diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 6557af3e4..459b54784 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -204,9 +204,10 @@ class ProjectsController < ApplicationController
       end
     end
   end
-  
+
+  verify :method => :post, :only => :modules, :render => {:nothing => true, :status => :method_not_allowed }
   def modules
-    @project.enabled_module_names = params[:enabled_modules]
+    @project.enabled_module_names = params[:enabled_module_names]
     flash[:notice] = l(:notice_successful_update)
     redirect_to :action => 'settings', :id => @project, :tab => 'modules'
   end
diff --git a/app/views/projects/settings/_modules.rhtml b/app/views/projects/settings/_modules.rhtml
index c123b4c9c..9e0f92caa 100644
--- a/app/views/projects/settings/_modules.rhtml
+++ b/app/views/projects/settings/_modules.rhtml
@@ -7,7 +7,7 @@
 <legend><%= l(:text_select_project_modules) %></legend>
 
 <% Redmine::AccessControl.available_project_modules.each do |m| %>
-<p><label><%= check_box_tag 'enabled_modules[]', m, @project.module_enabled?(m) -%>
+<p><label><%= check_box_tag 'enabled_module_names[]', m, @project.module_enabled?(m) -%>
  <%= l_or_humanize(m, :prefix => "project_module_") %></label></p>
 <% end %>
 </fieldset>
diff --git a/test/functional/projects_controller_test.rb b/test/functional/projects_controller_test.rb
index 0b77daa50..fefb8d53b 100644
--- a/test/functional/projects_controller_test.rb
+++ b/test/functional/projects_controller_test.rb
@@ -288,15 +288,10 @@ class ProjectsControllerTest < ActionController::TestCase
     end
   end
   
-  context "GET :create" do
-    setup do
-      @request.session[:user_id] = 1
-    end
-    
-    should "not be allowed" do
-      get :create
-      assert_response :method_not_allowed
-    end
+  def test_create_should_not_accept_get
+    @request.session[:user_id] = 1
+    get :create
+    assert_response :method_not_allowed
   end
   
   def test_show_by_id
@@ -376,6 +371,21 @@ class ProjectsControllerTest < ActionController::TestCase
     project = Project.find(1)
     assert_equal 'Test changed name', project.name
   end
+
+  def test_modules
+    @request.session[:user_id] = 2
+    Project.find(1).enabled_module_names = ['issue_tracking', 'news']
+    
+    post :modules, :id => 1, :enabled_module_names => ['issue_tracking', 'repository', 'documents']
+    assert_redirected_to '/projects/ecookbook/settings/modules'
+    assert_equal ['documents', 'issue_tracking', 'repository'], Project.find(1).enabled_module_names.sort
+  end
+
+  def test_modules_should_not_allow_get
+    @request.session[:user_id] = 1
+    get :modules, :id => 1
+    assert_response :method_not_allowed
+  end
   
   def test_get_destroy
     @request.session[:user_id] = 1 # admin