Index: wp-admin/import/utw.php
===================================================================
--- wp-admin/import/utw.php	(revision 5935)
+++ wp-admin/import/utw.php	(working copy)
@@ -31,6 +31,9 @@
 		} else {
 			$step = (int) $_GET['step'];
 		}
+		
+		if ( $step > 1 )
+			check_admin_referer('import-utw');
 
 		// load the header
 		$this->header();
@@ -102,6 +105,7 @@
 		}
 
 		echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
+		wp_nonce_field('import-utw');
 		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 &raquo;').'" /></p>';
 		echo '</form>';
 		echo '</div>';
@@ -137,6 +141,7 @@
 		}
 
 		echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
+		wp_nonce_field('import-utw');
 		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 &raquo;').'" /></p>';
 		echo '</form>';
 		echo '</div>';
@@ -155,6 +160,7 @@
 		echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
 
 		echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
+		wp_nonce_field('import-utw');
 		echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 &raquo;').'" /></p>';
 		echo '</form>';
 		echo '</div>';
Index: wp-admin/import/wp-cat2tag.php
===================================================================
--- wp-admin/import/wp-cat2tag.php	(revision 5935)
+++ wp-admin/import/wp-cat2tag.php	(working copy)
@@ -38,6 +38,7 @@
 
 	function categories_form() {
 		print '<form action="admin.php?import=wp-cat2tag&amp;step=2" method="post">';
+		wp_nonce_field('import-cat2tag');
 		print '<ul style="list-style:none">';
 
 		$hier = _get_term_hierarchy('category');
@@ -144,6 +145,7 @@
 		print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
 
 		print '<form action="admin.php?import=wp-cat2tag" method="post">';
+		wp_nonce_field('import-cat2tag');
 		print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
 		print '</form>';
 
@@ -158,7 +160,6 @@
 	}
 
 	function init() {
-		echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
 
 		if (isset($_POST['maybe_convert_all_cats'])) {
 			$step = 3;
@@ -177,6 +178,9 @@
 			print '<p>' . __('Cheatin&#8217; uh?') . '</p>';
 			print '</div>';
 		} else {
+			if ( $step > 1 )
+				check_admin_referer('import-cat2tag');
+
 			switch ($step) {
 				case 1 :
 					$this->welcome();