diff --git a/includes/form.inc b/includes/form.inc
index de822ee689a..16791c6ca12 100644
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -682,7 +682,7 @@ function form_select_options($element, $choices = NULL) {
else {
$selected = '';
}
- $options .= '';
+ $options .= '';
}
}
return $options;
@@ -725,7 +725,7 @@ function theme_radio($element) {
$output = '';
if (!is_null($element['#title'])) {
$output = '';
@@ -909,7 +909,7 @@ function expand_radios($element) {
if (count($element['#options']) > 0) {
foreach ($element['#options'] as $key => $choice) {
if (!isset($element[$key])) {
- $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => $key, '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
+ $element[$key] = array('#type' => 'radio', '#title' => $choice, '#return_value' => check_plain($key), '#default_value' => $element['#default_value'], '#attributes' => $element['#attributes'], '#parents' => $element['#parents'], '#spawned' => TRUE);
}
}
}
diff --git a/includes/theme.inc b/includes/theme.inc
index d2d0034f572..b48b48b4c1f 100644
--- a/includes/theme.inc
+++ b/includes/theme.inc
@@ -626,10 +626,10 @@ function theme_form_element($title, $value, $description = NULL, $id = NULL, $re
if ($title) {
if ($id) {
- $output .= ' \n";
+ $output .= ' \n";
}
else {
- $output .= ' \n";
+ $output .= ' \n";
}
}
diff --git a/modules/comment.module b/modules/comment.module
index afe9842f1d5..b0244b37b97 100644
--- a/modules/comment.module
+++ b/modules/comment.module
@@ -1367,24 +1367,26 @@ function comment_form_add_preview($form, $edit) {
$output = '';
- comment_validate($edit);
- $comment = (object)_comment_form_submit($edit);
-
- // Attach the user and time information.
- if ($edit['author']) {
- $account = user_load(array('name' => $edit['author']));
- }
- elseif ($user->uid && !isset($edit['is_anonymous'])) {
- $account = $user;
- }
- if ($account) {
- $comment->uid = $account->uid;
- $comment->name = check_plain($account->name);
- }
- $comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
-
- // Preview the comment with security check.
+ // Invoke full validation for the form, to protect against cross site
+ // request forgeries (CSRF) and setting arbitrary values for fields such as
+ // the input format. Preview the comment only when form validation does not
+ // set any errors.
+ drupal_validate_form($form['form_id']['#value'], $form);
if (!form_get_errors()) {
+ $comment = (object)_comment_form_submit($edit);
+
+ // Attach the user and time information.
+ if ($edit['author']) {
+ $account = user_load(array('name' => $edit['author']));
+ }
+ elseif ($user->uid && !isset($edit['is_anonymous'])) {
+ $account = $user;
+ }
+ if ($account) {
+ $comment->uid = $account->uid;
+ $comment->name = check_plain($account->name);
+ }
+ $comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
$output .= theme('comment_view', $comment);
}
$form['comment_preview'] = array(
diff --git a/modules/node.module b/modules/node.module
index 001cd9302a5..0a36c4cabe0 100644
--- a/modules/node.module
+++ b/modules/node.module
@@ -1724,6 +1724,10 @@ function node_form_add_preview($form) {
$op = isset($_POST['op']) ? $_POST['op'] : '';
if ($op == t('Preview')) {
+ // Invoke full validation for the form, to protect against cross site
+ // request forgeries (CSRF) and setting arbitrary values for fields such as
+ // the input format. Preview the node only when form validation does not
+ // set any errors.
drupal_validate_form($form['form_id']['#value'], $form);
if (!form_get_errors()) {
// Because the node preview may display a form, we must render it
diff --git a/modules/system.module b/modules/system.module
index aa8dda4df3c..97ad8d53dbc 100644
--- a/modules/system.module
+++ b/modules/system.module
@@ -6,7 +6,7 @@
* Configuration system that lets administrators modify the workings of the site.
*/
-define('VERSION', '4.7.6 dev');
+define('VERSION', '4.7.6');
/**
* Implementation of hook_help().