Index: print_all_bug_options_update.php
===================================================================
--- print_all_bug_options_update.php	(revision 5116)
+++ print_all_bug_options_update.php	(working copy)
@@ -20,15 +20,16 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Updates printing prefs then redirect to print_all_bug_page_page.php
-?>
-<?php require_once( 'core.php' ) ?>
-<?php require( 'print_all_bug_options_inc.php' ) ?>
 
-<?php auth_ensure_user_authenticated() ?>
-<?php
+    require_once( 'core.php' );
+    require( 'print_all_bug_options_inc.php' );
+
+    helper_ensure_post();
+    
+    auth_ensure_user_authenticated();
+    
 	$f_user_id		= gpc_get_int( 'user_id' );
 	$f_redirect_url	= gpc_get_string( 'redirect_url' );
 
Index: news_delete.php
===================================================================
--- news_delete.php	(revision 5116)
+++ news_delete.php	(working copy)
@@ -20,15 +20,15 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'news_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_news_id = gpc_get_int( 'news_id' );
 
 	$row = news_get_row( $f_news_id );
Index: print_all_bug_options_reset.php
===================================================================
--- print_all_bug_options_reset.php	(revision 5116)
+++ print_all_bug_options_reset.php	(working copy)
@@ -30,6 +30,8 @@
 	require_once( $t_core_path.'current_user_api.php' );
 	require( 'print_all_bug_options_inc.php' );
 
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 
 	# protected account check
Index: bug_reminder.php
===================================================================
--- bug_reminder.php	(revision 5116)
+++ bug_reminder.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This page allows an authorized user to send a reminder by email to another user
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'email_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bug_id		= gpc_get_int( 'bug_id' );
 	$f_to			= gpc_get_int_array( 'to' );
 	$f_body			= gpc_get_string( 'body' );
Index: manage_proj_cat_copy.php
===================================================================
--- manage_proj_cat_copy.php	(revision 5116)
+++ manage_proj_cat_copy.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'category_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id		= gpc_get_int( 'project_id' );
Index: bug_relationship_add.php
===================================================================
--- bug_relationship_add.php	(revision 5116)
+++ bug_relationship_add.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path . 'relationship_api.php' );
 
+    helper_ensure_post();
+    
 	$f_rel_type = gpc_get_int( 'rel_type' );
 	$f_src_bug_id = gpc_get_int( 'src_bug_id' );
 	$f_dest_bug_id_string = gpc_get_string( 'dest_bug_id' );
Index: manage_plugin_update.php
===================================================================
--- manage_plugin_update.php	(revision 5116)
+++ manage_plugin_update.php	(working copy)
@@ -24,6 +24,8 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
+helper_ensure_post();
+
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
 
Index: manage_custom_field_create.php
===================================================================
--- manage_custom_field_create.php	(revision 5116)
+++ manage_custom_field_create.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_proj_custom_field_copy.php
===================================================================
--- manage_proj_custom_field_copy.php	(revision 5116)
+++ manage_proj_custom_field_copy.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once('core.php');
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id		= gpc_get_int( 'project_id' );
Index: manage_proj_user_copy.php
===================================================================
--- manage_proj_user_copy.php	(revision 5116)
+++ manage_proj_user_copy.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id		= gpc_get_int( 'project_id' );
Index: manage_plugin_upgrade.php
===================================================================
--- manage_plugin_upgrade.php	(revision 5116)
+++ manage_plugin_upgrade.php	(working copy)
@@ -24,6 +24,8 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
+helper_ensure_post();
+
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
 
Index: tag_update.php
===================================================================
--- tag_update.php	(revision 5116)
+++ tag_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path . 'tag_api.php' );
 
+    helper_ensure_post();
+    
 	compress_enable();
 
 	$f_tag_id = gpc_get_int( 'tag_id' );
Index: bug_relationship_delete.php
===================================================================
--- bug_relationship_delete.php	(revision 5116)
+++ bug_relationship_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -36,6 +36,8 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path . 'relationship_api.php' );
 
+    helper_ensure_post();
+    
 	$f_rel_id = gpc_get_int( 'rel_id' );
 	$f_bug_id = gpc_get_int( 'bug_id' );
 
