Index: t3lib/class.t3lib_tceforms.php
===================================================================
--- t3lib/class.t3lib_tceforms.php	(Revision 8481)
+++ t3lib/class.t3lib_tceforms.php	(Arbeitskopie)
@@ -2549,8 +2549,8 @@
 
 									// Makes a "Add new" link:
 								$var = uniqid('idvar');
-								$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '"+' . $var . '+"-")';
-								$onClickInsert = 'var ' . $var . ' = "' . $idTagPrefix . '-idx"+(new Date()).getTime();';
+								$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '-"+' . $var . '+"-")';
+								$onClickInsert = 'var ' . $var . ' = "' . 'idx"+(new Date()).getTime();';
 									// Do not replace $isTagPrefix in setActionStatus() because it needs section id!
 								$onClickInsert .= 'new Insertion.Bottom($("'.$idTagPrefix.'"), unescape("'.rawurlencode($newElementTemplate).'").' . $replace . '); setActionStatus("'.$idTagPrefix.'");';
 								$onClickInsert .= 'eval(unescape("' . rawurlencode(implode(';', $this->additionalJS_post)) . '").' . $replace . ');';
Index: typo3/class.browse_links.php
===================================================================
--- typo3/class.browse_links.php	(Revision 8481)
+++ typo3/class.browse_links.php	(Arbeitskopie)
@@ -926,7 +926,7 @@
 		';
 
 		if ($this->mode == 'wizard')	{	// Functions used, if the link selector is in wizard mode (= TCEforms fields)
-			if (!$this->areFieldChangeFunctionsValid()) {
+			if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
 				$this->P['fieldChangeFunc'] = array();
 			}
 			unset($this->P['fieldChangeFunc']['alert']);
@@ -941,6 +941,7 @@
 			$P2['itemName']=$this->P['itemName'];
 			$P2['formName']=$this->P['formName'];
 			$P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+			$P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
 			$P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
 			$P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
 			$addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
@@ -2767,13 +2768,33 @@
 	 * Determines whether submitted field change functions are valid
 	 * and are coming from the system and not from an external abuse.
 	 *
+	 * @param boolean $allowFlexformSections Whether to handle flexform sections differently
 	 * @return boolean Whether the submitted field change functions are valid
 	 */
-	protected function areFieldChangeFunctionsValid() {
-		return (
-			isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
-			&& $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
-		);
+	protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+		$result = FALSE;
+
+		if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+			$matches = array();
+			$pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+			$fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+				// Special handling of flexform sections:
+				// Field change functions are modified in JavaScript, thus the hash is always invalid
+			if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+				$originalName = $matches[1];
+				$cleanedName = $matches[2] . $matches[4];
+
+				foreach ($fieldChangeFunctions as &$value) {
+					$value = str_replace($originalName, $cleanedName, $value);
+				}
+			}
+
+			$result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+		}
+
+		return $result;
 	}
 }