Projet

Général

Profil

Révision 6b24a280

Ajouté par Assos Assos il y a presque 4 ans

-a

Voir les différences:

drupal7/includes/form.inc
1135 1135 
 * Helper function to call form_set_error() if there is a token error.
1136 1136 
 */
1137 1137 
function _drupal_invalid_token_set_form_error() {
1138 
  $path = current_path();
1139 
  $query = drupal_get_query_parameters();
1140 
  $url = url($path, array('query' => $query));
1141 

  		




  1142
  1138
  
    
  // Setting this error will cause the form to fail validation.


  		




  1143
  
  
    
  form_set_error('form_token', t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));


  		




  
  1139
  
    
  form_set_error('form_token', t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));


  		




  1144
  1140
  
    
}


  		




  1145
  1141
  
    

  		




  1146
  1142
  
    
/**


  		




  ......




  1181
  1177
  
    
  if (!empty($form['#token'])) {


  		




  1182
  1178
  
    
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {


  		




  1183
  1179
  
    
      _drupal_invalid_token_set_form_error();


  		




  
  1180
  
    
      // Ignore all submitted values.


  		




  
  1181
  
    
      $form_state['input'] = array();


  		




  
  1182
  
    
      $_POST = array();


  		




  
  1183
  
    
      // Make sure file uploads do not get processed.


  		




  
  1184
  
    
      $_FILES = array();


  		




  1184
  1185
  
    
      // Stop here and don't run any further validation handlers, because they


  		




  1185
  1186
  
    
      // could invoke non-safe operations which opens the door for CSRF


  		




  1186
  1187
  
    
      // vulnerabilities.


  		




  ......




  1848
  1849
  
    
          _drupal_invalid_token_set_form_error();


  		




  1849
  1850
  
    
          // This value is checked in _form_builder_handle_input_element().


  		




  1850
  1851
  
    
          $form_state['invalid_token'] = TRUE;


  		




  
  1852
  
    
          // Ignore all submitted values.


  		




  
  1853
  
    
          $form_state['input'] = array();


  		




  
  1854
  
    
          $_POST = array();


  		




  1851
  1855
  
    
          // Make sure file uploads do not get processed.


  		




  1852
  1856
  
    
          $_FILES = array();


  		




  1853
  1857
  
    
        }


  		












Formats disponibles :  Unified diff