diff --git a/webtools/update/developers/categorymanager.php b/webtools/update/developers/categorymanager.php
index 53dccb0eebbf..ae97ff190081 100755
--- a/webtools/update/developers/categorymanager.php
+++ b/webtools/update/developers/categorymanager.php
@@ -27,13 +27,15 @@ if (!$function) {
 ?>
 <?php
 if ($_POST["submit"]=="Create Category") {
-  if ($_POST[cattype]=="other") {$_POST["cattype"]=$_POST["othertype"];}
-    $catname = $_POST["catname"];
-    $catdesc = $_POST["catdesc"];
-    $cattype = $_POST["cattype"];
-    $catapp = $_POST["catapp"];
-   	$sql = "INSERT INTO `t_categories` (`CatName`, `CatDesc`, `CatType`, `CatApp`) VALUES ('$catname', '$catdesc', '$cattype', '$catapp');";
+  if ($_POST[cattype]=="other") $_POST["cattype"]=$_POST["othertype"];
+  $catname = $_POST["catname"];
+  $catdesc = $_POST["catdesc"];
+  $cattype = $_POST["cattype"];
+  $catapp = $_POST["catapp"];
+  if (checkFormKey()) {
+    $sql = "INSERT INTO `t_categories` (`CatName`, `CatDesc`, `CatType`, `CatApp`) VALUES ('$catname', '$catdesc', '$cattype', '$catapp');";
     $result = mysql_query($sql) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
+  }
 }
 ?>
 <h1>Manage Category List</h1>
@@ -70,7 +72,7 @@ $typenames = array("E"=>"Extensions", "T"=>"Themes","P"=>"Plugins");
 
 <?php
  $i=0;
- $sql = "SELECT * FROM `t_categories` WHERE `CatType` LIKE '$type' ORDER BY `CatType`,`CatName`";
+ $sql = "SELECT * FROM `t_categories` WHERE `CatType` LIKE '$type' AND `CatApp`='$application' ORDER BY `CatType`,`CatName`";
  $sql_result = mysql_query($sql, $connection) or trigger_error("MySQL Error ".mysql_errno().": ".mysql_error()."", E_USER_NOTICE);
    while ($row = mysql_fetch_array($sql_result)) {
     $categoryid = $row["CategoryID"];
@@ -86,13 +88,13 @@ $typenames = array("E"=>"Extensions", "T"=>"Themes","P"=>"Plugins");
     echo"</tr>\n";
 }
 
-
 }
 ?>
 </table>
 <h2>New Category for <?php echo ucwords($application); ?><BR></h2>
 <div style="font-size: 10pt; font-weight: bold">
 <form name="addapplication" method="post" action="?function=&action=addnewcategory">
+<?writeFormKey();?>
 <input name="catapp" type="hidden" value="<?php echo strtolower($application); ?>">
 Name: <input name="catname" type="text" value="" size="30" maxlength="100"><BR>
 Description: <input name="catdesc" type="text" value="" size="50" maxlength="100"><BR>
@@ -124,17 +126,20 @@ if ($_POST["submit"] == "Update") {
   $catname = $_POST["catname"];
   $catdesc = $_POST["catdesc"];
   $cattype = $_POST["cattype"];
+  if (checkFormKey()) {
     $sql = "UPDATE `t_categories` SET `CatName`='$catname', `CatDesc`='$catdesc', `CatType`='$cattype' WHERE `CategoryID`='$categoryid'";
     $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
 
-  echo"Your update to $catname, has been submitted successfully...<br>";
+    echo"Your update to $catname, has been submitted successfully...<br>";
+  }
 
 } else if ($_POST["submit"] == "Delete Category") {
   echo"<h2>Processing Delete Request, please wait...</h2>\n";
   $categoryid = $_POST["categoryid"];
-  $sql = "DELETE FROM `t_categories` WHERE `CategoryID`='$categoryid'";
-  $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
-
+  if (checkFormKey()) {
+    $sql = "DELETE FROM `t_categories` WHERE `CategoryID`='$categoryid'";
+    $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
+  }
   echo"You've successfully deleted the category '$catname'...<br>";
 }
 
@@ -153,6 +158,7 @@ if (!$categoryid) { $categoryid = $_POST["categoryid"]; }
 <div class="editbox">
     <h3>Edit Category <?php echo"$catname for ".ucwords($catapp); ?>:</h3>
 <form name="editcategory" method="post" action="?function=editcategory">
+<?writeFormKey();?>
 <?php
   echo"Name:  <input name=\"catname\" type=\"text\" value=\"$catname\" size=\"30\" maxlength=\"100\"><br>\n";
   echo"Description:  <input name=\"catdesc\" type=\"text\" value=\"$catdesc\" size=\"50\" maxlength=\"100\"><br>\n";
@@ -166,6 +172,7 @@ if (!$categoryid) { $categoryid = $_POST["categoryid"]; }
 <A HREF="?function=">&#171;&#171; Return to Category Manager</A>
 </div>
 <?php
+
 } else {}
 ?>
 
diff --git a/webtools/update/developers/faqmanager.php b/webtools/update/developers/faqmanager.php
index fabbbd6b6f69..9c1ca83ce3c3 100755
--- a/webtools/update/developers/faqmanager.php
+++ b/webtools/update/developers/faqmanager.php
@@ -67,7 +67,7 @@ if (!$function) {
 
