Index: index.php
===================================================================
RCS file: /cvs/drupal/drupal/index.php,v
retrieving revision 1.82
diff -u -F^f -r1.82 index.php
--- index.php	21 Aug 2004 06:42:34 -0000	1.82
+++ index.php	24 Apr 2005 09:11:31 -0000
@@ -14,6 +14,7 @@
 include_once 'includes/common.inc';
 
 fix_gpc_magic();
+fix_form();
 
 $status = menu_execute_active_handler();
 switch ($status) {
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.437
diff -u -F^f -r1.437 common.inc
--- includes/common.inc	11 Apr 2005 22:48:27 -0000	1.437
+++ includes/common.inc	24 Apr 2005 09:11:31 -0000
@@ -397,6 +397,32 @@ function _fix_gpc_magic(&$item) {
   }
 }
 
+function fix_form() {
+  if (isset($_POST['form_array'])) {
+    $_POST['edit'] = _fix_form($_POST['edit'], $_POST['form_array'], array());
+  }
+  if (isset($_POST['form_zero'])) {
+    $_POST['edit'] = _fix_form($_POST['edit'], $_POST['form_zero'], 0);
+  }
+}
+
+function _fix_form($array1, $array2, $value) {
+  if (is_array($array2) && count($array2)) {
+    foreach ($array2 as $k => $v) {
+      if (is_array($v) && count($v)) {
+        $array1[$k] = _fix_form($array1[$k], $v, $value);
+      }
+      else if (!isset($array1[$k])) {
+        $array1[$k] = $value;
+      }
+    }
+  }
+  else {
+    $array1 = $value;
+  }
+  return $array1;
+}
+
 /**
  * Correct double-escaping problems caused by "magic quotes" in some PHP
  * installations.
@@ -1112,7 +1138,7 @@ function form_radios($title, $name, $val
     foreach ($options as $key => $choice) {
       $choices .= '<label class="option"><input type="radio" class="form-radio" name="edit['. $name .']" value="'. $key .'"'. ($key == $value ? ' checked="checked"' : ''). drupal_attributes($attributes) .' /> '. $choice .'</label><br />';
     }
-    return theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name));
+    return form_hidden($name, 1, 'form_array') . theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name));
   }
 }
 
@@ -1141,9 +1167,7 @@ function form_checkbox($title, $name, $v
   if (!is_null($title)) {
     $element = '<label class="option">'. $element .' '. $title .'</label>';
   }
-  // Note: because unchecked boxes are not included in the POST data, we include
-  // a form_hidden() which will be overwritten for a checked box.
-  return form_hidden($name, 0) . theme('form_element', NULL, $element, $description, $name, $required, _form_get_error($name));
+  return form_hidden($name, 1, 'form_zero') . theme('form_element', NULL, $element, $description, $name, $required, _form_get_error($name));
 }
 
 /**
@@ -1176,10 +1200,7 @@ function form_checkboxes($title, $name, 
     foreach ($options as $key => $choice) {
       $choices .= '<label class="option"><input type="checkbox" class="form-checkbox" name="edit['. $name .'][]" value="'. $key .'"'. (in_array($key, $values) ? ' checked="checked"' : ''). drupal_attributes($attributes) .' /> '. $choice .'</label><br />';
     }
-    // Note: because unchecked boxes are not included in the POST data, we
-    // include a form_hidden() which will be overwritten as soon as there is at
-    // least one checked box.
-    return form_hidden($name, 0) . theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name));
+    return form_hidden($name, 1, 'form_array') . theme('form_element', $title, $choices, $description, NULL, $required, _form_get_error($name));
   }
 }
 
@@ -1317,7 +1338,7 @@ function form_select($title, $name, $val
       $select .= '<option value="'. $key .'"'. (is_array($value) ? (in_array($key, $value) ? ' selected="selected"' : '') : ($value == $key ? ' selected="selected"' : '')) .'>'. check_plain($choice) .'</option>';
     }
   }
-  return theme('form_element', $title, '<select name="edit['. $name .']'. ($multiple ? '[]' : '') .'"'. ($multiple ? ' multiple="multiple" ' : '') . ($extra ? ' '. $extra : '') .' id="edit-'. $name .'">'. $select .'</select>', $description, 'edit-'. $name, $required, _form_get_error($name));
+  return ($multiple ? form_hidden($name, 1, 'form_array') : '') . theme('form_element', $title, '<select name="edit['. $name .']'. ($multiple ? '[]' : '') .'"'. ($multiple ? ' multiple="multiple" ' : '') . ($extra ? ' '. $extra : '') .' id="edit-'. $name .'">'. $select .'</select>', $description, 'edit-'. $name, $required, _form_get_error($name));
 }
 
 /**
@@ -1357,8 +1378,8 @@ function form_file($title, $name, $size,
  * but be sure to validate the data on the receiving page as it is possible for
  * an attacker to change the value before it is submitted.
  */
-function form_hidden($name, $value) {
-  return '<input type="hidden" name="edit['. $name .']" value="'. check_plain($value) ."\" />\n";
+function form_hidden($name, $value, $edit = 'edit') {
+  return '<input type="hidden" name="'. $edit .'['. $name .']" value="'. check_plain($value) ."\" />\n";
 }
 
 /**