Drupal
/
drupal
mirror of https://git.drupalcode.org/project/drupal.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merged 8.9.1.

merge-requests/64/head
xjm 2020-06-17 12:58:03 -05:00
parent 8130d8891d 4aff401207
commit de918837e0
12 changed files with 76 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

447
composer.lock generated
View File

@ -652,7 +652,7 @@
"dist": {
"type": "path",
"url": "core",
"reference": "00a84fa61ee921f106f7912c3ca0393a2c328e68"
"reference": "38c1ef280518a68c80c796780c4f94a259f50fc0"
},
"require": {
"asm89/stack-cors": "^1.1",
@ -875,10 +875,7 @@
"license": [
"GPL-2.0-or-later"
],
"description": "Drupal is an open source content management platform powering millions of websites and applications.",
"transport-options": {
"relative": true
}
"description": "Drupal is an open source content management platform powering millions of websites and applications."
},
{
"name": "drupal/core-project-message",
@ -886,7 +883,7 @@
"dist": {
"type": "path",
"url": "composer/Plugin/ProjectMessage",
"reference": "d55605e98b8eb1d14bf049124838fdf0c85a9524"
"reference": "ed6afc20bfed583e5325ca86f78d07a653d6045c"
},
"require": {
"composer-plugin-api": "^1.1 || ^2",
@ -908,10 +905,7 @@
"homepage": "https://www.drupal.org/project/drupal",
"keywords": [
"drupal"
],
"transport-options": {
"relative": true
}
]
},
{
"name": "drupal/core-vendor-hardening",
@ -919,7 +913,7 @@
"dist": {
"type": "path",
"url": "composer/Plugin/VendorHardening",
"reference": "29f9f91029bb46c2c3d14f17f151b66ce3e66b5f"
"reference": "6773d713a655ec8a5ac8c29cd5df653cfec6d3cc"
},
"require": {
"composer-plugin-api": "^1.1 || ^2",
@ -941,10 +935,7 @@
"homepage": "https://www.drupal.org/project/drupal",
"keywords": [
"drupal"
],
"transport-options": {
"relative": true
}
]
},
{
"name": "easyrdf/easyrdf",
@ -1546,12 +1537,6 @@
"laminas",
"zf"
],
"funding": [
{
"url": "https://funding.communitybridge.org/projects/laminas-project",
"type": "community_bridge"
}
],
"time": "2020-05-20T16:45:56+00:00"
},
{
@ -2224,20 +2209,6 @@
],
"description": "Symfony ClassLoader Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-03-15T09:38:08+00:00"
},
{
@ -2310,20 +2281,6 @@
],
"description": "Symfony Console Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T18:58:05+00:00"
},
{
@ -2380,20 +2337,6 @@
],
"description": "Symfony Debug Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-22T18:25:20+00:00"
},
{
@ -2465,20 +2408,6 @@
],
"description": "Symfony DependencyInjection Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T21:06:01+00:00"
},
{
@ -2542,20 +2471,6 @@
],
"description": "Symfony EventDispatcher Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-05T15:06:23+00:00"
},
{
@ -2610,20 +2525,6 @@
],
"description": "Symfony HttpFoundation Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-16T13:15:54+00:00"
},
{
@ -2714,20 +2615,6 @@
],
"description": "Symfony HttpKernel Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-31T05:14:17+00:00"
},
{
@ -2786,20 +2673,6 @@
"polyfill",
"portable"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:14:59+00:00"
},
{
@ -2859,20 +2732,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -2935,20 +2794,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -3008,20 +2853,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -3078,20 +2909,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -3151,20 +2968,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -3220,20 +3023,6 @@
