diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index a6b5f09cf..fa2c87f8c 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -18,6 +18,8 @@
 class AttachmentsController < ApplicationController
   layout "users_base"
 
+  before_filter :verify_authenticity_token, only: [:uploa]
+
   before_filter :find_project, :only => [:show, :download, :thumbnail, :destroy, :delete_homework]#, :except => [:upload, :autocomplete]
   before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young
   before_filter :delete_authorize, :only => [:destroy]