Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2143349 by larowlan: Submitting a form as an anonymous user when $form['#token'] = FALSE results in a notice.

8.0.x
webchick 2013-12-03 11:32:57 -08:00
parent 447d8c2116
commit 6d0ba6bfd7
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/lib/Drupal/Core/Form/FormBuilder.php
View File

@ -591,6 +591,11 @@ class FormBuilder implements FormBuilderInterface {
// Only process the input if we have a correct form submission.
if ($form_state['process_input']) {
// Form constructors may explicitly set #token to FALSE when cross site
// request forgery is irrelevant to the form, such as search forms.
if (isset($form['#token']) && $form['#token'] === FALSE) {
unset($form['#token']);
}
$this->validateForm($form_id, $form, $form_state);
// drupal_html_id() maintains a cache of element IDs it has seen, so it

7
core/modules/system/lib/Drupal/system/Tests/Form/ElementsTableSelectTest.php
View File

@ -216,6 +216,9 @@ class ElementsTableSelectTest extends WebTestBase {
$form_state = form_state_defaults();
$form['op'] = array('#type' => 'submit', '#value' => t('Submit'));
// The form token CSRF protection should not interfere with this test, so we
// bypass it by setting the token to FALSE.
$form['#token'] = FALSE;
$form_state['input'] = $edit;
$form_state['input']['form_id'] = $form_id;
@ -224,10 +227,6 @@ class ElementsTableSelectTest extends WebTestBase {
drupal_process_form($form_id, $form, $form_state);
// The form token CSRF protection should not interfere with this test, so we
// bypass it by marking this test form as programmed.
$form_state['programmed'] = TRUE;
$errors = form_get_errors($form_state);
// Clear errors and messages.

4
core/modules/system/lib/Drupal/system/Tests/Form/FormTest.php
View File

@ -111,8 +111,8 @@ class FormTest extends WebTestBase {
$form_state['input']['form_id'] = $form_id;
$form_state['method'] = 'post';
// The form token CSRF protection should not interfere with this test,
// so we bypass it by marking this test form as programmed.
$form_state['programmed'] = TRUE;
// so we bypass it by setting the token to FALSE.
$form['#token'] = FALSE;
drupal_prepare_form($form_id, $form, $form_state);
drupal_process_form($form_id, $form, $form_state);
$errors = form_get_errors($form_state);