diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-09-18 12:04:10 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-09-18 12:04:10 +0000 |
| commit | dec4ddd3a58ee0f72170435db68e6310389f8000 (patch) | |
| tree | 3b5645c1de5a6e6673b97fc34b0de7b4a0a77ec9 | |
| parent | 2ef6b52c8304aaa360e47402e6aa66c7db9fc149 (diff) | |
| download | brdo-dec4ddd3a58ee0f72170435db68e6310389f8000.tar.gz brdo-dec4ddd3a58ee0f72170435db68e6310389f8000.tar.bz2 | |
- Patch #28420 by Jeremy: provide a more generic interface that can be used
to validate other form submissions, not just comments. Two new functions
are introduced, form_token() and form_validate(). The first function uses
a private key and a public key to set a token in a hidden field. The second
function validates the token. The comment and contect module are updated to
use these functions.
| -rw-r--r-- | modules/comment.module | 5 | ||||
| -rw-r--r-- | modules/comment/comment.module | 5 | ||||
| -rw-r--r-- | modules/contact.module | 4 | ||||
| -rw-r--r-- | modules/contact/contact.module | 4 |
4 files changed, 18 insertions, 0 deletions
diff --git a/modules/comment.module b/modules/comment.module index 261743094..d441bd6d9 100644 --- a/modules/comment.module +++ b/modules/comment.module @@ -519,6 +519,9 @@ function comment_validate($edit) { } } } + // verify that this submission was actually generated using a local form + form_validate($edit, 'comment'. $edit['nid'] . $edit['pid']); + return $edit; } @@ -1426,6 +1429,8 @@ function theme_comment_form($edit, $title = NULL) { $form .= form_hidden('pid', $edit['pid']); $form .= form_hidden('nid', $edit['nid']); $form .= form_hidden('uid', $edit['uid']); + // generate a token used to validate that submissions came from this form + $form .= form_token('comment'. $edit['nid'] . $edit['pid']); $form .= form_submit(t('Preview comment')); diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 261743094..d441bd6d9 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -519,6 +519,9 @@ function comment_validate($edit) { } } } + // verify that this submission was actually generated using a local form + form_validate($edit, 'comment'. $edit['nid'] . $edit['pid']); + return $edit; } @@ -1426,6 +1429,8 @@ function theme_comment_form($edit, $title = NULL) { $form .= form_hidden('pid', $edit['pid']); $form .= form_hidden('nid', $edit['nid']); $form .= form_hidden('uid', $edit['uid']); + // generate a token used to validate that submissions came from this form + $form .= form_token('comment'. $edit['nid'] . $edit['pid']); $form .= form_submit(t('Preview comment')); diff --git a/modules/contact.module b/modules/contact.module index 58cf44326..af129f48b 100644 --- a/modules/contact.module +++ b/modules/contact.module @@ -102,6 +102,7 @@ function contact_mail_user() { if (!$edit['subject']) { form_set_error('subject', t('You must enter a subject.')); } + form_validate($edit, $edit['mail'] . $user->name . $user->mail); if (!form_get_errors()) { // Compose the body: @@ -154,6 +155,7 @@ function contact_mail_user() { $output .= form_textfield(t('Subject'), 'subject', $edit['subject'], 60, 50, NULL, NULL, TRUE); $output .= form_textarea(t('Message'), 'message', $edit['message'], 60, 15, NULL, NULL, TRUE); $output .= form_checkbox(t('Send me a copy.'), 'copy', $edit['copy']); + $output .= form_token($edit['mail'] . $user->name . $user->mail); $output .= form_submit(t('Send e-mail')); $output = form($output); } @@ -260,6 +262,7 @@ function contact_mail_page() { form_set_error('category', t('You must select a valid category.')); } } + form_validate($edit, $user->name . $user->mail); if (!form_get_errors()) { // Prepare the sender: @@ -328,6 +331,7 @@ function contact_mail_page() { } $output .= form_textarea(t('Message'), 'message', $edit['message'], 60, 5, NULL, NULL, TRUE); $output .= form_checkbox(t('Send me a copy.'), 'copy', $edit['copy']); + $output .= form_token($user->name . $user->mail); $output .= form_submit(t('Send e-mail')); $output = form($output); } diff --git a/modules/contact/contact.module b/modules/contact/contact.module index 58cf44326..af129f48b 100644 --- a/modules/contact/contact.module +++ b/modules/contact/contact.module @@ -102,6 +102,7 @@ function contact_mail_user() { if (!$edit['subject']) { form_set_error('subject', t('You must enter a subject.')); } + form_validate($edit, $edit['mail'] . $user->name . $user->mail); if (!form_get_errors()) { // Compose the body: @@ -154,6 +155,7 @@ function contact_mail_user() { $output .= form_textfield(t('Subject'), 'subject', $edit['subject'], 60, 50, NULL, NULL, TRUE); $output .= form_textarea(t('Message'), 'message', $edit['message'], 60, 15, NULL, NULL, TRUE); $output .= form_checkbox(t('Send me a copy.'), 'copy', $edit['copy']); + $output .= form_token($edit['mail'] . $user->name . $user->mail); $output .= form_submit(t('Send e-mail')); $output = form($output); } @@ -260,6 +262,7 @@ function contact_mail_page() { form_set_error('category', t('You must select a valid category.')); } } + form_validate($edit, $user->name . $user->mail); if (!form_get_errors()) { // Prepare the sender: @@ -328,6 +331,7 @@ function contact_mail_page() { } $output .= form_textarea(t('Message'), 'message', $edit['message'], 60, 5, NULL, NULL, TRUE); $output .= form_checkbox(t('Send me a copy.'), 'copy', $edit['copy']); + $output .= form_token($user->name . $user->mail); $output .= form_submit(t('Send e-mail')); $output = form($output); } |