?></a></li>
 					<?php if (wpsg_isSizedArray($this->view['arData'])) { ?>
-					<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'export'))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&action=export&noheader=1"><span class="glyphicon glyphicon-export"></span><?php echo __("Daten-Export", "wpsg"); ?></a></li>
-                    <li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'export'))?'active':''); ?>"><a href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&action=exportMedia&noheader=1"><span class="glyphicon glyphicon-export"></span><?php echo __("Daten-Export mit Medien", "wpsg"); ?></a></li>
+					<li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'export'))?'active':''); ?>"><a href="<?php 
+							
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=export&noheader=1', 'wpsg-product-export'); 
+							
+					?>"><span class="glyphicon glyphicon-export"></span><?php echo __("Daten-Export", "wpsg"); ?></a></li>
+                    <li role="presentation" class="<?php echo ((wpsg_isSizedString($_REQUEST['action'], 'export'))?'active':''); ?>"><a href="<?php 
+							
+						echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=exportMedia&noheader=1', 'wpsg-product-exportMedia');
+						
+					?>"><span class="glyphicon glyphicon-export"></span><?php echo __("Daten-Export mit Medien", "wpsg"); ?></a></li>
                     <?php } ?>
 			 	</ul>
@@ -45,4 +60,6 @@
 				<div class="col-lg-4">
 					<form method="post" id="filter_form">
+						
+						<?php echo wp_nonce_field('wpsg-product-search'); ?>
 
 						<input id="wpsg_seite" type="hidden" name="seite" value="<?php echo @$this->view['arFilter']['page']; ?>" class="current-page" />
@@ -200,5 +217,9 @@
                                 <?php foreach ($this->getStoreLanguages() as $l) { ?>
                                     <?php if ($l['locale'] != $this->getDefaultLanguageLocale()) { ?>
-                                    <a href="<?php echo $this->url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&amp;action=edit&amp;edit_id='.$d['id'].'&amp;wpsg_lang='.$l['lang']); ?>" title="<?php echo wpsg_translate(__('Produkt fÃŒr Sprache #1# bearbeiten.', 'wpsg'), $l['name']); ?>">
+                                    <a href="<?php
+	
+										echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$d['id'].'&wpsg_lang='.$l['lang'], 'wpsg-product-edit-'.$d['id']);
+										
+									?>" title="<?php echo wpsg_translate(__('Produkt fÃŒr Sprache #1# bearbeiten.', 'wpsg'), $l['name']); ?>">
                                         <img src="<?php echo $this->getFlagURL().$l['flag']; ?>" alt="<?php echo wpsg_translate(__('Produkt fÃŒr Sprache #1# bearbeiten.', 'wpsg'), $l['name']); ?>" />
                                     </a>
@@ -206,12 +227,28 @@
                                 <?php } ?>
                                 <?php } ?>
-                                <a title="<?php echo __("Dieses Produkt bearbeiten", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&amp;action=edit&amp;edit_id=<?php echo $d['id']; ?>" class="row-title"><?php echo (($d['name'] == "")?__("---- ", "wpsg"):$d['name']); ?></a>
+                                <a title="<?php echo __("Dieses Produkt bearbeiten", "wpsg"); ?>" href="<?php 
+									
+									echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$d['id'], 'wpsg-product-edit-'.$d['id']);									
+									
+								?>" class="row-title"><?php echo (($d['name'] == "")?__("---- ", "wpsg"):$d['name']); ?></a>
                             </strong>
                             <div class="row-actions">
-                                <span class="edit"><a title="<?php echo __("Dieses Produkt bearbeiten", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&amp;action=edit&amp;edit_id=<?php echo $d['id']; ?>"><?php echo __("Bearbeiten", "wpsg"); ?></a></span>
+                                <span class="edit"><a title="<?php echo __("Dieses Produkt bearbeiten", "wpsg"); ?>" href="<?php
+		
+									echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=edit&edit_id='.$d['id'], 'wpsg-product-edit-'.$d['id']);
+	
+								?>"><?php echo __("Bearbeiten", "wpsg"); ?></a></span>
                                 |
-                                <span class="del"><a onclick="if (!confirm('<?php echo __("Sind Sie sicher, dass Sie das Produkt löschen wollen?", "wpsg"); ?>')) return false;" title="<?php echo __("Dieses Produkt löschen", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&amp;action=del&amp;edit_id=<?php echo $d['id']; ?>&amp;noheader=1"><?php echo __("Löschen", "wpsg"); ?></a></span>
+                                <span class="del"><a onclick="if (!confirm('<?php echo __("Sind Sie sicher, dass Sie das Produkt löschen wollen?", "wpsg"); ?>')) return false;" title="<?php echo __("Dieses Produkt löschen", "wpsg"); ?>" href="<?php
+										
+									echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=del&edit_id='.$d['id'].'&noheader=1', 'wpsg-product-del-'.$d['id']);
+
+								?>"><?php echo __("Löschen", "wpsg"); ?></a></span>
                                 |
-                                <span class="copy"><a onclick="if (!confirm('<?php echo __("Sind Sie sicher, dass Sie das Produkt kopieren wollen?", "wpsg"); ?>')) return false;" title="<?php echo __("Dieses Produkt kopieren", "wpsg"); ?>" href="<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Produkt&amp;action=copy&amp;edit_id=<?php echo $d['id']; ?>&amp;noheader=1"><?php echo __("Kopieren", "wpsg"); ?></a></span>
+                                <span class="copy"><a onclick="if (!confirm('<?php echo __("Sind Sie sicher, dass Sie das Produkt kopieren wollen?", "wpsg"); ?>')) return false;" title="<?php echo __("Dieses Produkt kopieren", "wpsg"); ?>" href="<?php
+		
+									echo wp_nonce_url(WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Produkt&action=copy&edit_id='.$d['id'].'&noheader=1', 'wpsg-product-copy-'.$d['id']);
+										
+								?>"><?php echo __("Kopieren", "wpsg"); ?></a></span>
                                 |
                                 <span class="view"><a target="_blank" title="<?php echo __("Dieses Produkt im Frontend ansehen", "wpsg"); ?>" href="<?php echo $this->getProduktLink(array('id' => $d['id'])); ?>"><?php echo __("Ansehen", "wpsg"); ?></a></span>