diff --git a/e107_admin/language.php b/e107_admin/language.php
index 1ab241702f..3a0fcab49c 100644
--- a/e107_admin/language.php
+++ b/e107_admin/language.php
@@ -212,6 +212,13 @@ function ToolsPage()
 
 		function DownloadPage()
 		{
+			if(empty($_GET['e-token']))
+			{
+				e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
+				return LAN_ERROR;
+			}
+
+
 			$this->loadPackInfo();
 
 			$lan = $this->getId();
@@ -425,7 +432,7 @@ private function renderOnlineLanguagePacks()
 						<td><a href='".$value['authorURL']."'>".$value['author']."</a></td>";*/
 
 
-				$url = 'language.php?mode=main&action=download&id='.$value['name']; // $value['url']
+				$url = 'language.php?mode=main&action=download&e-token='.e_TOKEN.'id='.$value['name']; // $value['url']
 
 				$text .= "
 					<td class='text-left'>".$value['date']."</td>
diff --git a/e107_admin/plugin.php b/e107_admin/plugin.php
index 064af9294c..29e645fef9 100755
--- a/e107_admin/plugin.php
+++ b/e107_admin/plugin.php
@@ -362,7 +362,7 @@ function renderHelp()
 			{
 				$plg->load($path);
 				$name = $plg->getName();
-				$url = e_ADMIN."plugin.php?mode=installed&action=upgrade&path=".$path;
+				$url = e_ADMIN."plugin.php?mode=installed&action=upgrade&path=".$path."&e-token=".e_TOKEN;
 				$text .= "<li class='media'>
 				<div class='media-left'>
 					<a href='".$url."'>".$plg->getIcon(32)."</a>
@@ -384,6 +384,12 @@ function renderHelp()
 
 		function installPage()
 		{
+			if(empty($this->getQuery('e-token')))
+			{
+				e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
+				$this->redirectAction('list');
+			}
+
 			$id = $this->getQuery('path');
 
 			$text = e107::getPlugin()->install($id);
@@ -438,6 +444,11 @@ function lanPage()
 
 		function uninstallPage()
 		{
+			if(empty($this->getQuery('e-token')))
+			{
+				e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
+				$this->redirectAction('list');
+			}
 
 
 			$id = $this->getQuery('path');
@@ -483,6 +494,14 @@ function uninstallPage()
 
 		function repairPage()
 		{
+
+			if(empty($this->getQuery('e-token')))
+			{
+				e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
+				$this->redirectAction('list');
+				return null;
+			}
+
 			$id = $this->getQuery('path');
 
 			$this->repair($id);
@@ -499,7 +518,7 @@ private function repair($id)
 			}
 
 			e107::getSingleton('e107plugin')->refresh($id);
-			e107::getLog()->add('PLUGMAN_04', $id, E_LOG_INFORMATIVE, '');
+			e107::getLog()->add('PLUGMAN_04', $id);
 
 			e107::getMessage()->addSuccess("Repair Complete (".$id.")"); // Repair Complete ([x])
 
@@ -526,6 +545,12 @@ function pullPage()
 
 		function upgradePage()
 		{
+			if(empty($this->getQuery('e-token')))
+			{
+				e107::getMessage()->addError("Invalid Token"); // Debug - no need for translation.
+				$this->redirectAction('list');
+			}
+
 			$this->pluginUpgrade();
 
 		}
@@ -1009,13 +1034,13 @@ function options($val, $curVal)
 		if($var['plugin_install_required'] == true)
 		{
 
-			if($var['plugin_installflag'])
+			if(!empty($var['plugin_installflag']))
 			{
-				$text .= ($var['plugin_installflag'] ? "<a class='btn btn-default' href=\"" . e_SELF . "?mode=".$mode."&action=uninstall&path={$var['plugin_path']}\" title='" . EPL_ADLAN_1 . "'  >" . ADMIN_UNINSTALLPLUGIN_ICON . "</a>" : "<a class='btn' href=\"" . e_SELF . "?install.{$var['plugin_id']}\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>");
+				$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=".$mode."&action=uninstall&path=".$var['plugin_path']."&e-token=".e_TOKEN."\" title='" . EPL_ADLAN_1 . "'  >" . ADMIN_UNINSTALLPLUGIN_ICON . "</a>";
 			}
 			else
 			{
-				$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=installed&action=install&path={$var['plugin_path']}\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>";
+				$text .= "<a class='btn btn-default' href=\"" . e_SELF . "?mode=installed&action=install&path=".$var['plugin_path']."&e-token=".e_TOKEN."\" title='" . EPL_ADLAN_0 . "' >" . ADMIN_INSTALLPLUGIN_ICON . "</a>";
 			}
 
 		}
@@ -1037,17 +1062,17 @@ function options($val, $curVal)
 
 		if($var['plugin_version'] != $var['plugin_version_file'] && $var['plugin_installflag'])
 		{
-			$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=upgrade&path={$var['plugin_path']}' title=\"" . EPL_UPGRADE . " v" . $var['plugin_version_file'] . "\" >" . ADMIN_UPGRADEPLUGIN_ICON . "</a>";
+			$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=upgrade&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title=\"" . EPL_UPGRADE . " v" . $var['plugin_version_file'] . "\" >" . ADMIN_UPGRADEPLUGIN_ICON . "</a>";
 		}
 
