diff --git a/module/blog/blog.php b/module/blog/blog.php
index 5a554a85..5de45b4d 100755
--- a/module/blog/blog.php
+++ b/module/blog/blog.php
@@ -113,7 +113,7 @@ class blog extends common {
 				$comment['userId'] ? $this->getData(['user', $comment['userId'], 'firstname']) . ' ' . $this->getData(['user', $comment['userId'], 'lastname']) : $comment['author'],
 				template::button('blogCommentDelete' . $commentIds[$i], [
 					'class' => 'blogCommentDelete buttonRed',
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i],
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/comment-delete/' . $comment['articleId'] . '/' . $commentIds[$i] . '/' . $_SESSION['csrf'] ,
 					'value' => template::ico('cancel')
 				])
 			];
@@ -136,6 +136,14 @@ class blog extends common {
 				'access' => false
 			]);
 		}
+		// Jeton incorrect
+		elseif ($this->getUrl(4) !== $_SESSION['csrf']) {
+			// Valeurs en sortie
+			$this->addOutput([
+				'redirect' => helper::baseUrl()  . $this->getUrl(0) . '/config',
+				'notification' => 'Action non autorisée'
+			]);
+		}	
 		// Suppression
 		else {
 			$this->deleteData(['module', $this->getUrl(0), $this->getUrl(2), 'comment', $this->getUrl(3)]);
@@ -169,12 +177,12 @@ class blog extends common {
 				utf8_encode(strftime('%H:%M', $this->getData(['module', $this->getUrl(0), $articleIds[$i], 'publishedOn']))),				
 				self::$states[$this->getData(['module', $this->getUrl(0), $articleIds[$i], 'state'])],
 				template::button('blogConfigEdit' . $articleIds[$i], [
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i]. '/' . $_SESSION['csrf'],
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
 					'value' => template::ico('pencil')
 				]),
 				template::button('blogConfigDelete' . $articleIds[$i], [
 					'class' => 'blogConfigDelete buttonRed',
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i]. '/' . $_SESSION['csrf'],
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/delete/' . $articleIds[$i] . '/' . $_SESSION['csrf'],
 					'value' => template::ico('cancel')
 				])
 			];
diff --git a/module/blog/view/article/article.php b/module/blog/view/article/article.php
index 80008a55..3fe44fa4 100755
--- a/module/blog/view/article/article.php
+++ b/module/blog/view/article/article.php
@@ -115,7 +115,7 @@ code d'origine
     <div class="col2 offset8">
  		<?php echo template::button('blogEdit', [
 					'class' => 'buttonBlue',
-					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1),
+					'href' => helper::baseUrl() . $this->getUrl(0) . '/edit/' . $this->getUrl(1) . '/' . $_SESSION['csrf'],
 					'value' => 'Editer'
 		]); ?>
     </div>