diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-01-24 10:13:27 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-01-24 10:13:27 +0000 |
| commit | 4c83a0347a2bb923953ef72f03e68c0488bfc555 (patch) | |
| tree | f685976e3ac588892b6eb82904054b81d4cf6a9e | |
| parent | 2fa3490ebf6b5c169d1decae5083948c7727e4f9 (diff) | |
| download | brdo-4c83a0347a2bb923953ef72f03e68c0488bfc555.tar.gz brdo-4c83a0347a2bb923953ef72f03e68c0488bfc555.tar.bz2 | |
- Patch #36591 by chx: use session id to check form submissions, rather than the IP address.
| -rw-r--r-- | includes/form.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/form.inc b/includes/form.inc index db6e53d39..a3771e702 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -68,7 +68,7 @@ function drupal_get_form($form_id, &$form, $callback = NULL) { variable_set('drupal_private_key', mt_rand()); } - $form['form_token'] = array('#type' => 'hidden', '#value' => md5($_SERVER['REMOTE_ADDR'] . $form['#token'] . variable_get('drupal_private_key', ''))); + $form['form_token'] = array('#type' => 'hidden', '#value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))); } $form['form_id'] = array('#type' => 'hidden', '#default_value' => $form_id); |