diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-09-18 12:04:10 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-09-18 12:04:10 +0000 |
| commit | dec4ddd3a58ee0f72170435db68e6310389f8000 (patch) | |
| tree | 3b5645c1de5a6e6673b97fc34b0de7b4a0a77ec9 /modules/comment/comment.module | |
| parent | 2ef6b52c8304aaa360e47402e6aa66c7db9fc149 (diff) | |
| download | brdo-dec4ddd3a58ee0f72170435db68e6310389f8000.tar.gz brdo-dec4ddd3a58ee0f72170435db68e6310389f8000.tar.bz2 | |
- Patch #28420 by Jeremy: provide a more generic interface that can be used
to validate other form submissions, not just comments. Two new functions
are introduced, form_token() and form_validate(). The first function uses
a private key and a public key to set a token in a hidden field. The second
function validates the token. The comment and contect module are updated to
use these functions.
Diffstat (limited to 'modules/comment/comment.module')
| -rw-r--r-- | modules/comment/comment.module | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/comment/comment.module b/modules/comment/comment.module index 261743094..d441bd6d9 100644 --- a/modules/comment/comment.module +++ b/modules/comment/comment.module @@ -519,6 +519,9 @@ function comment_validate($edit) { } } } + // verify that this submission was actually generated using a local form + form_validate($edit, 'comment'. $edit['nid'] . $edit['pid']); + return $edit; } @@ -1426,6 +1429,8 @@ function theme_comment_form($edit, $title = NULL) { $form .= form_hidden('pid', $edit['pid']); $form .= form_hidden('nid', $edit['nid']); $form .= form_hidden('uid', $edit['uid']); + // generate a token used to validate that submissions came from this form + $form .= form_token('comment'. $edit['nid'] . $edit['pid']); $form .= form_submit(t('Preview comment')); |