 <h2><a href="?function=addentry">New FAQ Entry</A></h2>
 <form name="addapplication" method="post" action="?function=addentry">
-
+<?writeFormKey();?>
   Title: <input name="title" type="text" size="30" maxlength="150" value="">
 <input name="submit" type="submit" value="Next &#187;&#187;"></SPAN>
 </form>
@@ -85,23 +85,27 @@ if (!$function) {
     $text = $_POST["text"];
     $active = $_POST["active"];
     $id = $_POST["id"];
-    $sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
-    $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
-    if ($sql_result) {
-        echo"Your update to '$title', has been successful.<br>";
+    if (checkFormKey()) {
+      $sql = "UPDATE `t_faq` SET `title`='$title', `index`='$index', `alias`='$alias', `text`='$text', `active`='$active' WHERE `id`='$id'";
+      $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
+      if ($sql_result) {
+          echo"Your update to '$title', has been successful.<br>";
+      }
     }
 
   } else if ($_POST["submit"] == "Delete Entry") {
     echo"<h2>Processing, please wait...</h2>\n";
     $id = $_POST["id"];
     $title = $_POST["title"];
-    $sql = "DELETE FROM `t_faq` WHERE `id`='$id'";
-    $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
-    if ($sql_result) {
-        echo"You've successfully deleted the FAQ Entry '$title'.";
-        include"$page_footer";
-        echo"</body>\n</html>\n"; 
-        exit;
+    if (checkFormKey()) {
+      $sql = "DELETE FROM `t_faq` WHERE `id`='$id'";
+      $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
+      if ($sql_result) {
+          echo"You've successfully deleted the FAQ Entry '$title'.";
+          include"$page_footer";
+          echo"</body>\n</html>\n"; 
+          exit;
+      }
     }
 }
 
@@ -113,6 +117,7 @@ if (!$function) {
 
 <h3>Edit FAQ Entry:</h3>
 <form name="editfaq" method="post" action="?function=edit">
+<?writeFormKey();?>
 <?php
   echo"<input name=\"id\" type=\"hidden\" value=\"".$row["id"]."\" />\n";
   echo"Title: <input name=\"title\" type=\"text\" size=\"40\" maxlength=\"150\" value=\"".$row["title"]."\"> ";
@@ -164,16 +169,19 @@ if ($active=="YES") {
     $text = $_POST["text"];
     $active = $_POST["active"];
     $id = $_POST["id"];
-     $sql = "INSERT INTO `t_faq` (`title`,`index`,`alias`, `text`, `active`) VALUES ('$title','$index','$alias', '$text', '$active')";
-     $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
-     if ($sql_result) {
+    if (checkFormKey()) {
+      $sql = "INSERT INTO `t_faq` (`title`,`index`,`alias`, `text`, `active`) VALUES ('$title','$index','$alias', '$text', '$active')";
+      $sql_result = mysql_query($sql, $connection) or trigger_error("<div class=\"error\">MySQL Error ".mysql_errno().": ".mysql_error()."</div>", E_USER_NOTICE);
+      if ($sql_result) {
         echo"The entry '$title' has been successfully added.<br>\n";
-     }
+      }
+    }
   }
 ?>
 
 <h2>Add FAQ Entry:</h2>
 <form name="addfaq" method="post" action="?function=addentry">
+<?writeFormKey();?>
 <?php
 $title = $_POST["title"];
 
diff --git a/webtools/update/developers/login.php b/webtools/update/developers/login.php
index 6cf8dc2b7cdc..13e27a0944c8 100755
--- a/webtools/update/developers/login.php
+++ b/webtools/update/developers/login.php
@@ -3,7 +3,8 @@ require"../core/config.php";
 require"core/sessionconfig.php";
 
 $password = md5($_POST[password]);
-$sql = "SELECT DISTINCT `UserID`, `UserEmail`,`UserName`,`UserMode`,`UserTrusted` FROM `t_userprofiles` WHERE `UserEmail` = '$_POST[email]' && `UserPass` = '$password' LIMIT 1";
+$email = $_POST["email"];
+$sql = "SELECT DISTINCT `UserID`, `UserEmail`,`UserName`,`UserMode`,`UserTrusted` FROM `t_userprofiles` WHERE `UserEmail` = '$email' && `UserPass` = '$password' LIMIT 1";
 $sql_result = mysql_query($sql, $connection) or trigger_error("<FONT COLOR=\"#FF0000\"><B>MySQL Error ".mysql_errno().": ".mysql_error()."</B></FONT>", E_USER_NOTICE);
   $num = mysql_num_rows($sql_result);
 
diff --git a/webtools/update/developers/previews.php b/webtools/update/developers/previews.php
index 0964fe7d0728..ba88bd4b4536 100755
--- a/webtools/update/developers/previews.php
+++ b/webtools/update/developers/previews.php
@@ -191,6 +191,11 @@ if ($type=="2" or $type=="3") {
 
 //Destination Properties for the Display Image
 //Output Image Dimensions
+
+//Limit Max.
+if ($width > "690") {$width="690";}
+if ($width > "520") {$width="520";}
+
 $dest_width="$width"; // Destination Width /$tn_size_width
 $dest_height_fixed="$height"; // Destination Height / $tn_size_height (Fixed)
 $dest_height= ($src_height * $dest_width) / $src_width; // (Aspect Ratio Variable Height