Index: includes/form.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/form.inc,v
retrieving revision 1.174.2.3
diff -u -F^f -r1.174.2.3 form.inc
--- includes/form.inc	29 Jan 2007 21:51:53 -0000	1.174.2.3
+++ includes/form.inc	27 Feb 2007 19:15:40 -0000
@@ -283,6 +283,7 @@ function drupal_prepare_form($form_id, &
   global $user;
 
   $form['#type'] = 'form';
+  $form['#skip_duplicate_check'] = FALSE;
 
   if (!isset($form['#post'])) {
     $form['#post'] = $_POST;
@@ -395,6 +396,11 @@ function drupal_validate_form($form_id, 
       // Setting this error will cause the form to fail validation.
       form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
     }
+  }      
+  
+  if (!$form['#programmed'] && !$form['#skip_duplicate_check'] && isset($_SESSION['last_submitted']['hash']) && $_SESSION['last_submitted']['hash'] == md5(serialize($form['form_id']['#post']))) {
+    // This is a repeat submission.
+    drupal_redirect_form(NULL, $_SESSION['last_submitted']['destination']);
   }
 
   _form_validate($form, $form_id);
@@ -418,6 +424,8 @@ function drupal_validate_form($form_id, 
 function drupal_submit_form($form_id, $form) {
   global $form_values;
   $default_args = array($form_id, &$form_values);
+  $submitted = FALSE;
+  $goto = NULL;
 
   if (isset($form['#submit'])) {
     foreach ($form['#submit'] as $function => $args) {
@@ -426,12 +434,21 @@ function drupal_submit_form($form_id, $f
         // Since we can only redirect to one page, only the last redirect
         // will work.
         $redirect = call_user_func_array($function, $args);
+        $submitted = TRUE;
         if (isset($redirect)) {
           $goto = $redirect;
         }
       }
     }
   }
+  
+  // Successful submit. Hash this form's POST and store the hash in the
+  // session. We'll use this hash later whenever this user submits another 
+  // form to make sure no identical forms get submitted twice. 
+  if ($submitted && !$form['#skip_duplicate_check']) {
+    $_SESSION['last_submitted'] = array('destination' => $goto, 'hash' => md5(serialize($form['form_id']['#post'])));
+  }
+  
   return $goto;
 }