Index: includes/form.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/form.inc,v retrieving revision 1.291 diff -u -p -r1.291 form.inc --- includes/form.inc 10 Oct 2008 07:49:47 -0000 1.291 +++ includes/form.inc 11 Oct 2008 03:21:44 -0000 @@ -100,7 +100,7 @@ function drupal_get_form($form_id) { array_unshift($args_temp, $form_id); $form = call_user_func_array('drupal_retrieve_form', $args_temp); - $form_build_id = 'form-' . md5(mt_rand()); + $form_build_id = 'form-' . md5(uniqid(mt_rand(), TRUE)); $form['#build_id'] = $form_build_id; drupal_prepare_form($form_id, $form, $form_state); // Store a copy of the unprocessed form for caching and indicate that it @@ -221,10 +221,13 @@ function drupal_rebuild_form($form_id, & function form_get_cache($form_build_id, &$form_state) { if ($cached = cache_get('form_' . $form_build_id, 'cache_form')) { $form = $cached->data; - if ($cached = cache_get('storage_' . $form_build_id, 'cache_form')) { - $form_state['storage'] = $cached->data; + global $user; + if ((isset($form['#cache_token']) && drupal_valid_token($form['#cache_token'])) || (!isset($form['#cache_token']) && !$user->uid)) { + if ($cached = cache_get('storage_' . $form_build_id, 'cache_form')) { + $form_state['storage'] = $cached->data; + } + return $form; } - return $form; } } @@ -234,7 +237,10 @@ function form_get_cache($form_build_id, function form_set_cache($form_build_id, $form, $form_state) { // 6 hours cache life time for forms should be plenty. $expire = 21600; - + global $user; + if ($user->uid) { + $form['#cache_token'] = drupal_get_token(); + } cache_set('form_' . $form_build_id, $form, 'cache_form', REQUEST_TIME + $expire); if (!empty($form_state['storage'])) { cache_set('storage_' . $form_build_id, $form_state['storage'], 'cache_form', REQUEST_TIME + $expire); Index: modules/book/book.pages.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/book/book.pages.inc,v retrieving revision 1.7 diff -u -p -r1.7 book.pages.inc --- modules/book/book.pages.inc 15 May 2008 21:19:24 -0000 1.7 +++ modules/book/book.pages.inc 11 Oct 2008 03:21:46 -0000 @@ -232,19 +232,16 @@ function book_remove_form_submit($form, * Prints the replacement HTML in JSON format. */ function book_form_update() { - $cid = 'form_' . $_POST['form_build_id']; + $cached_form_state = array(); $bid = $_POST['book']['bid']; - $cache = cache_get($cid, 'cache_form'); - if ($cache) { - $form = $cache->data; - + if ($form = form_get_cache($_POST['form_build_id'], $cached_form_state)) { // Validate the bid. if (isset($form['book']['bid']['#options'][$bid])) { $book_link = $form['#node']->book; $book_link['bid'] = $bid; // Get the new options and update the cache. $form['book']['plid'] = _book_parent_select($book_link); - cache_set($cid, $form, 'cache_form', $cache->expire); + form_set_cache($_POST['form_build_id'], $form, $cached_form_state); // Build and render the new select element, then return it in JSON format. $form_state = array(); $form['#post'] = array(); Index: modules/poll/poll.module =================================================================== RCS file: /cvs/drupal/drupal/modules/poll/poll.module,v retrieving revision 1.275 diff -u -p -r1.275 poll.module --- modules/poll/poll.module 9 Oct 2008 15:15:52 -0000 1.275 +++ modules/poll/poll.module 11 Oct 2008 03:21:47 -0000 @@ -366,7 +366,9 @@ function poll_choice_js() { // not process it. We retreive the cached form, add the element, and resave. $form_build_id = $_POST['form_build_id']; $form_state = array('submitted' => FALSE); - $form = form_get_cache($form_build_id, $form_state); + if (!$form = form_get_cache($form_build_id, $form_state)) { + exit(); + } $delta = count($_POST['choice']); $key = isset($form['#node']->choice) ? 'new:'. ($delta - count($form['#node']->choice)) : 'new:'. $delta;