Hi there! What follows is a proposal I sent to Dries before the security releases were made. Since it hinted at the possibility of flaws in our current way of handling forms I didn't want to make it available for public viewing at that time. There are probably still errors in some forms, but the most serious exploits should be fixed now. Although the proposal is geared towards node forms, it could be easily extended for other forms. Feedback would be appreciated. Instead of $output .= form_textfield(t('Title'), 'title', $edit->title, 60, 128, NULL, NULL, TRUE); we'd write $output['title'] = array('type' => 'textfield', 'title' => t('Title'), 'name' => 'title', 'value' => $edit->title, 'size' => 60, 'maxlenght' => 128, 'decription' => NULL, 'attributes' => NULL, 'required' => TRUE ); (We could add a 'group' element to indicate elements that should be grouped together, also a weight). Only in form() itself we'd generate the html. form() should be a themable function. What would that buy us? a) Easier value checking. In _validate we would then build the form a second time to check that all the fields still have the type and value they are supposed to have. foreach ($form_elements as $name => $value) { switch($value['type']) { case 'textfield': if (!is_string($edit['value'])) { form_set_error(...); } if (is_empty($edit['value']) && $value['required']) { form_set_error(...); } break; case 'textarea': .... } } (special checks such as "authored by" can be done here, possibly add another hook to get cleaner code) This would eliminate form problems such as the ones we are fixing in the bugfix release. Currently, a malicious user could try to spoof some of the fields (I am unsure with what kind of success). b) easier re-ordering of forms by modules and themes. Example: I'd like to add a description field to uploads uploaded through upload.module. I can do that through nodeapi(form post), but if I have three upload fields all my three description fields would appear after the three file selectors. If the existing form array would be passed around in "form post" I could add my fields in between. I think that Chris' ideas of nicer admin screens (with all their possible flaws) also require such a reorganization. Cheers, Gerhard