Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #3423454 by scott_euser, smustgrave: Form Builder does not fully allow Ajax GET requests

merge-requests/5731/merge
catch 2024-02-26 10:47:20 +00:00
parent 84fcf292a5
commit 09ade8fa41
2 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
core/lib/Drupal/Core/Form/FormBuilder.php
View File

@ -327,7 +327,7 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
// In case the post request exceeds the configured allowed size // In case the post request exceeds the configured allowed size
// (post_max_size), the post request is potentially broken. Add some // (post_max_size), the post request is potentially broken. Add some
// protection against that and at the same time have a nice error message. // protection against that and at the same time have a nice error message.
if ($ajax_form_request && !$request->request->has('form_id')) { if ($ajax_form_request && !$request->get('form_id')) {
throw new BrokenPostRequestException($this->getFileUploadMaxSize()); throw new BrokenPostRequestException($this->getFileUploadMaxSize());
} }
@ -340,7 +340,7 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
// build a proper AJAX response. // build a proper AJAX response.
// Only do this when the form ID matches, since there is no guarantee from // Only do this when the form ID matches, since there is no guarantee from
// $ajax_form_request that it's an AJAX request for this particular form. // $ajax_form_request that it's an AJAX request for this particular form.
if ($ajax_form_request && $form_state->isProcessingInput() && $request->request->get('form_id') == $form_id) { if ($ajax_form_request && $form_state->isProcessingInput() && $request->get('form_id') == $form_id) {
throw new FormAjaxException($form, $form_state); throw new FormAjaxException($form, $form_state);
} }

26
core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
View File

@ -595,7 +595,7 @@ class FormBuilderTest extends FormTestBase {
/** /**
* @covers ::buildForm * @covers ::buildForm
*/ */
public function testGetPostAjaxRequest() { public function testPostAjaxRequest(): void {
$request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE], ['form_id' => 'different_form_id']); $request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE], ['form_id' => 'different_form_id']);
$request->setMethod('POST'); $request->setMethod('POST');
$this->requestStack->push($request); $this->requestStack->push($request);
@ -615,6 +615,30 @@ class FormBuilderTest extends FormTestBase {
$this->assertSame('test-form', $form['#id']); $this->assertSame('test-form', $form['#id']);
} }
/**
* @covers ::buildForm
*/
public function testGetAjaxRequest(): void {
$request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE]);
$request->query->set('form_id', 'different_form_id');
$request->setMethod('GET');
$this->requestStack->push($request);
$form_state = (new FormState())
->setUserInput([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE])
->setMethod('get')
->setAlwaysProcess()
->disableRedirect()
->set('ajax', TRUE);
$form_id = '\Drupal\Tests\Core\Form\TestForm';
$expected_form = (new TestForm())->buildForm([], $form_state);
$form = $this->formBuilder->buildForm($form_id, $form_state);
$this->assertFormElement($expected_form, $form, 'test');
$this->assertSame('test-form', $form['#id']);
}
/** /**
* @covers ::buildForm * @covers ::buildForm
* *