Index: manage_proj_custom_field_update.php
===================================================================
--- manage_proj_custom_field_update.php	(revision 5116)
+++ manage_proj_custom_field_update.php	(working copy)
@@ -20,15 +20,15 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_field_id	= gpc_get_int( 'field_id' );
 	$f_project_id	= gpc_get_int( 'project_id' );
 	$f_sequence	= gpc_get_int( 'sequence' );
Index: account_sponsor_update.php
===================================================================
--- account_sponsor_update.php	(revision 5116)
+++ account_sponsor_update.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
-	# This page updates a user's information
+
+	# This page updates a user's sponsorships
 	# If an account is protected then changes are forbidden
 	# The page gets redirected back to account_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
-?>
-<?php
+
 	$f_bug_list = gpc_get_string( 'buglist', '' );
 	$t_bug_list = explode( ',', $f_bug_list );
 	
Index: account_prof_update.php
===================================================================
--- account_prof_update.php	(revision 5116)
+++ account_prof_update.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@
 
 	require_once( $t_core_path.'profile_api.php' );
 
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
Index: bugnote_delete.php
===================================================================
--- bugnote_delete.php	(revision 5116)
+++ bugnote_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,12 +20,10 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Remove the bugnote and bugnote text and redirect back to
 	# the viewing page
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
@@ -33,8 +31,9 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bugnote_id = gpc_get_int( 'bugnote_id' );
 	
 	$t_bug_id = bugnote_get_field( $f_bugnote_id, 'bug_id' );
Index: lang/strings_english.txt
===================================================================
--- lang/strings_english.txt	(revision 5116)
+++ lang/strings_english.txt	(working copy)
@@ -313,6 +313,7 @@
 $MANTIS_ERROR[ERROR_PLUGIN_PAGE_NOT_FOUND] = 'Plugin page not found.';
 $MANTIS_ERROR[ERROR_COLUMNS_DUPLICATE] = 'Field \'%s\' contains duplcate column \'%s\'.';
 $MANTIS_ERROR[ERROR_COLUMNS_INVALID] = 'Field \'%s\' contains invalid field \'%s\'';
+$MANTIS_ERROR[ERROR_INVALID_REQUEST_METHOD] = 'This page cannot be accessed using this method.';
 
 $s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.';
 $s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.';
Index: manage_plugin_install.php
===================================================================
--- manage_plugin_install.php	(revision 5116)
+++ manage_plugin_install.php	(working copy)
@@ -24,6 +24,8 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
+helper_ensure_post();
+
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
 
Index: manage_proj_delete.php
===================================================================
--- manage_proj_delete.php	(revision 5116)
+++ manage_proj_delete.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id = gpc_get_int( 'project_id' );
Index: bugnote_add.php
===================================================================
--- bugnote_add.php	(revision 5116)
+++ bugnote_add.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,8 +20,7 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Insert the bugnote into the database then redirect to the bug page
 
 	require_once( 'core.php' );
@@ -31,6 +30,8 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 
+    helper_ensure_post();
+    
 	$f_bug_id		= gpc_get_int( 'bug_id' );
 	$f_private		= gpc_get_bool( 'private' );
 	$f_time_tracking	= gpc_get_string( 'time_tracking', '0:00' );
Index: news_update.php
===================================================================
--- news_update.php	(revision 5116)
+++ news_update.php	(working copy)
@@ -20,8 +20,7 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
@@ -29,8 +28,9 @@
 	require_once( $t_core_path.'news_api.php' );
 	require_once( $t_core_path.'string_api.php' );
 	require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_news_id		= gpc_get_int( 'news_id' );
 	$f_project_id	= gpc_get_int( 'project_id' );
 	$f_view_state	= gpc_get_int( 'view_state' );
Index: query_store.php
===================================================================
--- query_store.php	(revision 5116)
+++ query_store.php	(working copy)
@@ -28,6 +28,8 @@
 	require_once( $t_core_path.'string_api.php' );
 	require_once( $t_core_path.'date_api.php' );
 
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 	compress_enable();
 
Index: manage_proj_cat_add.php
===================================================================
--- manage_proj_cat_add.php	(revision 5116)
+++ manage_proj_cat_add.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'category_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id	= gpc_get_int( 'project_id' );
Index: bug_file_add.php
===================================================================
--- bug_file_add.php	(revision 5116)
+++ bug_file_add.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Add file to a bug and then view the bug
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'file_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bug_id	= gpc_get_int( 'bug_id', -1 );
 	$f_file		= gpc_get_file( 'file', -1 );
 
