--- runPHP.old.php	2007-02-07 17:22:42.000000000 -0500
+++ runPHP.php	2007-02-12 22:23:38.000000000 -0500
@@ -174,6 +174,8 @@
          <label class="selectit">
          <input type="checkbox" name="runphp_eval"
           value="true" <?php echo $checked; ?> > <?php _e('run PHP code?', 'runPHP'); ?></label>
+         <input type="hidden" name="runphp-verify-key" id="runphp-verify-key"
+          value="<?php echo wp_create_nonce('runphp') ?>" />
       </div>
       </fieldset>
    <?php
@@ -243,10 +245,11 @@
 
       if (!runPHP::hasPermission())
          return;
+      if ( !wp_verify_nonce($_POST['runphp-verify-key'], 'runphp') )
+		return;
 
       if (!isset($id))
          $id = $_REQUEST['post_ID'];