/** * {@inheritdoc} */ public function validateForm($form_id, &$form, FormStateInterface &$form_state) { // If this form is flagged to always validate, ensure that previous runs of // validation are ignored. if ($form_state->isValidationEnforced()) { $form_state->setValidationComplete(FALSE); } // If this form has completed validation, do not validate again. if ($form_state->isValidationComplete()) { return; } // If the session token was set by self::prepareForm(), ensure that it // matches the current user's session. if (isset($form['#token'])) { if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token'])) { $url = $this->requestStack->getCurrentRequest()->getRequestUri(); // Setting this error will cause the form to fail validation. $form_state->setErrorByName('form_token', $this->t('The form has become outdated. Copy any unsaved work in the form below and then <a href="@link">reload this page</a>.', array('@link' => $url))); // Stop here and don't run any further validation handlers, because they // could invoke non-safe operations which opens the door for CSRF // vulnerabilities. $this->finalizeValidation($form, $form_state, $form_id); return; } } // Recursively validate each form element. $this->doValidateForm($form, $form_state, $form_id); $this->finalizeValidation($form, $form_state, $form_id); $this->handleErrorsWithLimitedValidation($form, $form_state, $form_id); }
/** * {@inheritdoc} */ public function setValidationComplete($validation_complete = TRUE) { $this->mainFormState->setValidationComplete($validation_complete); return $this; }
/** * {@inheritdoc} */ public function validateForm($form_id, &$form, FormStateInterface &$form_state) { // If this form is flagged to always validate, ensure that previous runs of // validation are ignored. if ($form_state->isValidationEnforced()) { $form_state->setValidationComplete(FALSE); } // If this form has completed validation, do not validate again. if ($form_state->isValidationComplete()) { return; } // If the session token was set by self::prepareForm(), ensure that it // matches the current user's session. This is duplicate to code in // FormBuilder::doBuildForm() but left to protect any custom form handling // code. if (isset($form['#token'])) { if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) { $this->setInvalidTokenError($form_state); // Stop here and don't run any further validation handlers, because they // could invoke non-safe operations which opens the door for CSRF // vulnerabilities. $this->finalizeValidation($form, $form_state, $form_id); return; } } // Recursively validate each form element. $this->doValidateForm($form, $form_state, $form_id); $this->finalizeValidation($form, $form_state, $form_id); $this->handleErrorsWithLimitedValidation($form, $form_state, $form_id); }
/** * @covers ::setValidationComplete * * @dataProvider providerSingleBooleanArgument * * @param bool $complete */ public function testSetValidationComplete($complete) { $this->decoratedFormState->setValidationComplete($complete)->shouldBeCalled(); $this->assertSame($this->formStateDecoratorBase, $this->formStateDecoratorBase->setValidationComplete($complete)); }