Comment token is broken - a follow up.

I can confirm this on today's HEAD, with anonymous or authenticated users. I also receive a "You have to specify a valid date." error.

At the bay area bug fix, I can reproduce as well. Looking into it...

An earlier patch simply missed a line. This patch should complete it.

Just tried this patch on my drupal head version, and it solves the issue.

Committed to HEAD. Thanks.

With form API this won't work. $form['form_token'] = array('#type' => 'hidden', '#value' once you set #value it's, well, set. No matter what you put into form_token, Drupal will accept it rendering the token system useless.

On the other hand, the next line... you do not want form_id to be overridden by _POST['edit']['form_id'] because this leads to the strange situation that if you submitted a form and drupal does not reload the page (rare but happens) then you can't submit another form because just after submission ALL forms have the same (and wrong) form_id.

Chx is in fact correct.

By setting #value, the value of the element becomes immutable, by setting default_value, it takes the value in $_POST into account
when choosing a final value.

+1

Committed.

I am still having problems with this, with today's HEAD.

a) Anonymous user.
b) Create comment.
c) Hit "Preview" (required in this case).
d) Get the validation error.
e) Hit "Post" anyways.
f) Comment gets posted.

Anyone else confirm?

to Morbus...

no,, this is gone, now it works as it should, try to update your form.inc and comment.module from the HEAD.

T.

As mentioned, I'm using today's HEAD, after chx's patch hit.

Morbus,

I'm using all stock modules and all include files from the HEAD, no extra stuff, validation Bud was in form.inc where chx didn't change second function,...., check the version out, it should be - $Id: form.inc,v 1.58 2006/01/25 08:40:53 dries Exp $

..at least that is what I have and it Rocks..

T.

Ayup - I'm actually running one version higher than you are. Could you perhaps grab 1.59 and test?

Morbus,

...Ok, Now cofirming Validation "Bug".. is up again, you were right about that.. sorry for missleading, form.inc v.1,59 is dead again ;(

T.

I fixed the form API bug which hide the comment module. Now the comment module bug came to light. $edit['pid'] is 0 when adding a comment. When you preview it's empty. So. If you were commenting node 12 then the token was comment120 and then comment12. The fact that comments got broken is proof that form tokens now work right. And why were you able to submit? Because a) the form submit button was not wrapped into form_get_errors() b) after preview the token have not changed further so _this_ time the submit succeeded!

Patch works. RTC.

I didn't understand your explanation. Care to elaborate? I don't understand why pid would change ... *confused*

Tested it. Works.

comment_reply :

      else if (user_access('access content')) {
        $output .= node_view($node);
        $pid = 0;
      }

this sets pid to zero. This does not fire on preview. I do not dare to set it to empty, who knows what will break. My fix is solid and breaks nothing.

+1 on this patch. Fixes the error.

I still don't understand this (your explanation isn't very helpful). I'll have to investigate this more before I can commit.

Dries, please read comment_reply function, I really can't say more.

Maybe quoting more from that function helps?

    if ($op == t('Preview comment')) {
      if (user_access('post comments')) {
        $output .= comment_form(array('pid' => $pid, 'nid' => $nid), NULL);
      }
   }
   else {
     if ($pid) {
     }
      else if (user_access('access content')) {
        $output .= node_view($node);
        $pid = 0;
      }
   }

I hope this now shows what's going on.

I applied the patch attached to http://drupal.org/node/46227#comment-69061
It fixes the problem for me.

Hello,

New comments are created ok .. but [delete] is screewd.. it's not working properly.. so this .patch is not ready for commit yet

it gives some .error message like this:

user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near 'FROM node WHERE node_comment_statistics.nid = node.nid AND node.nid = 929' at line 1 
query: UPDATE node_comment_statistics SET comment_count = 0, last_comment_timestamp = created, last_comment_name = '',
last_comment_uid = uid FROM node WHERE node_comment_statistics.nid = node.nid AND node.nid = 929
in /home/www/my_drupal_sites/htdocs/includes/database.mysql.inc on line 124.

