diff --git a/public/delete.php b/public/delete.php
index 0bc6c194..e13eb026 100644
--- a/public/delete.php
+++ b/public/delete.php
@@ -19,14 +19,15 @@
 
 require_once('common.php');
 
-if (safeget('token') != $_SESSION['PFA_token']) {
+
+if (safepost('token') != $_SESSION['PFA_token']) {
     die('Invalid token!');
 }
 
 $username = authentication_get_username(); # enforce login
 
-$id    = safeget('delete');
-$table = safeget('table');
+$id    = safepost('delete');
+$table = safepost('table');
 
 $handlerclass = ucfirst($table) . 'Handler';
 
diff --git a/templates/bootstrap/list-virtual_mailbox.tpl b/templates/bootstrap/list-virtual_mailbox.tpl
index 94b7cb8e..353fa6e6 100644
--- a/templates/bootstrap/list-virtual_mailbox.tpl
+++ b/templates/bootstrap/list-virtual_mailbox.tpl
@@ -98,8 +98,16 @@
 				<td><a href="edit.php?table=alias&amp;edit={$item.username|escape:"url"}">{$PALANG.alias}</a></td>
 			{/if}
 			<td><a href="edit.php?table=mailbox&amp;edit={$item.username|escape:"url"}">{$PALANG.edit}</a></td>
-			<td><a href="delete.php?table=mailbox&amp;delete={$item.username|escape:"url"}&amp;token={$smarty.session.PFA_token|escape:"url"}"
-				onclick="return confirm ('{$PALANG.confirm}{$PALANG.mailboxes}: {$item.username}');">{$PALANG.del}</a></td>
+			<td>
+				<form method="post" action="delete.php">
+					<input type="hidden" name="table" value="mailbox">
+					<input type="hidden" name="delete" value="{$item.username|escape:"quotes"}">
+					<input type="hidden" name="token" value="{$smarty.session.PFA_token|escape:"quotes"}">
+					<button type="submit" class="btn btn-danger" onclick="return confirm ('{$PALANG.confirm}{$PALANG.mailboxes}: {$item.username}');">
+						{$PALANG.del}
+					</button>
+				</form>
+			</td>
 		</tr>
 	{/foreach}
 	</tbody>