Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.78
diff -u -r1.78 form.inc
--- includes/form.inc	15 Mar 2006 08:57:37 -0000	1.78
+++ includes/form.inc	15 Mar 2006 14:57:04 -0000
@@ -64,14 +64,6 @@
   $form_submitted = FALSE;
 
   $form['#type'] = 'form';
-  if (isset($form['#token'])) {
-    // Make sure that a private key is set:
-    if (!variable_get('drupal_private_key', '')) {
-      variable_set('drupal_private_key', mt_rand());
-    }
-
-    $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', '')));
-  }
   if (isset($form_id)) {
     $form['form_id'] = array('#type' => 'hidden', '#value' => $form_id);
   }
@@ -149,13 +141,6 @@
 function drupal_validate_form($form_id, &$form, $callback = NULL) {
   global $form_values;
 
-  if (isset($form['#token'])) {
-    if ($form_values['form_token'] != md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))) {
-      // setting this error will cause the form to fail validation
-      form_set_error('form_token', t('Validation error, please try again.  If this error persists, please contact the site administrator.'));
-    }
-  }
-
   _form_validate($form, $form_id);
 }
 
Index: modules/comment.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/comment.module,v
retrieving revision 1.440
diff -u -r1.440 comment.module
--- modules/comment.module	6 Mar 2006 20:52:55 -0000	1.440
+++ modules/comment.module	15 Mar 2006 15:17:30 -0000
@@ -65,6 +65,11 @@
 define('COMMENT_PREVIEW_REQUIRED', 1);
 
 /**
+ * Constant to define default number of allowed comments per hour
+ */
+define('COMMENT_HOURLY_THRESHOLD', 20);
+
+/**
  * Implementation of hook_help().
  */
 function comment_help($section) {
@@ -390,6 +395,14 @@
     '#collapsed' => TRUE,
   );
 
+  $form['posting_settings']['comment_hourly_threshold'] = array(
+    '#type' => 'select',
+    '#title' => t('Hourly threshold'),
+    '#default_value' => variable_get('comment_hourly_threshold', COMMENT_HOURLY_THRESHOLD),
+    '#options' => array(1 => 1, 2 => 2, 3 => 3, 4 => 4, 5 => 5, 6 => 6, 7 => 7, 8 => 8, 9 => 9, 10 => 10, 15 => 15, 20 => 20, 25 => 25, 30 => 30, 50 => 50, 60 => 60, 100 => 100, 125 => 125, 250 => 250),
+    '#description' => t('Limit the number of comments users are allowed to post per hour.')
+  );
+
   $form['posting_settings']['comment_anonymous'] = array(
     '#type' => 'radios',
     '#title' => t('Anonymous commenting'),
@@ -555,7 +568,7 @@
 
         // Allow modules to respond to the updating of a comment.
         comment_invoke_comment($edit, 'update');
-
+        flood_register_event('contact');
 
         // Add an entry to the watchdog log.
         watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
@@ -629,6 +642,7 @@
 
         // Tell the other modules a new comment has been submitted.
         comment_invoke_comment($edit, 'insert');
+        flood_register_event('contact');
 
         // Add an entry to the watchdog log.
         watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid']));
@@ -1162,6 +1176,9 @@
   // Check validity of name, mail and homepage (if given)
   if (!$user->uid || isset($edit['is_anonymous'])) {
     if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) {
+      if (!flood_is_allowed('comment', variable_get('comment_hourly_threshold', 20))) {
+        form_set_error('nid', t('You cannot leave more than %number comments per hour. Please try again later.', array('%number' => variable_get('comment_hourly_threshold', 20))));
+      }
       if ($edit['name']) {
         $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0);
 
@@ -1323,7 +1340,6 @@
   $form['uid'] = array('#type' => 'value', '#value' => $edit['uid']);
 
   $form['preview'] = array('#type' => 'button', '#value' => t('Preview comment'), '#weight' => 19);
-  $form['#token'] = 'comment' . $edit['nid'] . $edit['pid'];
 
   // Only show post button if preview is optional or if we are in preview mode.
   // We show the post button in preview mode even if there are form errors so that
Index: modules/contact.module
===================================================================
RCS file: /cvs/drupal/drupal/modules/contact.module,v
retrieving revision 1.43
diff -u -r1.43 contact.module
--- modules/contact.module	27 Feb 2006 17:02:53 -0000	1.43
+++ modules/contact.module	15 Mar 2006 14:57:42 -0000
@@ -336,7 +336,6 @@
     else {
       drupal_set_title($account->name);
 
-      $form['#token'] = $user->name . $user->mail;
       $form['from'] = array('#type' => 'item',
         '#title' => t('From'),
         '#value' => $user->name .' &lt;'. $user->mail .'&gt;',
@@ -447,7 +446,6 @@
     }
 
     if (count($categories) > 1) {
-      $form['#token'] = $user->name . $user->mail;
       $form['contact_information'] = array('#type' => 'markup',
         '#value' => variable_get('contact_form_information', t('You can leave us a message using the contact form below.')),
       );