Index: includes/form.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/form.inc,v retrieving revision 1.77 diff -u -r1.77 form.inc --- includes/form.inc 12 Mar 2006 09:28:12 -0000 1.77 +++ includes/form.inc 15 Mar 2006 04:47:19 -0000 @@ -69,6 +69,8 @@ if (!variable_get('drupal_private_key', '')) { variable_set('drupal_private_key', mt_rand()); } + // Prevent caching pages with form tokens. + page_set_cacheable(FALSE); $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))); } Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.526 diff -u -r1.526 common.inc --- includes/common.inc 10 Mar 2006 17:06:48 -0000 1.526 +++ includes/common.inc 15 Mar 2006 04:47:20 -0000 @@ -1307,6 +1307,19 @@ } /** + * set whether a page should be cached. + * @param may_cache - boolean + */ +function page_set_cacheable($may_cache = NULL) { + static $cache = TRUE; + + if (!is_null($may_cache)) { + $cache = $may_cache; + } + return $cache; +} + +/** * Store the current page in the cache. * * We try to store a gzipped version of the cache. This requires the @@ -1322,25 +1335,27 @@ function page_set_cache() { global $user, $base_url; - if (!$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') { - // This will fail in some cases, see page_get_cache() for the explanation. - if ($data = ob_get_contents()) { - $cache = TRUE; - if (function_exists('gzencode')) { - // We do not store the data in case the zlib mode is deflate. - // This should be rarely happening. - if (zlib_get_coding_type() == 'deflate') { - $cache = FALSE; + if (page_set_cacheable()) { + if (!$user->uid && $_SERVER['REQUEST_METHOD'] == 'GET') { + // This will fail in some cases, see page_get_cache() for the explanation. + if ($data = ob_get_contents()) { + $cache = TRUE; + if (function_exists('gzencode')) { + // We do not store the data in case the zlib mode is deflate. + // This should be rarely happening. + if (zlib_get_coding_type() == 'deflate') { + $cache = FALSE; + } + else if (zlib_get_coding_type() == FALSE) { + $data = gzencode($data, 9, FORCE_GZIP); + } + // The remaining case is 'gzip' which means the data is + // already compressed and nothing left to do but to store it. } - else if (zlib_get_coding_type() == FALSE) { - $data = gzencode($data, 9, FORCE_GZIP); + ob_end_flush(); + if ($cache && $data) { + cache_set($base_url . request_uri(), $data, CACHE_TEMPORARY, drupal_get_headers()); } - // The remaining case is 'gzip' which means the data is - // already compressed and nothing left to do but to store it. - } - ob_end_flush(); - if ($cache && $data) { - cache_set($base_url . request_uri(), $data, CACHE_TEMPORARY, drupal_get_headers()); } } }