Index: lost_pwd.php
===================================================================
--- lost_pwd.php	(revision 5116)
+++ lost_pwd.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	# lost password feature disabled or reset password via email disabled -> stop here!
 	if( OFF == config_get( 'lost_password_feature' ) ||
 		OFF == config_get( 'send_reset_password' ) ||
Index: manage_plugin_uninstall.php
===================================================================
--- manage_plugin_uninstall.php	(revision 5116)
+++ manage_plugin_uninstall.php	(working copy)
@@ -24,6 +24,8 @@
 define( 'PLUGINS_DISABLED', true );
 require_once( 'core.php' );
 
+helper_ensure_post();
+
 auth_reauthenticate();
 access_ensure_global_level( config_get( 'manage_plugin_threshold' ) );
 
Index: manage_proj_custom_field_add_existing.php
===================================================================
--- manage_proj_custom_field_add_existing.php	(revision 5116)
+++ manage_proj_custom_field_add_existing.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_field_id		= gpc_get_int( 'field_id' );
Index: bug_assign_reporter.php
===================================================================
--- bug_assign_reporter.php	(revision 5116)
+++ bug_assign_reporter.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Assign bug to user then redirect to viewing page
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bug_id = gpc_get_int( 'bug_id' );
 
 	access_ensure_bug_level( config_get( 'update_bug_threshold' ), $f_bug_id );
Index: bugnote_update.php
===================================================================
--- bugnote_update.php	(revision 5116)
+++ bugnote_update.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,11 +20,9 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Update bugnote data then redirect to the appropriate viewing page
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bugnote_id	 = gpc_get_int( 'bugnote_id' );
 	$f_bugnote_text	 = gpc_get_string( 'bugnote_text', '' );
 	$f_time_tracking = gpc_get_string( 'time_tracking', '0:00' );
Index: proj_doc_add.php
===================================================================
--- proj_doc_add.php	(revision 5116)
+++ proj_doc_add.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
+    helper_ensure_post();
+    
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ) {
 		access_denied();
Index: manage_custom_field_delete.php
===================================================================
--- manage_custom_field_delete.php	(revision 5116)
+++ manage_custom_field_delete.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_user_create.php
===================================================================
--- manage_user_create.php	(revision 5116)
+++ manage_user_create.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'email_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_config_workflow_set.php
===================================================================
--- manage_config_workflow_set.php	(revision 5116)
+++ manage_config_workflow_set.php	(working copy)
@@ -26,6 +26,8 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path.'email_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: manage_proj_update.php
===================================================================
--- manage_proj_update.php	(revision 5116)
+++ manage_proj_update.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id 	= gpc_get_int( 'project_id' );
Index: query_delete.php
===================================================================
--- query_delete.php	(revision 5116)
+++ query_delete.php	(working copy)
@@ -28,6 +28,8 @@
 	require_once( $t_core_path.'string_api.php' );
 	require_once( $t_core_path.'date_api.php' );
 
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 	compress_enable();
 
Index: manage_proj_user_add.php
===================================================================
--- manage_proj_user_add.php	(revision 5116)
+++ manage_proj_user_add.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id	= gpc_get_int( 'project_id' );
Index: account_prof_add.php
===================================================================
--- account_prof_add.php	(revision 5116)
+++ account_prof_add.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,23 +20,21 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This file adds a new profile and redirects to account_proj_menu_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_platform		= gpc_get_string( 'platform' );
 	$f_os			= gpc_get_string( 'os' );
 	$f_os_build		= gpc_get_string( 'os_build' );
Index: manage_proj_cat_delete.php
===================================================================
--- manage_proj_cat_delete.php	(revision 5116)
+++ manage_proj_cat_delete.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'category_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_category_id = gpc_get_string( 'id' );
Index: manage_proj_custom_field_remove.php
===================================================================
--- manage_proj_custom_field_remove.php	(revision 5116)
+++ manage_proj_custom_field_remove.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_field_id = gpc_get_int( 'field_id' );
Index: tag_attach.php
===================================================================
--- tag_attach.php	(revision 5116)
+++ tag_attach.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path . 'tag_api.php' );
 
