On Sun, 7 Aug 2005, Jeremy Andrews wrote:
my filter. I finally realized what the spammer is doing is setting $_POST['op'] to 'Post comment', effectively bypassing the preview phase.
[...]
I have the feeling I'm missing a simpler, cleaner solution. Suggestions?
I think that the form code rewrite that I've proposed and that Adrian is/was working on should take care of this. It would check whether a field "op" could have been present in the original form. The problem that we in this case have a dynamic form. I think that checking of a session variable would help. This would break posting for clients which do not accept our cookie. Which maybe would be quite welcome in this case. ;^) Since you probably do not wait for Drupal 4.7 you should thus try to put the unique preview ID into the session. Cheers, Gerhard