 		if($var['plugin_installflag'])
 		{
-			$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=repair&path={$var['plugin_path']}' title='" . LAN_REPAIR_PLUGIN_SETTINGS . "'> " . ADMIN_REPAIRPLUGIN_ICON . "</a>";
+			$text .= "<a class='btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=repair&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title='" . LAN_REPAIR_PLUGIN_SETTINGS . "'> " . ADMIN_REPAIRPLUGIN_ICON . "</a>";
 		}
 
 		if($var['plugin_installflag'] && is_dir($_path . ".git"))
 		{
-			$text .= "<a class='plugin-manager btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=pull&path={$var['plugin_path']}' title='" . LAN_SYNC_WITH_GIT_REPO . "'> " . ADMIN_GITSYNC_ICON . "</a>";
+			$text .= "<a class='plugin-manager btn btn-default' href='" . e_SELF . "?mode=".$mode."&action=pull&path=".$var['plugin_path']."&e-token=".e_TOKEN."' title='" . LAN_SYNC_WITH_GIT_REPO . "'> " . ADMIN_GITSYNC_ICON . "</a>";
 		}
 
 
@@ -1140,12 +1165,16 @@ function pluginCheck($force=false)
 		// Modal Download.
 		public function downloadPage()
 		{
+			if(empty($_GET['e-token']))
+			{
+				echo e107::getMessage()->addError("Invalid Token")->render('default', 'error');
+				return null;
+			}
 
 			$frm = e107::getForm();
 			$mes = e107::getMessage();
 			$tp = e107::getParser();
 
-		//	print_a($_GET);
 
 			$string =  base64_decode($_GET['src']);
 			parse_str($string, $data);
@@ -1192,7 +1221,7 @@ public function downloadPage()
 				$upgradable =  e107::getPlug()->getUpgradableList();
 				if(!empty($upgradable[$pluginFolder]))
 				{
-					$mes->addSuccess("<a target='_top' href='".e_ADMIN."plugin.php?mode=installed&action=upgrade&id=".$pluginFolder."' class='btn btn-primary'>".LAN_UPDATE."</a>");
+					$mes->addSuccess("<a target='_top' href='".e_ADMIN."plugin.php?mode=installed&action=upgrade&id=".$pluginFolder."&e-token=".e_TOKEN."' class='btn btn-primary'>".LAN_UPDATE."</a>");
 				}
 
 				echo $mes->render('default', 'success');
@@ -2539,6 +2568,9 @@ function step1()
 			$ns = e107::getRender();
 			$mes = e107::getMessage();
 			$tp = e107::getParser();
+
+			$newDir = [];
+			$lanDir = [];
 			
 			$plugFolders = $fl->get_dirs(e_PLUGIN);	
 			foreach($plugFolders as $dir)
diff --git a/e107_admin/theme.php b/e107_admin/theme.php
index be11c07c8f..218c055363 100644
--- a/e107_admin/theme.php
+++ b/e107_admin/theme.php
@@ -660,6 +660,12 @@ public function InfoPage()
 
 		public function DownloadPage()
 		{
+			if(empty($_GET['e-token']))
+			{
+				return e107::getMessage()->addError('Invalid Token')->render('default', 'error');
+			}
+
+
 			$frm = e107::getForm();
 			$mes = e107::getMessage();
 			$string =  base64_decode($_GET['src']);
@@ -1175,7 +1181,7 @@ private function onlineOptions($theme)
 		if(!empty($theme['price'])) // Premium Theme
 		{
 			$LAN_DOWNLOAD = LAN_PURCHASE."/".LAN_DOWNLOAD;
-			$downloadUrl = e_SELF.'?mode=main&action=download&src='.base64_encode($d); // no iframe.
+			$downloadUrl = e_SELF.'?mode=main&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d); // no iframe.
 			$mainTarget = '_blank';
 			$mainClass = '';
 			$modalCaption = ' '.LAN_PURCHASE.' '.$theme['name']." ".$theme['version'];
@@ -1183,7 +1189,7 @@ private function onlineOptions($theme)
 		else // Free Theme
 		{
 			$LAN_DOWNLOAD = LAN_DOWNLOAD;
-			$downloadUrl = e_SELF.'?mode=main&iframe=1&action=download&src='.base64_encode($d);//$url.'&amp;action=download';
+			$downloadUrl = e_SELF.'?mode=main&iframe=1&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);//$url.'&amp;action=download';
 			$mainTarget = '_self';
 			$mainClass = 'e-modal';
 			$modalCaption =  ' '.LAN_DOWNLOADING.' '.$theme['name']." ".$theme['version'];
diff --git a/e107_handlers/e_marketplace.php b/e107_handlers/e_marketplace.php
index 7871b481e9..c267d87cec 100644
--- a/e107_handlers/e_marketplace.php
+++ b/e107_handlers/e_marketplace.php
@@ -262,7 +262,7 @@ public function getDownloadModal($type='plugin',$data=array())
 
 		//	if(deftrue('e_DEBUG_PLUGMANAGER'))
 			{
-				$url = e_ADMIN.'plugin.php?mode=online&action=download&src='.base64_encode($d);
+				$url = e_ADMIN.'plugin.php?mode=online&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);
 			}
 		//	else
 			{
@@ -282,7 +282,7 @@ public function getDownloadModal($type='plugin',$data=array())
 			);
 
 			$d = http_build_query($srcData,false,'&');
-			$url = e_ADMIN.'theme.php?mode=main&action=download&src='.base64_encode($d);//$url.'&amp;action=download';
+			$url = e_ADMIN.'theme.php?mode=main&action=download&e-token='.e_TOKEN.'&src='.base64_encode($d);//$url.'&amp;action=download';
 
 		}