diff options
| author | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-20 16:28:10 +0000 |
|---|---|---|
| committer | Gerhard Killesreiter <killes_www_drop_org@227.no-reply.drupal.org> | 2006-03-20 16:28:10 +0000 |
| commit | dcfbcf5c71a120b77b14eb4058c43d3fe28299ae (patch) | |
| tree | 90831685d9eccf85d8794fe42fc834edab781cff /includes | |
| parent | 5cfdac24484636f02168222b96323ecbe6cf641b (diff) | |
| download | brdo-dcfbcf5c71a120b77b14eb4058c43d3fe28299ae.tar.gz brdo-dcfbcf5c71a120b77b14eb4058c43d3fe28299ae.tar.bz2 | |
#51303, Forms with form tokens fail validation for anonymous users when caching is enabled, patch by chx
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/form.inc | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/includes/form.inc b/includes/form.inc index ad67fd824..5e7324f11 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -59,18 +59,23 @@ function element_children($element) { * */ function drupal_get_form($form_id, &$form, $callback = NULL) { - global $form_values, $form_submitted; + global $form_values, $form_submitted, $user; $form_values = array(); $form_submitted = FALSE; $form['#type'] = 'form'; if (isset($form['#token'])) { - // Make sure that a private key is set: - if (!variable_get('drupal_private_key', '')) { - variable_set('drupal_private_key', mt_rand()); + if (variable_get('cache', 0) && !$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') { + unset($form['#token']); } + else { + // Make sure that a private key is set: + if (!variable_get('drupal_private_key', '')) { + variable_set('drupal_private_key', mt_rand()); + } - $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))); + $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))); + } } if (isset($form_id)) { $form['form_id'] = array('#type' => 'hidden', '#value' => $form_id); |