+    helper_ensure_post();
+    
 	$f_bug_id = gpc_get_int( 'bug_id' );
 	$f_tag_select = gpc_get_int( 'tag_select' );
 	$f_tag_string = gpc_get_string( 'tag_string' );
Index: admin/install_helper_functions.php
===================================================================
--- admin/install_helper_functions.php	(revision 5116)
+++ admin/install_helper_functions.php	(working copy)
@@ -17,6 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
 
+/**
+* check if database support exists
+* 
+* @param  string database type
+* @return bool
+*/
 	function check_database_support($p_db_type) {
 		$t_support = false;
 		switch ($p_db_type) {
@@ -44,6 +50,12 @@
 		return $t_support;
 	}
 	
+    /**
+    * check if php meets minimum version
+    * 
+    * @param  string version information
+    * @return bool
+    */
 	function check_php_version( $p_version ) {
 		if ($p_version == PHP_MIN_VERSION) {
 			return true;
@@ -58,4 +70,58 @@
 			 	return false;
 			}
 		}
-	}
\ No newline at end of file
+	}
+	
+    /**
+    * print result in the proper colour
+    * 
+    * @param  bool pass/fail input
+    * @param  bool true if failure is fatal
+    * @param  string text message added to failures
+    * @return bool
+    */
+	function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) {
+		global $g_failed;
+		echo '<td ';
+		if ( BAD == $p_result ) {
+			if ( $p_hard_fail ) {
+				$g_failed = true;
+				echo 'bgcolor="red">BAD';
+			} else {
+				echo 'bgcolor="pink">POSSIBLE PROBLEM';
+			}
+			if ( '' != $p_message ) {
+				echo '<br />' . $p_message;
+			}
+		}
+
+		if ( GOOD == $p_result ) {
+			echo 'bgcolor="green">GOOD';			
+		}
+		echo '</td>';
+	}
+
+    /**
+    * print test row
+    * 
+    * @param  string test title text
+    * @param  bool pass/fail input
+    * @param  bool true if failure is fatal
+    * @param  string text message added to failures
+    * @return bool
+    */
+	function print_test( $p_test_description, $p_result, $p_hard_fail=true, $p_message='' ) {
+
+		echo "\n<tr><td bgcolor=\"#ffffff\">$p_test_description</td>";
+		print_test_result( $p_result, $p_hard_fail, $p_message );
+		echo "</tr>\n";
+	}
+
+	# --------
+	# create an SQLArray to insert data
+	function InsertData( $p_table, $p_data ) {
+		$query = "INSERT INTO " . $p_table . $p_data;
+		return Array( $query );
+	}
+
+
Index: admin/install.php
===================================================================
--- admin/install.php	(revision 5116)
+++ admin/install.php	(working copy)
@@ -37,45 +37,6 @@
 	$g_failed = false;
 	$g_database_upgrade = false; 
 	
-	# -------
-	# print test result
-	function print_test_result( $p_result, $p_hard_fail=true, $p_message='' ) {
-		global $g_failed;
-		echo '<td ';
-		if ( BAD == $p_result ) {
-			if ( $p_hard_fail ) {
-				$g_failed = true;
-				echo 'bgcolor="red">BAD';
-			} else {
-				echo 'bgcolor="pink">POSSIBLE PROBLEM';
-			}
-			if ( '' != $p_message ) {
-				echo '<br />' . $p_message;
-			}
-		}
-
-		if ( GOOD == $p_result ) {
-			echo 'bgcolor="green">GOOD';			
-		}
-		echo '</td>';
-	}
-
-	# -------
-	# print test header and result
-	function print_test( $p_test_description, $p_result, $p_hard_fail=true, $p_message='' ) {
-
-		echo "\n<tr><td bgcolor=\"#ffffff\">$p_test_description</td>";
-		print_test_result( $p_result, $p_hard_fail, $p_message );
-		echo "</tr>\n";
-	}
-
-	# --------
-	# create an SQLArray to insert data
-	function InsertData( $p_table, $p_data ) {
-		$query = "INSERT INTO " . $p_table . $p_data;
-		return Array( $query );
-	}
-
 	# install_state
 	#   0 = no checks done
 	#   1 = server ok, get database information
Index: signup.php
===================================================================
--- signup.php	(revision 5116)
+++ signup.php	(working copy)
@@ -28,6 +28,8 @@
 	require_once( $t_core_path.'email_api.php' );
 	require_once( $t_core_path . 'disposable' . DIRECTORY_SEPARATOR . 'disposable.php' );
 
