--- a/plugins/SpecialUserPrefs.php	Thu Aug 20 20:03:31 2009 -0400
+++ b/plugins/SpecialUserPrefs.php	Thu Aug 20 20:19:20 2009 -0400
@@ -305,6 +305,10 @@
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title');
       break;
     case 'Profile':
+    case 'Home':
+      if ( isset($_POST['submit']) )
+        csrf_request_confirm();
+      
       $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title');
       break;
   }
@@ -778,6 +782,8 @@
         </table>
       </div>
       <?php
+      // CSRF protection
+      echo '<input type="hidden" name="cstok" value="' . $session->csrf_token . '" />';
       echo '</form>';
       break;
     case 'Avatar':