public function test_validate_form_with_changed_csrf_token_and_disabled_csrf_protection_is_valid()
{
$form = PostForm::create("/index.php");
$form->enableCsrf(false);
// disable csrf protection
// emulate "hacker" activity, add '1' to the end
$input = $form->getInput(PostForm::CSRF_FIELD_NAME);
$input->setValue($input->getValue() . '1');
$validationResult = $form->validate();
$this->assertTrue($validationResult->isValid());
$this->assertEmpty($validationResult->getErrors());
}
public static function create($action)
{
$form = new PostForm($action);
$form->createCSRFInput();
return $form;
}