diff --git a/.mokogitea/workflows/issue-branch.yml b/.mokogitea/workflows/issue-branch.yml
index 5a995a6..6a28af8 100644
--- a/.mokogitea/workflows/issue-branch.yml
+++ b/.mokogitea/workflows/issue-branch.yml
@@ -5,7 +5,7 @@
 # FILE INFORMATION
 # DEFGROUP: Gitea.Workflow
 # INGROUP: mokocli.Automation
-# VERSION: 01.38.01
+# VERSION: 01.38.02
 # BRIEF: Auto-create feature branch when an issue is opened
 
 name: "Universal: Issue Branch"
diff --git a/README.md b/README.md
index b01da38..e72eee5 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # MokoSuiteBackup
 
-<!-- VERSION: 01.38.01 -->
+<!-- VERSION: 01.38.02 -->
 
 Full-site backup and restore for Joomla — database, files, and configuration.
 
diff --git a/source/packages/com_mokosuitebackup/mokosuitebackup.xml b/source/packages/com_mokosuitebackup/mokosuitebackup.xml
index b77bbe1..1cdf2c2 100644
--- a/source/packages/com_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/com_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="component" method="upgrade">
 	<name>MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php b/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
index 5e1e9e6..ef63aeb 100644
--- a/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
+++ b/source/packages/com_mokosuitebackup/src/Controller/BackupsController.php
@@ -15,6 +15,7 @@ defined('_JEXEC') or die;
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\Controller\AdminController;
 use Joomla\CMS\Router\Route;
+use Joomla\CMS\Session\Session;
 use Joomla\Component\MokoSuiteBackup\Administrator\Engine\BackupEngine;
 use Joomla\Component\MokoSuiteBackup\Administrator\Engine\RestoreEngine;
 
@@ -34,7 +35,14 @@ class BackupsController extends AdminController
 	 */
 	public function start(): void
 	{
-		$this->checkToken();
+		/* Accept token from both GET (profile Run button) and POST (backup form).
+		   Joomla's checkToken() throws on failure, so try GET first. */
+		if (!Session::checkToken('get') && !Session::checkToken('post')) {
+			$this->setMessage(Text::_('JINVALID_TOKEN_NOTICE'), 'error');
+			$this->setRedirect(Route::_('index.php?option=com_mokosuitebackup&view=backups', false));
+
+			return;
+		}
 
 		if (!$this->app->getIdentity()->authorise('mokosuitebackup.backup.run', 'com_mokosuitebackup')) {
 			$this->setMessage(Text::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 'error');
diff --git a/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php b/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
index 6ecb23b..4177a56 100644
--- a/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
+++ b/source/packages/com_mokosuitebackup/src/Field/FolderPickerField.php
@@ -117,6 +117,8 @@ class FolderPickerField extends FormField
 		{$statusDetail}
 	</small>
 </div>
+<div class="mt-1" id="{$id}_resolved" style="font-size:0.8rem; line-height:1.6;">
+</div>
 <div id="{$id}_defaultwarn" class="alert alert-warning alert-sm mt-1 py-1 px-2" style="display:none; font-size:0.85rem;">
 	<span class="icon-warning-circle" aria-hidden="true"></span>
 	The default backup directory is inside the web root. Backup archives may be directly downloadable if <code>.htaccess</code> is not supported. For better security, use a path outside the web root.
@@ -284,8 +286,54 @@ class FolderPickerField extends FormField
 		});
 	}
 
+	/* Show which placeholders are in use and their resolved values */
+	var resolvedDiv = document.getElementById(fieldId + '_resolved');
+
+	function updateResolvedDisplay() {
+		while (resolvedDiv.firstChild) resolvedDiv.removeChild(resolvedDiv.firstChild);
+		var val = input.value || '';
+		var found = false;
+
+		for (var key in placeholders) {
+			if (val.indexOf(key) !== -1 && placeholders[key]) {
+				found = true;
+				var badge = document.createElement('span');
+				badge.className = 'badge bg-light text-dark border me-1 mb-1';
+				badge.style.fontSize = '0.75rem';
+				badge.style.fontFamily = 'monospace';
+
+				var keySpan = document.createElement('strong');
+				keySpan.textContent = key;
+				badge.appendChild(keySpan);
+
+				badge.appendChild(document.createTextNode(' = '));
+
+				var valSpan = document.createElement('span');
+				valSpan.className = 'text-primary';
+				valSpan.textContent = placeholders[key];
+				badge.appendChild(valSpan);
+
+				resolvedDiv.appendChild(badge);
+			}
+		}
+
+		if (found) {
+			var fullResolved = document.createElement('div');
+			fullResolved.className = 'mt-1';
+			var arrow = document.createElement('span');
+			arrow.className = 'text-muted';
+			arrow.textContent = 'Resolves to: ';
+			fullResolved.appendChild(arrow);
+			var code = document.createElement('code');
+			code.textContent = resolve(val);
+			fullResolved.appendChild(code);
+			resolvedDiv.appendChild(fullResolved);
+		}
+	}
+
 	input.addEventListener('input', function() {
 		clearTimeout(checkTimer);
+		updateResolvedDisplay();
 		checkTimer = setTimeout(checkDirPermissions, 400);
 	});
 
@@ -399,6 +447,7 @@ class FolderPickerField extends FormField
 
 	// Run initial check on page load
 	setDefaultDirWarning();
+	updateResolvedDisplay();
 	checkDirPermissions();
 })();
 </script>
diff --git a/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
index 5493ccd..c8bf788 100644
--- a/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_actionlog_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="actionlog" method="upgrade">
 	<name>Action Log - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
index 7a2a968..070967a 100644
--- a/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_console_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="console" method="upgrade">
 	<name>Console - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
index 2bf7dda..a3f45b8 100644
--- a/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_content_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="content" method="upgrade">
 	<name>Content - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-04</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
index ca0d0a7..0cf4056 100644
--- a/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_quickicon_mokosuitebackup/mokosuitebackup.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <extension type="plugin" group="quickicon" method="upgrade">
 	<name>Quick Icon - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
index dc02a57..657c837 100644
--- a/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_system_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="system" method="upgrade">
 	<name>System - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
index f8f99a2..2c69f68 100644
--- a/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_task_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="task" method="upgrade">
 	<name>Task - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml b/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
index 89ae96b..776c1f4 100644
--- a/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
+++ b/source/packages/plg_webservices_mokosuitebackup/mokosuitebackup.xml
@@ -7,7 +7,7 @@
  -->
 <extension type="plugin" group="webservices" method="upgrade">
 	<name>Web Services - MokoSuiteBackup</name>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>
diff --git a/source/pkg_mokosuitebackup.xml b/source/pkg_mokosuitebackup.xml
index 05845fb..3780b30 100644
--- a/source/pkg_mokosuitebackup.xml
+++ b/source/pkg_mokosuitebackup.xml
@@ -8,7 +8,7 @@
 <extension type="package" method="upgrade">
 	<name>Package - MokoSuiteBackup</name>
 	<packagename>mokosuitebackup</packagename>
-	<version>01.38.01</version>
+	<version>01.38.02</version>
 	<creationDate>2026-06-02</creationDate>
 	<author>Moko Consulting</author>
 	<authorEmail>hello@mokoconsulting.tech</authorEmail>