"portable",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:47:27+00:00"
},
{
@ -3286,20 +3075,6 @@
"polyfill",
"shim"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-12T16:14:59+00:00"
},
{
@ -3349,20 +3124,6 @@
],
"description": "Symfony Process Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-23T17:05:51+00:00"
},
{
@ -3502,20 +3263,6 @@
"uri",
"url"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T19:50:06+00:00"
},
{
@ -3595,20 +3342,6 @@
],
"description": "Symfony Serializer Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T18:58:05+00:00"
},
{
@ -3679,20 +3412,6 @@
],
"description": "Symfony Translation Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T18:58:05+00:00"
},
{
@ -3779,20 +3498,6 @@
],
"description": "Symfony Validator Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T18:43:38+00:00"
},
{
@ -3852,20 +3557,6 @@
],
"description": "Symfony Yaml Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-11T07:51:54+00:00"
},
{
@ -4272,16 +3963,6 @@
"ssl",
"tls"
],
"funding": [
{
"url": "https://packagist.com",
"type": "custom"
},
{
"url": "https://tidelift.com/funding/github/packagist/composer/composer",
"type": "tidelift"
}
],
"time": "2020-04-08T08:27:21+00:00"
},
{
@ -4326,9 +4007,6 @@
"ext-zip": "Enabling the zip extension allows you to unzip archives",
"ext-zlib": "Allow gzip compression of HTTP requests"
},
"bin": [
"bin/composer"
],
"type": "library",
"extra": {
"branch-alias": {
@ -4363,16 +4041,6 @@
"dependency",
"package"
],
"funding": [
{
"url": "https://packagist.com",
"type": "custom"
},
{
"url": "https://tidelift.com/funding/github/packagist/composer/composer",
"type": "tidelift"
}
],
"time": "2020-05-06T08:28:10+00:00"
},
{
@ -4477,12 +4145,6 @@
"Xdebug",
"performance"
],
"funding": [
{
"url": "https://packagist.com",
"type": "custom"
}
],
"time": "2020-03-01T12:26:26+00:00"
},
{
@ -6278,16 +5940,6 @@
"parser",
"validator"
],
"funding": [
{
"url": "https://github.com/Seldaek",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/seld/jsonlint",
"type": "tidelift"
}
],
"time": "2020-04-30T19:05:18+00:00"
},
{
@ -6440,20 +6092,6 @@
],
"description": "Symfony BrowserKit Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-04-27T06:55:12+00:00"
},
{
@ -6507,20 +6145,6 @@
],
"description": "Symfony CssSelector Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-03-16T08:31:04+00:00"
},
{
@ -6578,20 +6202,6 @@
],
"description": "Symfony DomCrawler Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-22T19:35:43+00:00"
},
{
@ -6642,20 +6252,6 @@
],
"description": "Symfony Filesystem Component",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-30T17:48:24+00:00"
},
{
@ -6767,20 +6363,6 @@
"redlock",
"semaphore"
],
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-08T10:38:31+00:00"
},
{
@ -6846,20 +6428,6 @@
],
"description": "Symfony PHPUnit Bridge",
"homepage": "https://symfony.com",
"funding": [
{
"url": "https://symfony.com/sponsor",
"type": "custom"
},
{
"url": "https://github.com/fabpot",
"type": "github"
},
{
"url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
"type": "tidelift"
}
],
"time": "2020-05-21T18:33:26+00:00"
},
{
@ -6961,6 +6529,5 @@
"prefer-stable": true,
"prefer-lowest": false,
"platform": [],
"platform-dev": [],
"plugin-api-version": "1.1.0"
"platform-dev": []
}