+    helper_ensure_post();
+    
 	$f_username		= strip_tags( gpc_get_string( 'username' ) );
 	$f_email		= strip_tags( gpc_get_string( 'email' ) );
 	$f_captcha		= gpc_get_string( 'captcha', '' );
Index: bug_actiongroup_ext.php
===================================================================
--- bug_actiongroup_ext.php	(revision 5116)
+++ bug_actiongroup_ext.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -28,6 +28,8 @@
 	require_once( $t_core_path . 'bug_api.php' );
 	require_once( $t_core_path . 'bug_group_action_api.php' );
 
+    helper_ensure_post();
+    
     auth_ensure_user_authenticated();
 
 	helper_begin_long_process();
Index: bug_monitor.php
===================================================================
--- bug_monitor.php	(revision 5116)
+++ bug_monitor.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,18 +20,17 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This file turns monitoring on or off for a bug for the current user
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bug_id	= gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id, true );
 
Index: manage_custom_field_update.php
===================================================================
--- manage_custom_field_update.php	(revision 5116)
+++ manage_custom_field_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_custom_fields_threshold' ) );
Index: manage_config_columns_set.php
===================================================================
--- manage_config_columns_set.php	(revision 5116)
+++ manage_config_columns_set.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,7 +27,9 @@
 
 	require_once( $t_core_path . 'columns_api.php' );
 	require_once( $t_core_path . 'gpc_api.php' );
-
+    
+    helper_ensure_post();
+    
 	# @@@ access_ensure_project_level( config_get( 'manage_project_threshold' ) );
 
 	$f_project_id = gpc_get_int( 'project_id' );
Index: manage_user_reset.php
===================================================================
--- manage_user_reset.php	(revision 5116)
+++ manage_user_reset.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_update_children.php
===================================================================
--- manage_proj_update_children.php	(revision 5116)
+++ manage_proj_update_children.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( $t_core_path.'project_hierarchy_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id = gpc_get_int( 'project_id' );
Index: bug_file_delete.php
===================================================================
--- bug_file_delete.php	(revision 5116)
+++ bug_file_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
+    helper_ensure_post();
+    
 	$f_file_id = gpc_get_int( 'file_id' );
 
 	$t_bug_id = file_get_field( $f_file_id, 'bug_id' );
Index: manage_config_email_set.php
===================================================================
--- manage_config_email_set.php	(revision 5116)
+++ manage_config_email_set.php	(working copy)
@@ -26,6 +26,8 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path.'email_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$t_can_change_level = min( config_get_access( 'notify_flags' ), config_get_access( 'default_notify_flags' ) );
Index: manage_user_prune.php
===================================================================
--- manage_user_prune.php	(revision 5116)
+++ manage_user_prune.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_ver_add.php
===================================================================
--- manage_proj_ver_add.php	(revision 5116)
+++ manage_proj_ver_add.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'version_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id	= gpc_get_int( 'project_id' );
Index: manage_user_delete.php
===================================================================
--- manage_user_delete.php	(revision 5116)
+++ manage_user_delete.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: manage_proj_cat_update.php
===================================================================
--- manage_proj_cat_update.php	(revision 5116)
+++ manage_proj_cat_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'category_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_category_id		= gpc_get_int( 'category_id' );
Index: account_delete.php
===================================================================
--- account_delete.php	(revision 5116)
+++ account_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@
 	# (none)
 
 	#============ Permissions ============
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
Index: manage_proj_ver_delete.php
===================================================================
--- manage_proj_ver_delete.php	(revision 5116)
+++ manage_proj_ver_delete.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'version_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_version_id = gpc_get_int( 'version_id' );
Index: manage_proj_user_remove.php
===================================================================
--- manage_proj_user_remove.php	(revision 5116)
+++ manage_proj_user_remove.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id = gpc_get_int( 'project_id' );
Index: bug_delete.php
===================================================================
--- bug_delete.php	(revision 5116)
+++ bug_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -29,6 +29,8 @@
 
 	$f_bug_id = gpc_get_int( 'bug_id' );
 
+    helper_ensure_post();
+    
 	access_ensure_bug_level( config_get( 'delete_bug_threshold' ), $f_bug_id );
 
