diff options
| author | Dries Buytaert <dries@buytaert.net> | 2007-02-27 12:45:13 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2007-02-27 12:45:13 +0000 |
| commit | 02da2238974524d2881ca2716a993d633c725c29 (patch) | |
| tree | a999e62e06c61649af6ad9d1b617257a89242cc6 /includes | |
| parent | 31ebb648e128396c1e7974677fc6eaf354c1b1b9 (diff) | |
| download | brdo-02da2238974524d2881ca2716a993d633c725c29.tar.gz brdo-02da2238974524d2881ca2716a993d633c725c29.tar.bz2 | |
- Patch #107358 by m3avrck, robert douglass, heine, eaton et al: Prevent multiple form processing: causing duplication of nodes/users.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/form.inc | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/includes/form.inc b/includes/form.inc index 8df277379..e7a796f9c 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -285,6 +285,7 @@ function drupal_prepare_form($form_id, &$form) { global $user; $form['#type'] = 'form'; + $form['#skip_duplicate_check'] = FALSE; if (!isset($form['#post'])) { $form['#post'] = $_POST; @@ -397,6 +398,11 @@ function drupal_validate_form($form_id, $form) { } } + if (!$form['#programmed'] && !$form['#skip_duplicate_check'] && isset($_SESSION['last_submitted']['hash']) && $_SESSION['last_submitted']['hash'] == md5(serialize($form['form_id']['#post']))) { + // This is a repeat submission. + drupal_redirect_form(NULL, $_SESSION['last_submitted']['destination']); + } + _form_validate($form, $form_id); $validated_forms[$form_id] = TRUE; } @@ -418,6 +424,8 @@ function drupal_validate_form($form_id, $form) { function drupal_submit_form($form_id, $form) { global $form_values; $default_args = array($form_id, &$form_values); + $submitted = FALSE; + $goto = NULL; if (isset($form['#submit'])) { foreach ($form['#submit'] as $function => $args) { @@ -426,12 +434,20 @@ function drupal_submit_form($form_id, $form) { // Since we can only redirect to one page, only the last redirect // will work. $redirect = call_user_func_array($function, $args); + $submitted = TRUE; if (isset($redirect)) { $goto = $redirect; } } } } + // Successful submit. Hash this form's POST and store the hash in the + // session. We'll use this hash later whenever this user submits another + // form to make sure no identical forms get submitted twice. + if ($submitted && !$form['#skip_duplicate_check']) { + $_SESSION['last_submitted'] = array('destination' => $goto, 'hash' => md5(serialize($form['form_id']['#post']))); + } + if (isset($goto)) { return $goto; } |