/**
* {@inheritdoc}
*/
public function validateForm($form_id, &$form, FormStateInterface &$form_state)
{
// If this form is flagged to always validate, ensure that previous runs of
// validation are ignored.
if ($form_state->isValidationEnforced()) {
$form_state->setValidationComplete(FALSE);
}
// If this form has completed validation, do not validate again.
if ($form_state->isValidationComplete()) {
return;
}
// If the session token was set by self::prepareForm(), ensure that it
// matches the current user's session.
if (isset($form['#token'])) {
if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token'])) {
$url = $this->requestStack->getCurrentRequest()->getRequestUri();
// Setting this error will cause the form to fail validation.
$form_state->setErrorByName('form_token', $this->t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url)));
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$this->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element.
$this->doValidateForm($form, $form_state, $form_id);
$this->finalizeValidation($form, $form_state, $form_id);
$this->handleErrorsWithLimitedValidation($form, $form_state, $form_id);
}
/**
* {@inheritdoc}
*/
public function setValidationComplete($validation_complete = TRUE)
{
$this->mainFormState->setValidationComplete($validation_complete);
return $this;
}
/**
* {@inheritdoc}
*/
public function validateForm($form_id, &$form, FormStateInterface &$form_state)
{
// If this form is flagged to always validate, ensure that previous runs of
// validation are ignored.
if ($form_state->isValidationEnforced()) {
$form_state->setValidationComplete(FALSE);
}
// If this form has completed validation, do not validate again.
if ($form_state->isValidationComplete()) {
return;
}
// If the session token was set by self::prepareForm(), ensure that it
// matches the current user's session. This is duplicate to code in
// FormBuilder::doBuildForm() but left to protect any custom form handling
// code.
if (isset($form['#token'])) {
if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
$this->setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$this->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element.
$this->doValidateForm($form, $form_state, $form_id);
$this->finalizeValidation($form, $form_state, $form_id);
$this->handleErrorsWithLimitedValidation($form, $form_state, $form_id);
}
/**
* @covers ::setValidationComplete
*
* @dataProvider providerSingleBooleanArgument
*
* @param bool $complete
*/
public function testSetValidationComplete($complete)
{
$this->decoratedFormState->setValidationComplete($complete)->shouldBeCalled();
$this->assertSame($this->formStateDecoratorBase, $this->formStateDecoratorBase->setValidationComplete($complete));
}
