diff --git a/pages/regions.php b/pages/regions.php
index 894a967..723d1d1 100644
--- a/pages/regions.php
+++ b/pages/regions.php
@@ -40,15 +40,21 @@
         return array();
     }
 
-    if(isset($_REQUEST['action']) && isset($_REQUEST['region']) && $_REQUEST['action'] == 'remove' && $_REQUEST['region'] != '')
+    if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_REQUEST['remove']))
     {
-        if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100)
-        {
-            $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?");
-            $statementMembership->execute(array($_REQUEST['region'])); 
-        }else{
-            $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ? AND owner_uuid = ?");
-            $statementMembership->execute(array($_REQUEST['region'], $_SESSION['UUID'])); 
+        include 'app/FormValidator.php';
+        $validator = new FormValidator(array(
+            'region' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
+        ));
+
+        if($validator->isValid($_POST)) {
+            if(isset($_SESSION['LEVEL']) && $_SESSION['LEVEL'] >= 100) {
+                $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ?");
+                $statementMembership->execute(array($_POST['region']));
+            } else {
+                $statementMembership = $RUNTIME['PDO']->prepare("DELETE FROM regions WHERE uuid = ? AND owner_uuid = ?");
+                $statementMembership->execute(array($_POST['region'], $_SESSION['UUID']));
+            }
         }
 
         header('Location: index.php?page=regions');
@@ -68,7 +74,7 @@
     {
         $stats = getRegionStatsData($row['uuid']);
 
-        $entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><a href="index.php?page=regions&action=remove&region='.$row['uuid'].'">LÖSCHEN</a></td></tr>';       
+        $entry = '<tr><td>'.htmlspecialchars($row['regionName']).'<div class="blockquote-footer">Prims: '.$stats['Prims'].'; RAM-Nutzung: '.$stats['ProcMem'].'; SIM/PHYS FPS: '.$stats['SimFPS'].'/'.$stats['PhyFPS'].' ('.$stats['RegionVersion'].')</div></td><td>'.htmlspecialchars($opensim->getUserName($row['owner_uuid'])).'</td><td>'.fillString(($row['locX'] / 256), 4).' / '.fillString(($row['locY'] / 256), 4).'</td><td><form action="index.php?page=regions" method="post">%%CSRF%%<input type="hidden" name="region" value="'.$row['uuid'].'"><button type="submit" name="remove" class="btn btn-link btn-sm">LÖSCHEN</button></form></td></tr>';       
         $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
     }