Index: comment_upload.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/comment_upload/comment_upload.module,v
retrieving revision 1.7.2.10
diff -u -p -r1.7.2.10 comment_upload.module
--- comment_upload.module	11 Aug 2008 12:31:57 -0000	1.7.2.10
+++ comment_upload.module	15 Aug 2008 11:19:59 -0000
@@ -410,19 +410,11 @@ function comment_upload_save($comment) {
 function comment_upload_js() {
   $files = array();
 
-  if (!$stored_form = form_get_cache($_POST['form_build_id'], $cached_form_state)) {
-    exit();
-  }
-
-  if ($stored_form['form_id']['#value'] != 'comment_form') {
-    exit();
-  }
-
-  if (!$stored_form['attachments']) {
-    exit();
+  if (empty($_POST)) {
+    return drupal_not_found();
   }
 
-  if (!comment_upload_is_valid_token($stored_form, $_POST)) {
+  if (!($stored_form = form_get_cache($_POST['form_build_id'], $cached_form_state)) || $stored_form['form_id']['#value'] != 'comment_form' || !$stored_form['attachments']) {
     form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
     $output = theme('status_messages');
     print drupal_to_js(array('status' => TRUE, 'data' => $output));
@@ -485,18 +477,6 @@ function comment_upload_js() {
   exit();
 }
 
-function comment_upload_is_valid_token($form, $form_values) {
-  // Forms for anonymous users do not have a form token.
-  // Ensure the user is anonymous to prevent bypassing the token validation
-  // via a build-id change to that of a previously requested anonymous form.
-  if (!isset($form['#token']) && $GLOBALS['user']->uid == 0) {
-    return TRUE;
-  }
-  else if (drupal_valid_token($form_values['form_token'], $form['#token'])) {
-    return TRUE;
-  }
-  return FALSE;
-}
 
 /**
  * Process file uploads.