8
core/includes/bootstrap.inc
View File

@ -681,11 +681,17 @@ function drupal_valid_test_ua($new_prefix = NULL) {
// Ensure that no information leaks on production sites.
$test_db = new TestDatabase($prefix);
$key_file = DRUPAL_ROOT . '/' . $test_db->getTestSitePath() . '/.htkey';
if (!is_readable($key_file)) {
if (!is_readable($key_file) || is_dir($key_file)) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
$private_key = file_get_contents($key_file);
// The string from drupal_generate_test_ua() is 74 bytes long. If we don't
// have it, tests cannot be allowed.
if (empty($private_key) || strlen($private_key) < 74) {
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
exit;
}
// The file properties add more entropy not easily accessible to others.
$key = $private_key . filectime(__FILE__) . fileinode(__FILE__);
$time_diff = REQUEST_TIME - $time;

11
core/lib/Drupal/Core/Form/FormBuilder.php
View File

@ -19,6 +19,7 @@ use Drupal\Core\Security\TrustedCallbackInterface;
use Drupal\Core\Theme\ThemeManagerInterface;
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
use Symfony\Component\HttpFoundation\FileBag;
use Symfony\Component\HttpFoundation\ParameterBag;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\HttpFoundation\Response;
@ -957,8 +958,16 @@ class FormBuilder implements FormBuilderInterface, FormValidatorInterface, FormS
// This value is checked in self::handleInputElement().
$form_state->setInvalidToken(TRUE);
// Ignore all submitted values.
$form_state->setUserInput([]);
$request = $this->requestStack->getCurrentRequest();
// Do not trust any POST data.
$request->request = new ParameterBag();
// Make sure file uploads do not get processed.
$this->requestStack->getCurrentRequest()->files = new FileBag();
$request->files = new FileBag();
// Ensure PHP globals reflect these changes.
$request->overrideGlobals();
}
}
}

4
core/lib/Drupal/Core/Form/FormValidator.php
View File

@ -124,10 +124,8 @@ class FormValidator implements FormValidatorInterface {
* {@inheritdoc}
*/
public function setInvalidTokenError(FormStateInterface $form_state) {
$url = $this->requestStack->getCurrentRequest()->getRequestUri();
// Setting this error will cause the form to fail validation.
$form_state->setErrorByName('form_token', $this->t('The form has become outdated. Copy any unsaved work in the form below and then <a href=":link">reload this page</a>.', [':link' => $url]));
$form_state->setErrorByName('form_token', $this->t('The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.'));
}
/**

2
core/modules/file/tests/src/Functional/FileManagedFileElementTest.php
View File

@ -50,7 +50,7 @@ class FileManagedFileElementTest extends FileFieldTestBase {
$file_field_name => \Drupal::service('file_system')->realpath($test_file->getFileUri()),
];
$this->drupalPostForm(NULL, $edit, t('Save'));
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertText('The form has become outdated.');
$last_fid = $this->getLastFileId();
$this->assertEqual($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');

2
core/modules/jsonapi/src/Controller/EntityResource.php
View File

@ -322,7 +322,7 @@ class EntityResource {
));
}
$data += ['attributes' => [], 'relationships' => []];
$field_names = array_merge(array_keys($data['attributes']), array_keys($data['relationships']));
$field_names = array_map([$resource_type, 'getInternalName'], array_merge(array_keys($data['attributes']), array_keys($data['relationships'])));
// User resource objects contain a read-only attribute that is not a real
// field on the user entity type.

6
core/modules/jsonapi/src/Controller/FileUpload.php
View File

@ -112,6 +112,7 @@ class FileUpload {
* created file entity.
*/
public function handleFileUploadForExistingResource(Request $request, ResourceType $resource_type, $file_field_name, FieldableEntityInterface $entity) {
$file_field_name = $resource_type->getInternalName($file_field_name);
$field_definition = $this->validateAndLoadFieldDefinition($resource_type->getEntityTypeId(), $resource_type->getBundle(), $file_field_name);
static::ensureFileUploadAccess($this->currentUser, $field_definition, $entity);
@ -138,7 +139,7 @@ class FileUpload {
$entity->save();
$route_parameters = ['entity' => $entity->uuid()];
$route_name = sprintf('jsonapi.%s.%s.related', $resource_type->getTypeName(), $file_field_name);
$route_name = sprintf('jsonapi.%s.%s.related', $resource_type->getTypeName(), $resource_type->getPublicName($file_field_name));
$related_url = Url::fromRoute($route_name, $route_parameters)->toString(TRUE);
$request = Request::create($related_url->getGeneratedUrl(), 'GET', [], $request->cookies->all(), [], $request->server->all());
return $this->httpKernel->handle($request, HttpKernelInterface::SUB_REQUEST);
@ -161,6 +162,7 @@ class FileUpload {
* Thrown when there are validation errors.
*/
public function handleFileUploadForNewResource(Request $request, ResourceType $resource_type, $file_field_name) {
$file_field_name = $resource_type->getInternalName($file_field_name);
$field_definition = $this->validateAndLoadFieldDefinition($resource_type->getEntityTypeId(), $resource_type->getBundle(), $file_field_name);
static::ensureFileUploadAccess($this->currentUser, $field_definition);
@ -182,7 +184,7 @@ class FileUpload {
/* $self_link = new Link(new CacheableMetadata(), $this->entity->toUrl('jsonapi'), ['self']); */
$links = new LinkCollection(['self' => $self_link]);
$relatable_resource_types = $resource_type->getRelatableResourceTypesByField($file_field_name);
$relatable_resource_types = $resource_type->getRelatableResourceTypesByField($resource_type->getPublicName($file_field_name));
$file_resource_type = reset($relatable_resource_types);
$resource_object = ResourceObject::createFromEntity($file_resource_type, $file);
return new ResourceResponse(new JsonApiDocumentTopLevel(new ResourceObjectData([$resource_object], 1), new NullIncludedData(), $links), 201, []);

