diff --git a/Admin/Routes/Web/Api.php b/Admin/Routes/Web/Api.php
index 85801a1..88f0613 100644
--- a/Admin/Routes/Web/Api.php
+++ b/Admin/Routes/Web/Api.php
@@ -22,6 +22,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiAccountCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -31,6 +32,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiAccountUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -42,6 +44,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiAccountL11nCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -51,6 +54,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiAccountL11nUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -63,6 +67,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostCenterCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -72,6 +77,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostCenterUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -83,6 +89,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostCenterL11nCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -92,6 +99,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostCenterL11nUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -104,6 +112,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostObjectCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -113,6 +122,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostObjectUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -124,6 +134,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostObjectL11nCreate',
             'verb'       => RouteVerb::PUT,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
@@ -133,6 +144,7 @@ return [
         [
             'dest'       => '\Modules\Accounting\Controller\ApiController:apiCostObjectL11nUpdate',
             'verb'       => RouteVerb::SET,
+            'csrf'       => true,
             'permission' => [
                 'module' => ApiController::NAME,
                 'type'   => PermissionType::CREATE,
diff --git a/Theme/Backend/coa-view.tpl.php b/Theme/Backend/coa-view.tpl.php
index 8c0c350..fa5f220 100644
--- a/Theme/Backend/coa-view.tpl.php
+++ b/Theme/Backend/coa-view.tpl.php
@@ -11,12 +11,12 @@ echo $this->data['nav']->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="portlet">
-            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/coa'); ?>">
+            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/coa?csrf={$CSRF}'); ?>">
                 <div class="portlet-head"><?= $this->getHtml('Account'); ?></div>
                 <div class="portlet-body">
                     <div class="form-group">
                         <label for="iId"><?= $this->getHtml('ID', '0', '0'); ?></label>
-                        <input type="text" name="id" id="iId" value="<?= $this->printHtml($account->id); ?>" disabled>
+                        <input type="text" name="id" id="iId" value="<?= $account->id; ?>" disabled>
                     </div>
 
                     <div class="form-group">
@@ -35,7 +35,11 @@ echo $this->data['nav']->render(); ?>
                     </div>
                 </div>
                 <div class="portlet-foot">
-                    <input id="iSubmit" name="submit" type="submit" value="<?= $this->getHtml('Save', '0', '0'); ?>">
+                    <?php if ($isNew) : ?>
+                        <input id="iCreateSubmit" type="Submit" value="<?= $this->getHtml('Create', '0', '0'); ?>">
+                    <?php else : ?>
+                        <input id="iSaveSubmit" type="Submit" value="<?= $this->getHtml('Save', '0', '0'); ?>">
+                    <?php endif; ?>
                 </div>
             </form>
         </section>
@@ -47,7 +51,7 @@ echo $this->data['nav']->render(); ?>
     <?= $this->data['l11nView']->render(
         $this->data['l11nValues'],
         [],
-        '{/api}accounting/coa/l11n'
+        '{/api}accounting/coa/l11n?csrf={$CSRF}'
     );
     ?>
 </div>
diff --git a/Theme/Backend/costcenter-list.tpl.php b/Theme/Backend/costcenter-list.tpl.php
index 9049f17..ad463e7 100755
--- a/Theme/Backend/costcenter-list.tpl.php
+++ b/Theme/Backend/costcenter-list.tpl.php
@@ -46,9 +46,5 @@ echo $this->data['nav']->render(); ?>
                 <tr><td colspan="3" class="empty"><?= $this->getHtml('Empty', '0', '0'); ?>
             <?php endif; ?>
         </table>
-        <div class="portlet-foot">
-            <a tabindex="0" class="button" href="<?= UriFactory::build($previous); ?>"><?= $this->getHtml('Previous', '0', '0'); ?></a>
-            <a tabindex="0" class="button" href="<?= UriFactory::build($next); ?>"><?= $this->getHtml('Next', '0', '0'); ?></a>
-        </div>
     </div>
 </div>
diff --git a/Theme/Backend/costcenter-view.tpl.php b/Theme/Backend/costcenter-view.tpl.php
index 7517797..a11f918 100644
--- a/Theme/Backend/costcenter-view.tpl.php
+++ b/Theme/Backend/costcenter-view.tpl.php
@@ -11,12 +11,12 @@ echo $this->data['nav']->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="portlet">
-            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/costcenter'); ?>">
+            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/costcenter?csrf={$CSRF}'); ?>">
                 <div class="portlet-head"><?= $this->getHtml('CostCenter'); ?></div>
                 <div class="portlet-body">
                     <div class="form-group">
                         <label for="iId"><?= $this->getHtml('ID', '0', '0'); ?></label>
-                        <input type="text" name="id" id="iId" value="<?= $this->printHtml($costcenter->id); ?>" disabled>
+                        <input type="text" name="id" id="iId" value="<?= $costcenter->id; ?>" disabled>
                     </div>
 
                     <div class="form-group">
@@ -51,7 +51,7 @@ echo $this->data['nav']->render(); ?>
     <?= $this->data['l11nView']->render(
         $this->data['l11nValues'],
         [],
-        '{/api}accounting/costcenter/l11n'
+        '{/api}accounting/costcenter/l11n?csrf={$CSRF}'
     );
     ?>
 </div>
diff --git a/Theme/Backend/costobject-list.tpl.php b/Theme/Backend/costobject-list.tpl.php
index f91a3b7..096b71b 100755
--- a/Theme/Backend/costobject-list.tpl.php
+++ b/Theme/Backend/costobject-list.tpl.php
@@ -46,9 +46,5 @@ echo $this->data['nav']->render(); ?>
                 <tr><td colspan="3" class="empty"><?= $this->getHtml('Empty', '0', '0'); ?>
             <?php endif; ?>
         </table>
-        <div class="portlet-foot">
-            <a tabindex="0" class="button" href="<?= UriFactory::build($previous); ?>"><?= $this->getHtml('Previous', '0', '0'); ?></a>
-            <a tabindex="0" class="button" href="<?= UriFactory::build($next); ?>"><?= $this->getHtml('Next', '0', '0'); ?></a>
-        </div>
     </div>
 </div>
diff --git a/Theme/Backend/costobject-view.tpl.php b/Theme/Backend/costobject-view.tpl.php
index d50a3c8..d475742 100644
--- a/Theme/Backend/costobject-view.tpl.php
+++ b/Theme/Backend/costobject-view.tpl.php
@@ -11,12 +11,12 @@ echo $this->data['nav']->render(); ?>
 <div class="row">
     <div class="col-xs-12 col-md-6">
         <section class="portlet">
-            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/costobject'); ?>">
+            <form method="<?= $isNew ? 'PUT' : 'POST'; ?>" action="<?= UriFactory::build('{/api}accounting/costobject?csrf={$CSRF}'); ?>">
                 <div class="portlet-head"><?= $this->getHtml('CostCenter'); ?></div>
                 <div class="portlet-body">
                     <div class="form-group">
                         <label for="iId"><?= $this->getHtml('ID', '0', '0'); ?></label>
-                        <input type="text" name="id" id="iId" value="<?= $this->printHtml($costobject->id); ?>" disabled>
+                        <input type="text" name="id" id="iId" value="<?= $costobject->id; ?>" disabled>
                     </div>
 
                     <div class="form-group">
@@ -51,7 +51,7 @@ echo $this->data['nav']->render(); ?>
     <?= $this->data['l11nView']->render(
         $this->data['l11nValues'],
         [],
-        '{/api}accounting/costobject/l11n'
+        '{/api}accounting/costobject/l11n?csrf={$CSRF}'
     );
     ?>
 </div>