From dec4ddd3a58ee0f72170435db68e6310389f8000 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 18 Sep 2005 12:04:10 +0000
Subject: - Patch #28420 by Jeremy: provide a more generic interface that can
 be used   to validate other form submissions, not just comments. Two new
 functions   are introduced, form_token() and form_validate(). The first
 function uses   a private key and a public key to set a token in a hidden
 field. The second   function validates the token. The comment and contect
 module are updated to   use these functions.

---
 modules/comment/comment.module | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'modules/comment/comment.module')

diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 261743094..d441bd6d9 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -519,6 +519,9 @@ function comment_validate($edit) {
       }
     }
   }
+  // verify that this submission was actually generated using a local form
+  form_validate($edit, 'comment'. $edit['nid'] . $edit['pid']);
+
   return $edit;
 }
 
@@ -1426,6 +1429,8 @@ function theme_comment_form($edit, $title = NULL) {
   $form .= form_hidden('pid', $edit['pid']);
   $form .= form_hidden('nid', $edit['nid']);
   $form .= form_hidden('uid', $edit['uid']);
+  // generate a token used to validate that submissions came from this form
+  $form .= form_token('comment'. $edit['nid'] . $edit['pid']);
 
   $form .= form_submit(t('Preview comment'));
 
-- 
cgit v1.2.3