#51303, Forms with form tokens fail validation for anonymous users when...

#51303, Forms with form tokens fail validation for anonymous users when caching is enabled, patch by chx

#51303, Forms with form tokens fail validation for anonymous users when...
dcfbcf5c · Gerhard Killesreiter · 5cfdac24 · dcfbcf5c
Commit dcfbcf5c authored 19 years ago by Gerhard Killesreiter
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -59,18 +59,23 @@ function element_children($element) {
 *
 */
 function drupal_get_form($form_id, &$form, $callback = NULL) {
-  global $form_values, $form_submitted;
+  global $form_values, $form_submitted, $user;
  $form_values = array();
  $form_submitted = FALSE;

  $form['#type'] = 'form';
  if (isset($form['#token'])) {
-    // Make sure that a private key is set:
-    if (!variable_get('drupal_private_key', '')) {
-      variable_set('drupal_private_key', mt_rand());
+    if (variable_get('cache', 0) && !$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') {
+      unset($form['#token']);
    }
+    else {
+      // Make sure that a private key is set:
+      if (!variable_get('drupal_private_key', '')) {
+        variable_set('drupal_private_key', mt_rand());
+      }

-    $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', '')));
+      $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', '')));
+    }
  }
  if (isset($form_id)) {
    $form['form_id'] = array('#type' => 'hidden', '#value' => $form_id);