Révision c9e51f47
Ajouté par Julien Enselme il y a environ 7 ans
drupal7/includes/form.inc | ||
---|---|---|
1176 | 1176 |
// If the session token was set by drupal_prepare_form(), ensure that it |
1177 | 1177 |
// matches the current user's session. This is duplicate to code in |
1178 | 1178 |
// form_builder() but left to protect any custom form handling code. |
1179 |
if (isset($form['#token'])) {
|
|
1179 |
if (!empty($form['#token'])) {
|
|
1180 | 1180 |
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) { |
1181 | 1181 |
_drupal_invalid_token_set_form_error(); |
1182 | 1182 |
// Stop here and don't run any further validation handlers, because they |
... | ... | |
1837 | 1837 |
// If the session token was set by drupal_prepare_form(), ensure that it |
1838 | 1838 |
// matches the current user's session. |
1839 | 1839 |
$form_state['invalid_token'] = FALSE; |
1840 |
if (isset($element['#token'])) {
|
|
1840 |
if (!empty($element['#token'])) {
|
|
1841 | 1841 |
if (empty($form_state['input']['form_token']) || !drupal_valid_token($form_state['input']['form_token'], $element['#token'])) { |
1842 | 1842 |
// Set an early form error to block certain input processing since that |
1843 | 1843 |
// opens the door for CSRF vulnerabilities. |
Formats disponibles : Unified diff
Udpate to 7.54