 	$t_bug = bug_get( $f_bug_id, true );
Index: manage_user_proj_delete.php
===================================================================
--- manage_user_proj_delete.php	(revision 5116)
+++ manage_user_proj_delete.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id = gpc_get_int( 'project_id' );
Index: wiki.php
===================================================================
--- wiki.php	(revision 5116)
+++ wiki.php	(working copy)
@@ -28,6 +28,8 @@
 
 	require_once( $t_core_path . 'wiki_api.php' );
 
+    helper_ensure_post();
+    
 	$f_id = gpc_get_int( 'id' );
 	$f_type = gpc_get_string( 'type', 'issue' );
 	
Index: proj_doc_delete.php
===================================================================
--- proj_doc_delete.php	(revision 5116)
+++ proj_doc_delete.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ) {
 		access_denied();
Index: tag_detach.php
===================================================================
--- tag_detach.php	(revision 5116)
+++ tag_detach.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path . 'tag_api.php' );
 
+    helper_ensure_post();
+    
 	$f_tag_id = gpc_get_int( 'tag_id' );
 	$f_bug_id = gpc_get_int( 'bug_id' );
 
Index: news_add.php
===================================================================
--- news_add.php	(revision 5116)
+++ news_add.php	(working copy)
@@ -20,16 +20,16 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'news_api.php' );
 	require_once( $t_core_path.'print_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	access_ensure_project_level( config_get( 'manage_news_threshold' ) );
 
 	$f_view_state	= gpc_get_int( 'view_state' );
Index: manage_user_update.php
===================================================================
--- manage_user_update.php	(revision 5116)
+++ manage_user_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'email_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'manage_user_threshold' ) );
Index: account_prefs_update.php
===================================================================
--- account_prefs_update.php	(revision 5116)
+++ account_prefs_update.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,21 +20,19 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Updates prefs then redirect to account_prefs_page.php3
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'user_pref_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
-?>
-<?php
+
 	$f_user_id					= gpc_get_int( 'user_id' );
 	$f_redirect_url				= gpc_get_string( 'redirect_url' );
 
Index: account_update.php
===================================================================
--- account_update.php	(revision 5116)
+++ account_update.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,25 +20,23 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This page updates a user's information
 	# If an account is protected then changes are forbidden
 	# The page gets redirected back to account_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'email_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_email           	= gpc_get_string( 'email', '' );
 	$f_realname        	= gpc_get_string( 'realname', '' );
 	$f_password        	= gpc_get_string( 'password', '' );
Index: manage_proj_ver_update.php
===================================================================
--- manage_proj_ver_update.php	(revision 5116)
+++ manage_proj_ver_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'version_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_version_id = gpc_get_int( 'version_id' );
Index: core/database_api.php
===================================================================
--- core/database_api.php	(revision 5116)
+++ core/database_api.php	(working copy)
@@ -64,6 +64,7 @@
 			$g_db = ADONewConnection( $p_dsn );
 			$t_result = $g_db->IsConnected();
 		}
+		$g_db->LogSQL();
 
 		if ( $t_result ) {
 			# For MySQL, the charset for the connection needs to be specified.
Index: core/helper_api.php
===================================================================
--- core/helper_api.php	(revision 5116)
+++ core/helper_api.php	(working copy)
@@ -502,4 +502,16 @@
 
 		return (int)$t_min;
 	}	
+
+	#
+	#-------------------------------------------------
+	# check access method is POST, return if true, else call error handler
+    function helper_ensure_post()
+    {
+        if ( isset( $_SERVER['REQUEST_METHOD'] ) && ( $_SERVER['REQUEST_METHOD'] != 'POST' ) ) {
+			trigger_error( ERROR_INVALID_REQUEST_METHOD, ERROR );
+		}
+		
+    }
+
 ?>
Index: core/relationship_graph_api.php
===================================================================
--- core/relationship_graph_api.php	(revision 5116)
+++ core/relationship_graph_api.php	(working copy)
@@ -250,7 +250,8 @@
 		} else {
 			$t_graph_orientation = 'vertical';
 		}
-
+        $t_graph_attributes['fontpath'] = $t_graph_fontpath;
+        
 		$t_graph = new Digraph( $t_id_string, $t_graph_attributes, $t_dot_tool );
 
