Fixed CSRF vulnerability - added Drupal-style checks for validation token for all Ajax requests. Minor refactoring for a method name.