summaryrefslogtreecommitdiff
path: root/modules/node
diff options
context:
space:
mode:
Diffstat (limited to 'modules/node')
-rw-r--r--modules/node/node.module4
1 files changed, 4 insertions, 0 deletions
diff --git a/modules/node/node.module b/modules/node/node.module
index 192509e27..244fa8f56 100644
--- a/modules/node/node.module
+++ b/modules/node/node.module
@@ -2027,6 +2027,10 @@ function node_form_add_preview($form) {
$op = isset($form_values['op']) ? $form_values['op'] : '';
if ($op == t('Preview')) {
+ // Invoke full validation for the form, to protect against cross site
+ // request forgeries (CSRF) and setting arbitrary values for fields such as
+ // the input format. Preview the node only when form validation does not
+ // set any errors.
drupal_validate_form($form['form_id']['#value'], $form);
if (!form_get_errors()) {
// Because the node preview may display a form, we must render it
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-21 10:17:39 +0000