=== modified file 'includes/form.inc' --- includes/form.inc +++ includes/form.inc @@ -64,14 +64,6 @@ function drupal_get_form($form_id, &$for $form_submitted = FALSE; $form['#type'] = 'form'; - if (isset($form['#token'])) { - // Make sure that a private key is set: - if (!variable_get('drupal_private_key', '')) { - variable_set('drupal_private_key', mt_rand()); - } - - $form['form_token'] = array('#type' => 'hidden', '#default_value' => md5(session_id() . $form['#token'] . variable_get('drupal_private_key', ''))); - } if (isset($form_id)) { $form['form_id'] = array('#type' => 'hidden', '#value' => $form_id); } === modified file 'modules/comment.module' --- modules/comment.module +++ modules/comment.module @@ -555,7 +555,7 @@ function comment_save($edit) { // Allow modules to respond to the updating of a comment. comment_invoke_comment($edit, 'update'); - + flood_register_event('contact'); // Add an entry to the watchdog log. watchdog('content', t('Comment: updated %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); @@ -629,6 +629,7 @@ function comment_save($edit) { // Tell the other modules a new comment has been submitted. comment_invoke_comment($edit, 'insert'); + flood_register_event('contact'); // Add an entry to the watchdog log. watchdog('content', t('Comment: added %subject.', array('%subject' => theme('placeholder', $edit['subject']))), WATCHDOG_NOTICE, l(t('view'), 'node/'. $edit['nid'], NULL, NULL, 'comment-'. $edit['cid'])); @@ -1162,6 +1163,9 @@ function comment_validate($edit) { // Check validity of name, mail and homepage (if given) if (!$user->uid || isset($edit['is_anonymous'])) { if (variable_get('comment_anonymous', COMMENT_ANONYMOUS_MAYNOT_CONTACT) > COMMENT_ANONYMOUS_MAYNOT_CONTACT) { + if (!flood_is_allowed('comment', variable_get('comment_hourly_threshold', 20))) { + form_set_error('nid', t('You cannot leave more than %number comments per hour. Please try again later.', array('%number' => variable_get('comment_hourly_threshold', 20)))); + } if ($edit['name']) { $taken = db_result(db_query("SELECT COUNT(uid) FROM {users} WHERE LOWER(name) = '%s'", $edit['name']), 0); @@ -1323,7 +1327,6 @@ function comment_form($edit, $title = NU $form['uid'] = array('#type' => 'value', '#value' => $edit['uid']); $form['preview'] = array('#type' => 'button', '#value' => t('Preview comment'), '#weight' => 19); - $form['#token'] = 'comment' . $edit['nid'] . $edit['pid']; // Only show post button if preview is optional or if we are in preview mode. // We show the post button in preview mode even if there are form errors so that === modified file 'modules/contact.module' --- modules/contact.module +++ modules/contact.module @@ -336,7 +336,6 @@ function contact_mail_user() { else { drupal_set_title($account->name); - $form['#token'] = $user->name . $user->mail; $form['from'] = array('#type' => 'item', '#title' => t('From'), '#value' => $user->name .' <'. $user->mail .'>', @@ -447,7 +446,6 @@ function contact_mail_page() { } if (count($categories) > 1) { - $form['#token'] = $user->name . $user->mail; $form['contact_information'] = array('#type' => 'markup', '#value' => variable_get('contact_form_information', t('You can leave us a message using the contact form below.')), );