 		$t_graph->set_default_node_attr( array (
Index: core/constant_inc.php
===================================================================
--- core/constant_inc.php	(revision 5116)
+++ core/constant_inc.php	(working copy)
@@ -194,6 +194,7 @@
 	define( 'ERROR_FTP_CONNECT_ERROR',				16 );
 	define( 'ERROR_HANDLER_ACCESS_TOO_LOW',				17 );
 	define( 'ERROR_PAGE_REDIRECTION',				18 );
+	define( 'ERROR_INVALID_REQUEST_METHOD',		    19 );
 
 	# ERROR_CONFIG_*
 	define( 'ERROR_CONFIG_OPT_NOT_FOUND',			100 );
Index: manage_config_revert.php
===================================================================
--- manage_config_revert.php	(revision 5116)
+++ manage_config_revert.php	(working copy)
@@ -25,6 +25,8 @@
 
 	$t_core_path = config_get( 'core_path' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id = gpc_get_int( 'project', 0 );
Index: bug_report.php
===================================================================
--- bug_report.php	(revision 5116)
+++ bug_report.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -32,6 +32,8 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'custom_field_api.php' );
 
+    helper_ensure_post();
+    
 	access_ensure_project_level( config_get('report_bug_threshold' ) );
 
 	$t_bug_data = new BugData;
Index: bug_update.php
===================================================================
--- bug_update.php	(revision 5116)
+++ bug_update.php	(working copy)
@@ -20,11 +20,9 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Update bug data then redirect to the appropriate viewing page
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
@@ -32,8 +30,9 @@
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
 	require_once( $t_core_path.'custom_field_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bug_id = gpc_get_int( 'bug_id' );
 	$f_update_mode = gpc_get_bool( 'update_mode', FALSE ); # set if called from generic update page
 	$f_new_status	= gpc_get_int( 'status', bug_get_field( $f_bug_id, 'status' ) );
Index: bug_assign.php
===================================================================
--- bug_assign.php	(revision 5116)
+++ bug_assign.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,18 +20,16 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Assign bug to user then redirect to viewing page
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-?>
-<?php
+    helper_ensure_post();
+    
 	$f_bug_id = gpc_get_int( 'bug_id' );
 	$t_bug = bug_get( $f_bug_id );
 	
Index: bug_actiongroup.php
===================================================================
--- bug_actiongroup.php	(revision 5116)
+++ bug_actiongroup.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# This page allows actions to be performed an an array of bugs
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
-?>
-<?php auth_ensure_user_authenticated() ?>
-<?php
+
+    helper_ensure_post();
+    
+    auth_ensure_user_authenticated();
 	helper_begin_long_process();
 
 	$f_action	= gpc_get_string( 'action' );
Index: manage_user_proj_add.php
===================================================================
--- manage_user_proj_add.php	(revision 5116)
+++ manage_user_proj_add.php	(working copy)
@@ -23,6 +23,8 @@
 
 	require_once( 'core.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_user_id		= gpc_get_int( 'user_id' );
Index: account_prefs_reset.php
===================================================================
--- account_prefs_reset.php	(revision 5116)
+++ account_prefs_reset.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@
 	$f_redirect_url	= gpc_get_string( 'redirect_url', 'account_prefs_page.php' );
 
 	#============ Permissions ============
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 
 	user_ensure_unprotected( $f_user_id );
Index: tag_delete.php
===================================================================
--- tag_delete.php	(revision 5116)
+++ tag_delete.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path . 'tag_api.php' );
 
+    helper_ensure_post();
+    
 	access_ensure_global_level( config_get( 'tag_edit_threshold' ) );
 
 	$f_tag_id = gpc_get_int( 'tag_id' );
Index: manage_proj_subproj_add.php
===================================================================
--- manage_proj_subproj_add.php	(revision 5116)
+++ manage_proj_subproj_add.php	(working copy)
@@ -25,6 +25,8 @@
 
 	$t_core_path = config_get( 'core_path' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id    = gpc_get_int( 'project_id' );
Index: bug_set_sponsorship.php
===================================================================
--- bug_set_sponsorship.php	(revision 5116)
+++ bug_set_sponsorship.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,14 +20,15 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path . 'sponsorship_api.php' );
 
