Commit eedb392c authored by Dries's avatar Dries

- Patch #28420 by Jeremy: add the poster's IP/hostname to the /mix/.

parent 2b3126b2
......@@ -1057,7 +1057,7 @@ function form_token($key) {
}
// the verification token is an md5 hash of the form key and our private key
return form_hidden('form_token', md5($key . variable_get('drupal_private_key', '')));
return form_hidden('form_token', md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', '')));
}
/**
......@@ -1080,7 +1080,7 @@ function form_validate($edit, $key, $error_message = NULL) {
$error = t('Validation error, please try again. If this error persists, please contact the site administrator.');
}
if ($edit['form_token'] != md5($key . variable_get('drupal_private_key', ''))) {
if ($edit['form_token'] != md5($_SERVER['REMOTE_ADDR'] . $key . variable_get('drupal_private_key', ''))) {
// setting this error will cause the form to fail validation
form_set_error('form_token', $error);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment