diff options
| author | Neil Drumm <drumm@3064.no-reply.drupal.org> | 2006-07-19 07:25:49 +0000 |
|---|---|---|
| committer | Neil Drumm <drumm@3064.no-reply.drupal.org> | 2006-07-19 07:25:49 +0000 |
| commit | 7645a1f46831df6cd14db70b6f5dd74d2a4aa1d8 (patch) | |
| tree | 41db264ab67ff396dbbe3e22f256c44785a2dc59 | |
| parent | c11c1c2800a91e1795ca75fb4206948015a976c3 (diff) | |
| download | brdo-7645a1f46831df6cd14db70b6f5dd74d2a4aa1d8.tar.gz brdo-7645a1f46831df6cd14db70b6f5dd74d2a4aa1d8.tar.bz2 | |
#73609 by jvandyk, add a comment explaining token unsetting.
| -rw-r--r-- | includes/form.inc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/includes/form.inc b/includes/form.inc index 80f53726c..bf027bca3 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -71,6 +71,9 @@ function drupal_get_form($form_id, &$form, $callback = NULL) { $form['#type'] = 'form'; if (isset($form['#token'])) { + // If the page cache is on and an anonymous user issues a GET request, + // unset the token because the token in the cached page would not match, + // because the token is based on the session ID. if (variable_get('cache', 0) && !$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') { unset($form['#token']); } |