+    helper_ensure_post();
+    
 	if ( config_get( 'enable_sponsorship' ) == OFF ) {
 		trigger_error( ERROR_SPONSORSHIP_NOT_ENABLED, ERROR );
 	}
Index: adm_config_set.php
===================================================================
--- adm_config_set.php	(revision 5116)
+++ adm_config_set.php	(working copy)
@@ -26,7 +26,8 @@
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
-
+    helper_ensure_post();
+    
 	$f_user_id = gpc_get_int( 'user_id' );
 	$f_project_id = gpc_get_int( 'project_id' );
 	$f_config_option = gpc_get_string( 'config_option' );
Index: proj_doc_update.php
===================================================================
--- proj_doc_update.php	(revision 5116)
+++ proj_doc_update.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'file_api.php' );
 
+    helper_ensure_post();
+    
 	# Check if project documentation feature is enabled.
 	if ( OFF == config_get( 'enable_project_documentation' ) ||
 		!file_is_uploading_enabled() ||
Index: account_prof_delete.php
===================================================================
--- account_prof_delete.php	(revision 5116)
+++ account_prof_delete.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# The specified profile is deleted and the user is redirected to
 	# account_prof_menu_page.php3
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'profile_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_profile_id	= gpc_get_int( 'profile_id' );
 
 	if ( profile_is_global( $f_profile_id ) ) {
Index: manage_proj_create.php
===================================================================
--- manage_proj_create.php	(revision 5116)
+++ manage_proj_create.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'project_hierarchy_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	access_ensure_global_level( config_get( 'create_project_threshold' ) );
Index: manage_config_work_threshold_set.php
===================================================================
--- manage_config_work_threshold_set.php	(revision 5116)
+++ manage_config_work_threshold_set.php	(working copy)
@@ -26,6 +26,8 @@
 	$t_core_path = config_get( 'core_path' );
 	require_once( $t_core_path.'email_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$t_redirect_url = 'manage_config_work_threshold_page.php';
Index: bugnote_set_view_state.php
===================================================================
--- bugnote_set_view_state.php	(revision 5116)
+++ bugnote_set_view_state.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,19 +20,18 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Set an existing bugnote private or public.
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'bug_api.php' );
 	require_once( $t_core_path.'bugnote_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_bugnote_id	= gpc_get_int( 'bugnote_id' );
 	$f_private		= gpc_get_bool( 'private' );
 
Index: manage_config_columns_reset.php
===================================================================
--- manage_config_columns_reset.php	(revision 5116)
+++ manage_config_columns_reset.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path . 'config_api.php' );
 
+    helper_ensure_post();
+    
 	auth_ensure_user_authenticated();
 	auth_reauthenticate();
 
Index: set_project.php
===================================================================
--- set_project.php	(revision 5116)
+++ set_project.php	(working copy)
@@ -20,15 +20,15 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+    
 	$f_project_id	= gpc_get_string( 'project_id' );
 	$f_make_default	= gpc_get_bool  ( 'make_default' );
 	$f_ref			= gpc_get_string( 'ref', '' );
Index: account_prof_make_default.php
===================================================================
--- account_prof_make_default.php	(revision 5116)
+++ account_prof_make_default.php	(working copy)
@@ -2,7 +2,7 @@
 # Mantis - a php based bugtracking system
 
 # Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
-# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
+# Copyright (C) 2002 - 2008  Mantis Team   - mantisbt-dev@lists.sourceforge.net
 
 # Mantis is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -20,24 +20,22 @@
 	# --------------------------------------------------------
 	# $Id$
 	# --------------------------------------------------------
-?>
-<?php
+
 	# Make the specified profile the default
 	# Redirect to account_prof_menu_page.php
-?>
-<?php
+
 	require_once( 'core.php' );
 
 	$t_core_path = config_get( 'core_path' );
 
 	require_once( $t_core_path.'current_user_api.php' );
-?>
-<?php
+
+    helper_ensure_post();
+
 	auth_ensure_user_authenticated();
 
 	current_user_ensure_unprotected();
-?>
-<?php
+
 	$f_profile_id	= gpc_get_int( 'profile_id' );
 
 	current_user_set_pref( 'default_profile', $f_profile_id );
Index: manage_proj_ver_copy.php
===================================================================
--- manage_proj_ver_copy.php	(revision 5116)
+++ manage_proj_ver_copy.php	(working copy)
@@ -27,6 +27,8 @@
 
 	require_once( $t_core_path.'version_api.php' );
 
+    helper_ensure_post();
+    
 	auth_reauthenticate();
 
 	$f_project_id		= gpc_get_int( 'project_id' );