CSRF Token + small fixes

core/Api/ApiKey/Create.class.php

@@ -9,6 +9,7 @@ class Create extends Request {
   public function __construct($user, $externalCall = false) {
     parent::__construct($user, $externalCall, array());
     $this->apiKeyAllowed = false;
+    $this->csrfTokenRequired = true;
     $this->loginRequired = true;
   }
 

core/Api/ApiKey/Fetch.class.php

@@ -12,6 +12,7 @@ class Fetch extends Request {
   public function __construct($user, $externalCall = false) {
     parent::__construct($user, $externalCall, array());
     $this->loginRequired = true;
+    $this->csrfTokenRequired = true;
   }
 
   public function execute($values = array()) {

core/Api/ApiKey/Refresh.class.php

@@ -13,6 +13,7 @@ class Refresh extends Request {
       "id" => new Parameter("id", Parameter::TYPE_INT),
     ));
     $this->loginRequired = true;
+    $this->csrfTokenRequired = true;
   }
 
   private function apiKeyExists() {

core/Api/ApiKey/Revoke.class.php

@@ -13,6 +13,7 @@ class Revoke extends Request {
       "id" => new Parameter("id", Parameter::TYPE_INT),
     ));
     $this->loginRequired = true;
+    $this->csrfTokenRequired = true;
   }
 
   private function apiKeyExists() {