Index: openacs-4/packages/acs-templating/www/doc/demo/list7/add-edit.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/www/doc/demo/list7/add-edit.tcl,v
diff -u -N -r1.3.2.1 -r1.3.2.2
--- openacs-4/packages/acs-templating/www/doc/demo/list7/add-edit.tcl	10 Sep 2015 08:22:14 -0000	1.3.2.1
+++ openacs-4/packages/acs-templating/www/doc/demo/list7/add-edit.tcl	25 May 2016 07:40:21 -0000	1.3.2.2
@@ -13,6 +13,8 @@
 } -properties {
     context:onevalue
     page_title:onevalue
+} -validate {
+    csrf { security::csrf::validate }
 }
 
 # When using ad_form to generate or edit acs_objects, the object type's
Index: openacs-4/packages/acs-templating/www/doc/demo/list8/index.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-templating/www/doc/demo/list8/index.tcl,v
diff -u -N -r1.3.2.1 -r1.3.2.2
--- openacs-4/packages/acs-templating/www/doc/demo/list8/index.tcl	10 Sep 2015 08:22:15 -0000	1.3.2.1
+++ openacs-4/packages/acs-templating/www/doc/demo/list8/index.tcl	25 May 2016 07:40:21 -0000	1.3.2.2
@@ -6,13 +6,19 @@
   @creation-date 2000-10-23
   @cvs-id $Id$
 } -query {
-  orderby:optional
-  color_filter_value:optional
+  orderby:token,notnull,optional
+  color_filter_value:optional,trim,notnull
   page:naturalnum,optional
 } -properties {
   notes:multirow
   context:onevalue
   create_p:onevalue
+} -validate {
+    valid_color -requires color_filter_value {
+        if {$color_filter_value ni {blue green purple red orange yellow}} {
+            ad_complain "Invalid value: $color_filter_value"
+        }
+    }
 }
 
 set package_id [ad_conn package_id]