bachir/popsu-d7
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated core to 7.54

Browse Source
This commit is contained in:
Bachir Soussi Chiadmi
2017-03-14 18:50:18 +01:00
parent 44557a31f0
commit b9ffb21f32
168 changed files with 1202 additions and 441 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
includes/form.inc
View File

@@ -1176,7 +1176,7 @@ function drupal_validate_form($form_id, &$form, &$form_state) {
// If the session token was set by drupal_prepare_form(), ensure that it
// matches the current user's session. This is duplicate to code in
// form_builder() but left to protect any custom form handling code.
if (isset($form['#token'])) {
if (!empty($form['#token'])) {
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
_drupal_invalid_token_set_form_error();
// Stop here and don't run any further validation handlers, because they
@@ -1837,7 +1837,7 @@ function form_builder($form_id, &$element, &$form_state) {
// If the session token was set by drupal_prepare_form(), ensure that it
// matches the current user's session.
$form_state['invalid_token'] = FALSE;
if (isset($element['#token'])) {
if (!empty($element['#token'])) {
if (empty($form_state['input']['form_token']) || !drupal_valid_token($form_state['input']['form_token'], $element['#token'])) {
// Set an early form error to block certain input processing since that
// opens the door for CSRF vulnerabilities.