This patch for UliCMS fixes the issue by adding CSRF tokens and a token validation to the forms.
The token check was not added to module forms like the module settings,
since this will cause compatibility problems.
Token checks for modules will be added in release 8.0.2 of UliCMS.
The following API-Calls were added:
get_csrf_token() - to generate a token
get_csrf_token_html() - get the html code for a hidden input field containing the csrf_token
csrf_token_html() - echo html code for a hidden input field containing the csrf_token
check_csrf_token() - Validate csrf_token
To apply the patch simply upload the content of the "patch" folder
to the UliCMS root folder at your FTP server and replace existing files.