/**
  * Create a new form, with the given fields an action buttons.
  *
  * @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
  * @param string $name The method on the controller that will return this form object.
  * @param FieldList $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
  * @param FieldList $actions All of the action buttons in the form - a {@link FieldLis} of
  *                           {@link FormAction} objects
  * @param Validator|null $validator Override the default validator instance (Default: {@link RequiredFields})
  */
 public function __construct($controller, $name, FieldList $fields, FieldList $actions, Validator $validator = null)
 {
     parent::__construct();
     $fields->setForm($this);
     $actions->setForm($this);
     $this->fields = $fields;
     $this->actions = $actions;
     $this->controller = $controller;
     $this->setName($name);
     if (!$this->controller) {
         user_error("{$this->class} form created without a controller", E_USER_ERROR);
     }
     // Form validation
     $this->validator = $validator ? $validator : new RequiredFields();
     $this->validator->setForm($this);
     // Form error controls
     $this->setupFormErrors();
     // Check if CSRF protection is enabled, either on the parent controller or from the default setting. Note that
     // method_exists() is used as some controllers (e.g. GroupTest) do not always extend from Object.
     if (method_exists($controller, 'securityTokenEnabled') || method_exists($controller, 'hasMethod') && $controller->hasMethod('securityTokenEnabled')) {
         $securityEnabled = $controller->securityTokenEnabled();
     } else {
         $securityEnabled = SecurityToken::is_enabled();
     }
     $this->securityToken = $securityEnabled ? new SecurityToken() : new NullSecurityToken();
     $this->setupDefaultClasses();
 }