Index: /mods/wpsg_mod_deliverynote.class.php
===================================================================
--- /mods/wpsg_mod_deliverynote.class.php	(revision 7706)
+++ /mods/wpsg_mod_deliverynote.class.php	(revision 7707)
@@ -250,18 +250,20 @@
 		
 		public function order_ajax() {
-			
+
 			\check_admin_referer('wpsg-deliverynote-order_ajax-deliverynote-'.wpsg_getStr($_REQUEST['edit_id']));
-			
-			if (isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = wpsg_sinput("key", $_REQUEST['edit_id']);
-
-			if (isset($_REQUEST['wpsg_mod_deliverynote_preview']))
-			{
+
+			if (isset($_REQUEST['edit_id'])) $_REQUEST['edit_id'] = intval($_REQUEST['edit_id']);
+
+			if (isset($_REQUEST['wpsg_mod_deliverynote_preview'])) {
+
+                $arProductIndexes = [];
+			    if (wpsg_isSizedArray($_REQUEST['wpsg_mod_deliverynote_productindexes'])) $arProductIndexes = explode(',', $_REQUEST['wpsg_mod_deliverynote_productindexes']);
 
 				// Vorschau eines Lieferscheines aus der Bestellverwaltung
 				$this->writeDeliverynote(
-					$_REQUEST['edit_id'],
-					explode(',', $_REQUEST['wpsg_mod_deliverynote_productindexes']),
-					wpsg_sinput("text_field", $_REQUEST['wpsg_mod_deliverynote_fusstext']),
-					strtotime(wpsg_sinput("key", $_REQUEST['wpsg_mod_deliverynote_date'])),
+                    $_REQUEST['edit_id'] > 0?$_REQUEST['edit_id']:null,
+					$arProductIndexes,
+					sanitize_text_field(wpsg_getStr($_REQUEST['wpsg_mod_deliverynote_fusstext'])),
+					strtotime(sanitize_text_field(wpsg_getStr( $_REQUEST['wpsg_mod_deliverynote_date']))),
 					true
 				);
@@ -430,7 +432,6 @@
 		} // public function order_view_content($order_id)
 		
-		public function be_ajax()
-		{
-				
+		public function be_ajax() {
+
 			if ($_REQUEST['do'] == 'reset')
 			{
@@ -621,6 +622,5 @@
 		 * Generiert den Lieferschein fÃŒr eine Bestellung
 		 */
-		public function writeDeliverynote($order_id, $arProductIndexes, $fussText = '', $liefer_datum = false, $preview = false, $lnr = false, $filename = false)
-		{
+		public function writeDeliverynote($order_id, $arProductIndexes, $fussText = '', $liefer_datum = false, $preview = false, $lnr = false, $filename = false) {
 
 			if($preview && is_null($order_id)) $order_id = 1;
@@ -685,5 +685,5 @@
 			
 			$this->shop->view['data']['products'] = array();
-			
+
 			foreach ($arProductIndexes as $product_index)
 			{
Index: /views/mods/mod_deliverynote/settings_edit.phtml
===================================================================
--- /views/mods/mod_deliverynote/settings_edit.phtml	(revision 7706)
+++ /views/mods/mod_deliverynote/settings_edit.phtml	(revision 7707)
@@ -229,5 +229,11 @@
 	{
 
-		var url = "<?php echo WPSG_URL_WP; ?>wp-admin/admin.php?page=wpsg-Admin&action=module&modul=wpsg_mod_deliverynote&do=orderAjax&noheader=1&wpsg_deliverynote_preview=1";
+		var url = "<?php
+
+            $url = WPSG_URL_WP.'wp-admin/admin.php?page=wpsg-Admin&action=module&modul=wpsg_mod_deliverynote&do=orderAjax&noheader=1&wpsg_mod_deliverynote_preview=1&edit_id=0';
+
+            echo html_entity_decode(wp_nonce_url($url, 'wpsg-deliverynote-order_ajax-deliverynote-0'));
+
+        ?>";
 
 		window.open(url, '_blank');