- Backporting comment module validation fixes. Already went into DRUPAL-5.
parent
6ee8563edb
commit
b95f496bbc
|
@ -1589,24 +1589,26 @@ function comment_form_add_preview($form, $edit) {
|
|||
|
||||
$output = '';
|
||||
|
||||
comment_validate($edit);
|
||||
$comment = (object)_comment_form_submit($edit);
|
||||
|
||||
// Attach the user and time information.
|
||||
if ($edit['author']) {
|
||||
$account = user_load(array('name' => $edit['author']));
|
||||
}
|
||||
elseif ($user->uid && !isset($edit['is_anonymous'])) {
|
||||
$account = $user;
|
||||
}
|
||||
if ($account) {
|
||||
$comment->uid = $account->uid;
|
||||
$comment->name = check_plain($account->name);
|
||||
}
|
||||
$comment->timestamp = !empty($edit['timestamp']) ? $edit['timestamp'] : time();
|
||||
|
||||
// Preview the comment with security check.
|
||||
// Invoke full validation for the form, to protect against cross site
|
||||
// request forgeries (CSRF) and setting arbitrary values for fields such as
|
||||
// the input format. Preview the comment only when form validation does not
|
||||
// set any errors.
|
||||
drupal_validate_form($form['form_id']['#value'], $form);
|
||||
if (!form_get_errors()) {
|
||||
$comment = (object)_comment_form_submit($edit);
|
||||
|
||||
// Attach the user and time information.
|
||||
if ($edit['author']) {
|
||||
$account = user_load(array('name' => $edit['author']));
|
||||
}
|
||||
elseif ($user->uid && !isset($edit['is_anonymous'])) {
|
||||
$account = $user;
|
||||
}
|
||||
if ($account) {
|
||||
$comment->uid = $account->uid;
|
||||
$comment->name = check_plain($account->name);
|
||||
}
|
||||
$comment->timestamp = $edit['timestamp'] ? $edit['timestamp'] : time();
|
||||
$output .= theme('comment_view', $comment);
|
||||
}
|
||||
$form['comment_preview'] = array(
|
||||
|
|
|
@ -2027,6 +2027,10 @@ function node_form_add_preview($form) {
|
|||
|
||||
$op = isset($form_values['op']) ? $form_values['op'] : '';
|
||||
if ($op == t('Preview')) {
|
||||
// Invoke full validation for the form, to protect against cross site
|
||||
// request forgeries (CSRF) and setting arbitrary values for fields such as
|
||||
// the input format. Preview the node only when form validation does not
|
||||
// set any errors.
|
||||
drupal_validate_form($form['form_id']['#value'], $form);
|
||||
if (!form_get_errors()) {
|
||||
// Because the node preview may display a form, we must render it
|
||||
|
|
Loading…
Reference in New Issue