diff --git a/op/op.UploadChunks.php b/op/op.UploadChunks.php
index 44c47bae2..a05f18562 100644
--- a/op/op.UploadChunks.php
+++ b/op/op.UploadChunks.php
@@ -26,11 +26,13 @@ include("../inc/inc.Init.php");
 include("../inc/inc.Extension.php");
 include("../inc/inc.DBInit.php");
 include("../inc/inc.ClassUI.php");
-include("../inc/inc.Authentication.php");
+//include("../inc/inc.Authentication.php");
 
-//print_r($_FILES);
-//print_r($_POST);
-//exit;
+if(empty($_GET['formkey']) || $_GET['formkey'] != md5($settings->_encryptionKey.'uploadchunks')) {
+	header("Content-Type: text/plain");
+	echo json_encode(array('success'=>false, 'error'=>'Wrong formkey'));
+	exit;
+}
 
 $file_param_name = 'qqfile';
 $file_name = $_FILES[ $file_param_name ][ 'name' ];
diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php
index 986ce77cb..f424305ed 100644
--- a/views/bootstrap/class.Bootstrap.php
+++ b/views/bootstrap/class.Bootstrap.php
@@ -2752,7 +2752,7 @@ $(document).ready(function() {
 		element: $('#<?php echo $prefix; ?>-fine-uploader')[0],
 		template: 'qq-template',
 		request: {
-			endpoint: '<?php echo $uploadurl; ?>'
+			endpoint: '<?php echo $uploadurl."?formkey=".md5($this->params['settings']->_encryptionKey.'uploadchunks'); ?>'
 		},
 <?php echo ($maxuploadsize > 0 ? '
 		validation: {