diff --git a/classes/handler/public.php b/classes/handler/public.php
index 135cdcbc7..7f8d01ad0 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -728,6 +728,7 @@ class Handler_Public extends Handler {
 		if ($_SESSION["uid"]) {
 
 			$feed_url = trim(clean($_REQUEST["feed_url"]));
+			$csrf_token = clean($_REQUEST["csrf_token"]);
 
 			header('Content-Type: text/html; charset=utf-8');
 			?>
@@ -774,10 +775,11 @@ class Handler_Public extends Handler {
 			<div class='content'>
 			<?php
 
-			if (!$feed_url) {
+			if (!$feed_url || $csrf_token != $_SESSION["csrf_token"]) {
 				?>
 				<form method="post">
 					<input type="hidden" name="op" value="subscribe">
+					<?php print_hidden("csrf_token", $_SESSION["csrf_token"]) ?>
 					<fieldset>
 						<label>Feed or site URL:</label>
 						<input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url">
@@ -820,6 +822,7 @@ class Handler_Public extends Handler {
 
 					print "<form action='public.php'>";
 					print "<input type='hidden' name='op' value='subscribe'>";
+					print_hidden("csrf_token", $_SESSION["csrf_token"]);
 
 					print "<fieldset>";
 					print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>";