Révision c9e51f47
Ajouté par Julien Enselme il y a environ 7 ans
| drupal7/includes/form.inc | ||
|---|---|---|
| 1176 | 1176 |
// If the session token was set by drupal_prepare_form(), ensure that it |
| 1177 | 1177 |
// matches the current user's session. This is duplicate to code in |
| 1178 | 1178 |
// form_builder() but left to protect any custom form handling code. |
| 1179 |
if (isset($form['#token'])) {
|
|
| 1179 |
if (!empty($form['#token'])) {
|
|
| 1180 | 1180 |
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
|
| 1181 | 1181 |
_drupal_invalid_token_set_form_error(); |
| 1182 | 1182 |
// Stop here and don't run any further validation handlers, because they |
| ... | ... | |
| 1837 | 1837 |
// If the session token was set by drupal_prepare_form(), ensure that it |
| 1838 | 1838 |
// matches the current user's session. |
| 1839 | 1839 |
$form_state['invalid_token'] = FALSE; |
| 1840 |
if (isset($element['#token'])) {
|
|
| 1840 |
if (!empty($element['#token'])) {
|
|
| 1841 | 1841 |
if (empty($form_state['input']['form_token']) || !drupal_valid_token($form_state['input']['form_token'], $element['#token'])) {
|
| 1842 | 1842 |
// Set an early form error to block certain input processing since that |
| 1843 | 1843 |
// opens the door for CSRF vulnerabilities. |
Formats disponibles : Unified diff
Udpate to 7.54