..and node_comment_statistics table is not update properly..

T.

That's a whole another error and there is an issue for it... maybe even fixed in HEAD already.

That's a whole another error and there is an issue for it... maybe even fixed in HEAD already.

Hi:

I only started getting this error when I enabled the subscriptions.module.

"Validation error, please try again. If this error persists, please contact the site administrator."

Drupal 4.7beta4. Is this related?

--D

I can confirm this problem today, but mostly I'm just adding my comment so I can stay "subscribed" to this thread through my tracker.

http://drupal.org/files/issues/comment_token.patch still awaits commit.

I got this error with beta 4, grabbed the comments.module from cvs-HEAD and patched it with normal linux patch and it worked like a charm.

User of my site hadn't been able to post comments due to the fact that he has (propably) a dynamic IP address. comment_token.patch didn't work for me but token.patch posted here did the job.

Committed a simplified version of this patch. Thanks.

Hello,

@chx

..could you please enlighten me about comment delete probably "Bug" .. I still can't delete them .. I get taht SQL error\warning message and you said that it's a known "bug" what should be allready fixed in HEAD .. I have everything from the HEAD .. every latest update from today.. and still no LUCK .. could you please point me to the .patch that will fix this SQL thing ...

Regards,
T.

Hello Everyone,

It seams for me that SQL request is very ODD when we delete some comments and it may help for someone to get this solved !!
here is my version of the function _comment_update_node_statistics($nis) in comment.module...

Add - global $user;
Removed - wrong SQL;
Add - the right SQL String;

END..

function _comment_update_node_statistics($nid) {
  global $user;

  $count = db_result(db_query('SELECT COUNT(cid) FROM {comments} WHERE nid = %d AND status = %d', $nid, COMMENT_PUBLISHED));

  // comments exist
  if ($count > 0) {
    $last_reply = db_fetch_object(db_query_range('SELECT cid, name, timestamp, uid FROM {comments} WHERE nid = %d AND status = %d ORDER BY cid DESC', $nid, COMMENT_PUBLISHED, 0, 1));
    db_query("UPDATE {node_comment_statistics} SET comment_count = %d, last_comment_timestamp = %d, last_comment_name = '%s', last_comment_uid = %d WHERE nid = %d", $count, $last_reply->timestamp, $last_reply->uid ? '' : $last_reply->name, $last_reply->uid, $nid);
  }
  // no comments
  else {
    db_query("UPDATE {node_comment_statistics} SET comment_count = 0, last_comment_timestamp = %d, last_comment_name = NULL, last_comment_uid = %d WHERE nid = %d ", time(), $user->uid, $nid);
  }
}

Regards,

T.

@tomsys: Please open a new issue for the botched query. It is unrelated to this issue. Please also submit all changes in patch form.

Thanks
-K

So did we get anything sure on this?

I've just installed 4.7, and still get the error

Validation error, please try again. If this error persists, please contact the site administrator.

If by "installed 4.7", you mean "installed 4.7b4", it's not fixed in that version, but is in CVS.

Having done nothing more than to edit a bad link in a comment, our 5.1 site is now seized by this same problem; there has been no upgrades, no system upgrades, no modules added, no modules removed, no changes in PHP, no changes in Apache, no changes in Linux. The only activity on the entire server has been to post one new blog node, have three comments added to it, and the last comment trivially edited three times. It's not just that it worked this morning or even yesterday; it has been working fine for years, our site just hit its 5th anniversary, and then BAM, the dreaded Validation log-jam :(

Is there a hack that can get an installed site back in operation? Any manual SQL operation, deleting some records, a tweak to the PHP or the variables tables, something, anything? Upgrading to the head is simply not an option short-term.

Weird ... it ... just ... went ... away?

Spooky. Came out of nowhere, and has now apparently slipped back into that nether realm.
(cue the theramins ...)

Same ERROR. My site has been up for two years. I upgraded to 5.7 two weeks ago. Now this error today after trying to edit ecommerce transaction flow.

Very annoying.