Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Issue #2699489 by catch, tim.plunkett: FormBuilder $ajax_form_request check does not check which AJAX form is being requested

8.3.x
Alex Pott 2016-10-11 23:28:19 +01:00
parent db7834de4c
commit 8c22ddf5cf
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/lib/Drupal/Core/Form/FormBuilder.php
View File

@ -316,7 +316,7 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
// In case the post request exceeds the configured allowed size
// (post_max_size), the post request is potentially broken. Add some
// protection against that and at the same time have a nice error message.
if ($ajax_form_request && !isset($form_state->getUserInput()['form_id'])) {
if ($ajax_form_request && !$request->request->has('form_id')) {
throw new BrokenPostRequestException($this->getFileUploadMaxSize());
}
@ -327,7 +327,9 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
// then passed through
// \Drupal\Core\Form\FormAjaxResponseBuilderInterface::buildResponse() to
// build a proper AJAX response.
if ($ajax_form_request && $form_state->isProcessingInput()) {
// Only do this when the form ID matches, since there is no guarantee from
// $ajax_form_request that it's an AJAX request for this particular form.
if ($ajax_form_request && $form_state->isProcessingInput() && $request->request->get('form_id') == $form_id) {
throw new FormAjaxException($form, $form_state);
}

23
core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
View File

@ -568,6 +568,29 @@ class FormBuilderTest extends FormTestBase {
$this->formBuilder->buildForm($form_arg, $form_state);
}
/**
* @covers ::buildForm
*/
public function testGetPostAjaxRequest() {
$request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE], ['form_id' => 'different_form_id']);
$request->setMethod('POST');
$this->requestStack->push($request);
$form_state = (new FormState())
->setUserInput([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE])
->setMethod('get')
->setAlwaysProcess()
->disableRedirect()
->set('ajax', TRUE);
$form_id = '\Drupal\Tests\Core\Form\TestForm';
$expected_form = (new TestForm())->buildForm([], $form_state);
$form = $this->formBuilder->buildForm($form_id, $form_state);
$this->assertFormElement($expected_form, $form, 'test');
$this->assertSame('test-form', $form['#id']);
}
/**
* @covers ::buildForm
*