Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.178
diff -u -F^f -r1.178 form.inc
--- includes/form.inc	15 Feb 2007 11:40:17 -0000	1.178
+++ includes/form.inc	18 Feb 2007 00:55:28 -0000
@@ -397,6 +397,11 @@ function drupal_validate_form($form_id, 
     }
   }
 
+  if (!$form['#programmed'] && isset($_SESSION['last_submitted']['hash']) && $_SESSION['last_submitted']['hash'] == md5(serialize($form['form_id']['#post']))) {
+    // This is a repeat submission.
+    drupal_redirect_form(NULL, $_SESSION['last_submitted']['destination']);
+  }
+
   _form_validate($form, $form_id);
   $validated_forms[$form_id] = TRUE;
 }
@@ -418,6 +423,7 @@ function drupal_validate_form($form_id, 
 function drupal_submit_form($form_id, $form) {
   global $form_values;
   $default_args = array($form_id, &$form_values);
+  $submitted = FALSE;
 
   if (isset($form['#submit'])) {
     foreach ($form['#submit'] as $function => $args) {
@@ -426,12 +432,20 @@ function drupal_submit_form($form_id, $f
         // Since we can only redirect to one page, only the last redirect
         // will work.
         $redirect = call_user_func_array($function, $args);
+        $submitted = TRUE;
         if (isset($redirect)) {
           $goto = $redirect;
         }
       }
     }
   }
+  // Successful submit. Hash this form's POST and store the hash in the
+  // session. We'll use this hash later whenever this user submits another 
+  // form to make sure no identical forms get submitted twice. 
+  if ($submitted) {
+    $_SESSION['last_submitted'] = array('destination' => $goto, 'hash' => md5(serialize($form['form_id']['#post'])));
+  }
+  
   if (isset($goto)) {
     return $goto;
   }