From 4b663a62af7d8d7437428c7cc192fd3013e4e3f8 Mon Sep 17 00:00:00 2001
From: Neil Drumm <drumm@3064.no-reply.drupal.org>
Date: Sun, 5 Mar 2006 02:46:55 +0000
Subject: [PATCH] #52484 by chx: filter_form needs validation

---
 includes/form.inc            | 52 +++++++++++++++++++-----------------
 modules/filter.module        | 11 ++++++++
 modules/filter/filter.module | 11 ++++++++
 3 files changed, 49 insertions(+), 25 deletions(-)

diff --git a/includes/form.inc b/includes/form.inc
index 26f32e58dd4..08615249609 100644
--- a/includes/form.inc
+++ b/includes/form.inc
@@ -170,34 +170,36 @@ function drupal_submit_form($form_id, $form, $callback = NULL) {
 
 function _form_validate($elements, $form_id = NULL) {
   /* Validate the current input */
-  if (!$elements['#validated'] && ($elements['#input'] || isset($form_id))) {
-    // An empty textfield returns '' so we use empty(). An empty checkbox
-    // and a textfield could return '0' and empty('0') returns TRUE so we
-    // need a special check for the '0' string.
-    if ($elements['#required'] && empty($elements['#value']) && $elements['#value'] !== '0') {
-      form_error($elements, t('%name field is required.', array('%name' => $elements['#title'])));
-    }
+  if (!$elements['#validated']) {
+    if ($elements['#input'] || isset($form_id)) {
+      // An empty textfield returns '' so we use empty(). An empty checkbox
+      // and a textfield could return '0' and empty('0') returns TRUE so we
+      // need a special check for the '0' string.
+      if ($elements['#required'] && empty($elements['#value']) && $elements['#value'] !== '0') {
+        form_error($elements, t('%name field is required.', array('%name' => $elements['#title'])));
+      }
 
-    // Add legal choice check if element has #options. Can be skipped, but then you must validate your own element.
-    if (isset($elements['#options']) && isset($elements['#value']) && !isset($elements['#DANGEROUS_SKIP_CHECK'])) {
-      if ($elements['#type'] == 'select') {
-        $options = form_options_flatten($elements['#options']);
-      }
-      else {
-        $options = $elements['#options'];
-      }
-      if (is_array($elements['#value'])) {
-        $value = $elements['#type'] == 'checkboxes' ? array_keys(array_filter($elements['#value'])) : $elements['#value'];
-        foreach ($value as $v) {
-          if (!isset($options[$v])) {
-            form_error($elements, t('An illegal choice has been detected. Please contact the site administrator.'));
-            watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme('placeholder', check_plain($v)), '%name' => theme_placeholder(empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'])), WATCHDOG_ERROR));
+      // Add legal choice check if element has #options. Can be skipped, but then you must validate your own element.
+      if (isset($elements['#options']) && isset($elements['#value']) && !isset($elements['#DANGEROUS_SKIP_CHECK'])) {
+        if ($elements['#type'] == 'select') {
+          $options = form_options_flatten($elements['#options']);
+        }
+        else {
+          $options = $elements['#options'];
+        }
+        if (is_array($elements['#value'])) {
+          $value = $elements['#type'] == 'checkboxes' ? array_keys(array_filter($elements['#value'])) : $elements['#value'];
+          foreach ($value as $v) {
+            if (!isset($options[$v])) {
+              form_error($elements, t('An illegal choice has been detected. Please contact the site administrator.'));
+              watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme('placeholder', check_plain($v)), '%name' => theme_placeholder(empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'])), WATCHDOG_ERROR));
+            }
           }
         }
-      }
-      elseif (!isset($options[$elements['#value']])) {
-        form_error($elements, t('An illegal choice has been detected. Please contact the site administrator.'));
-        watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme_placeholder(check_plain($v)), '%name' => theme('placeholder', empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'])), WATCHDOG_ERROR));
+        elseif (!isset($options[$elements['#value']])) {
+          form_error($elements, t('An illegal choice has been detected. Please contact the site administrator.'));
+          watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme_placeholder(check_plain($v)), '%name' => theme('placeholder', empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'])), WATCHDOG_ERROR));
+        }
       }
     }
 
diff --git a/modules/filter.module b/modules/filter.module
index 40f53dbd05a..e7df3c8fd7b 100644
--- a/modules/filter.module
+++ b/modules/filter.module
@@ -802,6 +802,7 @@ function filter_form($value = FILTER_FORMAT_DEFAULT, $weight = NULL, $parents =
       '#collapsible' => TRUE,
       '#collapsed' => TRUE,
       '#weight' => $weight,
+      '#validate' => array('filter_form_validate' => array()),
     );
     // Multiple formats available: display radio buttons with tips.
     foreach ($formats as $format) {
@@ -829,6 +830,16 @@ function filter_form($value = FILTER_FORMAT_DEFAULT, $weight = NULL, $parents =
   return $form;
 }
 
+function filter_form_validate($form) {
+  foreach (element_children($form) as $key) {
+    if ($form[$key]['#value'] == $form[$key]['#return_value']) {
+      return;
+    }
+  }
+  form_error($form, t('An illegal choice has been detected. Please contact the site administrator.'));
+  watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme('placeholder', check_plain($v)), '%name' => theme_placeholder(empty($form['#title']) ? $form['#parents'][0] : $form['#title'])), WATCHDOG_ERROR));
+}
+
 /**
  * Returns true if the user is allowed to access this format.
  */
diff --git a/modules/filter/filter.module b/modules/filter/filter.module
index 40f53dbd05a..e7df3c8fd7b 100644
--- a/modules/filter/filter.module
+++ b/modules/filter/filter.module
@@ -802,6 +802,7 @@ function filter_form($value = FILTER_FORMAT_DEFAULT, $weight = NULL, $parents =
       '#collapsible' => TRUE,
       '#collapsed' => TRUE,
       '#weight' => $weight,
+      '#validate' => array('filter_form_validate' => array()),
     );
     // Multiple formats available: display radio buttons with tips.
     foreach ($formats as $format) {
@@ -829,6 +830,16 @@ function filter_form($value = FILTER_FORMAT_DEFAULT, $weight = NULL, $parents =
   return $form;
 }
 
+function filter_form_validate($form) {
+  foreach (element_children($form) as $key) {
+    if ($form[$key]['#value'] == $form[$key]['#return_value']) {
+      return;
+    }
+  }
+  form_error($form, t('An illegal choice has been detected. Please contact the site administrator.'));
+  watchdog('form', t('Illegal choice %choice in %name element.', array('%choice' => theme('placeholder', check_plain($v)), '%name' => theme_placeholder(empty($form['#title']) ? $form['#parents'][0] : $form['#title'])), WATCHDOG_ERROR));
+}
+
 /**
  * Returns true if the user is allowed to access this format.
  */