? fix_form.patch Index: index.php =================================================================== RCS file: /cvs/drupal/drupal/index.php,v retrieving revision 1.82 diff -u -r1.82 index.php --- index.php 21 Aug 2004 06:42:34 -0000 1.82 +++ index.php 7 Sep 2005 20:59:59 -0000 @@ -14,6 +14,7 @@ include_once 'includes/common.inc'; fix_gpc_magic(); +fix_checkboxes(); $status = menu_execute_active_handler(); switch ($status) { Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.434.2.10 diff -u -r1.434.2.10 common.inc --- includes/common.inc 29 Jul 2005 19:05:31 -0000 1.434.2.10 +++ includes/common.inc 7 Sep 2005 20:59:59 -0000 @@ -413,6 +413,38 @@ } /** + * An unchecked checkbox is not present in $_POST, so give a default + * value of 0 here. + * With form_checkboxes, we always expect an array, but HTML does not send + * the empty array. This is also fixed here. + */ +function fix_checkboxes() { + if (isset($_POST['form_array'])) { + $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_array'], array()); + } + if (isset($_POST['form_zero'])) { + $_POST['edit'] = _fix_checkboxes($_POST['edit'], $_POST['form_zero'], 0); + } +} + +function _fix_checkboxes($array1, $array2, $value) { + if (is_array($array2) && count($array2)) { + foreach ($array2 as $k => $v) { + if (is_array($v) && count($v)) { + $array1[$k] = _fix_checkboxes($array1[$k], $v, $value); + } + else if (!isset($array1[$k])) { + $array1[$k] = $value; + } + } + } + else { + $array1 = $value; + } + return $array1; +} + +/** * @name Conversion * @{ * Converts data structures to different types. @@ -1141,9 +1173,7 @@ if (!is_null($title)) { $element = ''; } - // Note: because unchecked boxes are not included in the POST data, we include - // a form_hidden() which will be overwritten for a checked box. - return form_hidden($name, 0) . theme('form_element', NULL, $element, $description, $name, $required, _form_get_error($name)); + return form_hidden($name, 1, 'form_zero') . theme('form_element', NULL, $element, $description, $name, $required, _form_get_error($name)); } /** @@ -1176,10 +1206,7 @@ foreach ($options as $key => $choice) { $choices .= '
'; } - // Note: because unchecked boxes are not included in the POST data, we - // include a form_hidden() which will be overwritten as soon as there is at - // least one checked box. - return form_hidden($name, 0) . theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name)); + return form_hidden($name, 1, 'form_array') . theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name)); } } @@ -1357,8 +1384,8 @@ * but be sure to validate the data on the receiving page as it is possible for * an attacker to change the value before it is submitted. */ -function form_hidden($name, $value) { - return '\n"; +function form_hidden($name, $value, $edit = 'edit') { + return '\n"; } /**