as reported in http://lists.drupal.org/archives/infrastructure/2006-06/msg00169.html, if you're trying to add a comment to a signup-enabled node, and you attempt to preview your comment, you get the message:

Validation error, please try again. If this error persists, please contact the site administrator.

this is code from includes/form.inc, messing with the '#token' attribute. i asked on IRC, and chx said:

chx: dww: leave #token
chx: dww: there be dragons
...
Derek: anyway, back to #token -- chx, killes -- any words of wisdom, or am i basically screwed on this?
chx: dww: sorry i have no idea, i would need to see the relevant signup code
Derek: chx: there's no signup code at all.
Derek: chx: "grep token modules/signup/*" is empty
chx: dww: bah, use form_alter to get rid of the token in relevant comment form
chx: dww: note this is applicable if you have anon comments disabled
chx: dww: otherwise you need to debug
...
Derek: chx: anon users can apparently comment on signup-enabled nodes without trouble from #token.
so, taking token completely out of the picture in signup_form_alter() is my best bet?
...
Derek: chx: alas, that doesn't seem to work, either. :(  the validation errors go away, but things then behave quite weirdly.

by "things then behave quite weirdly", i mean: when you click on "preview", you immediately submit an empty comment, even if you've entered in text. :( maybe i'm not doing what chx is suggesting, but i've tried this:

 elseif( 'comment_form' == $form_id ) {
    unset($form['#token']);
    unset($form['form_token']);
  }

and both of those unset calls individually. basically, it seems the 'form_token' part has no effect... whether or not i leave that in the $form, if '#token' is set, i get the validation errors, and if it's unset, i get the empty comments. :(

i only vaugely understand how '#token' is supposed to work, and it's not mentioned anywhere in the FAPI docs. hopefully someone more clueful about this than i can point me in the right direction...

-derek

p.s. i traced the cvs archeology for the #token stuff and found http://drupal.org/node/28420. after reading that, i have a slightly better understanding of what this is all about, but still no better clue as to why it's going wrong once you enable signups on a node. :( maybe that's because it's 3:30am and i woke up nearly 24 hours ago in a hotel in guatemala. ;) better get some sleep and look at this again another day...

CommentFileSizeAuthor
#2 signup-token-validation.patch1.38 KBdww

Comments

dww’s picture

dww
we/he/they
commented
Assigned: Unassigned » dww

with some help from merlinofchaos and moshe, i figured this out. the problem is signup_nodeapi() isn't checking the $page argument, and trying to inject the signup form elements on 'view', even if we're not really viewing the node, but in the middle of validating, etc. that screws everything else. i'll roll a patch after lunch. ;)

dww’s picture

dww
we/he/they
commented
Status: Active » Needs review
StatusFileSize
new signup-token-validation.patch1.38 KB

the code was already (sort of) trying to deal with this by checking isset($node->preview). the attached patch does it better, and handles more cases, by checking the $page argument to hook_nodeapi().

dww’s picture

dww
we/he/they
commented
Status: Needs review » Fixed

applied to HEAD and 4.7. confirmed this isn't a bug in 4.6.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)
heine’s picture

heine commented
Version: » 4.6.x-1.x-dev
Status: Closed (fixed) » Active

This may also have been fixed by the patch to core (#63990).

heine’s picture

heine commented
Version: 4.6.x-1.x-dev » 4.7.x-1.x-dev

Not sure why that set 4.6 as version.

dww’s picture

dww
we/he/they
commented
Status: Active » Fixed

i read that other issue, but i didn't look at the patches. however, i'm not sure why you re-opened this issue... the solution in signup (which is totally reasonable, IMHO) was to not display the "signup for this node" form in the node while you're previewing a comment on the node. seems strange to present that form during a preview, or someone might be tempted to actually use it, thereby losing their comment they're in the middle of. ;)

so, i'm setting this back to fixed, since even if core doesn't crap out if you try to render both forms anymore, i still don't think it's a good idea to include this form in this case, anyway.

heine, am i missing something?

thanks,
-derek

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)