38
core/modules/system/tests/src/Functional/Form/FormTest.php
View File

@ -251,21 +251,27 @@ class FormTest extends BrowserTestBase {
$this->assertSession()
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$random_string = $this->randomString();
$edit = [
'textfield' => $this->randomString(),
'textfield' => $random_string,
'checkboxes[bar]' => TRUE,
'select' => 'bar',
'radios' => 'foo',
];
$this->drupalPostForm(NULL, $edit, 'Submit');
$this->assertFieldByXpath('//div[contains(@class, "error")]', NULL, 'Error message is displayed with invalid token even when required fields are filled.');
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
// Verify that input elements retained the posted values.
$this->assertFieldByName('textfield', $edit['textfield']);
$assert = $this->assertSession();
$element = $assert->fieldExists('textfield');
$this->assertEmpty($element->getValue());
$assert->responseNotContains($random_string);
$this->assertText('The form has become outdated.');
// Ensure that we don't use the posted values.
$this->assertFieldByName('textfield', '');
$this->assertNoFieldChecked('edit-checkboxes-foo');
$this->assertFieldChecked('edit-checkboxes-bar');
$this->assertOptionSelected('edit-select', 'bar');
$this->assertFieldChecked('edit-radios-foo');
$this->assertNoFieldChecked('edit-checkboxes-bar');
$this->assertOptionSelected('edit-select', '');
$this->assertNoFieldChecked('edit-radios-foo');
// Check another form that has a textarea input.
$this->drupalGet(Url::fromRoute('form_test.required'));
@ -278,9 +284,9 @@ class FormTest extends BrowserTestBase {
];
$this->drupalPostForm(NULL, $edit, 'Submit');
$this->assertFieldByXpath('//div[contains(@class, "error")]', NULL, 'Error message is displayed with invalid token even when required fields are filled.');
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertFieldByName('textfield', $edit['textfield']);
$this->assertFieldByName('textarea', $edit['textarea']);
$this->assertText('The form has become outdated.');
$this->assertFieldByName('textfield', '');
$this->assertFieldByName('textarea', '');
// Check another form that has a number input.
$this->drupalGet(Url::fromRoute('form_test.number'));
@ -288,12 +294,14 @@ class FormTest extends BrowserTestBase {
->elementExists('css', 'input[name="form_token"]')
->setValue('invalid token');
$edit = [
'integer_step' => mt_rand(1, 100),
// We choose a random value which is higher than the default value,
// so we don't accidentally generate the default value.
'integer_step' => mt_rand(6, 100),
];
$this->drupalPostForm(NULL, $edit, 'Submit');
$this->assertFieldByXpath('//div[contains(@class, "error")]', NULL, 'Error message is displayed with invalid token even when required fields are filled.');
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertFieldByName('integer_step', $edit['integer_step']);
$this->assertText('The form has become outdated.');
$this->assertFieldByName('integer_step', 5);
// Check a form with a Url field
$this->drupalGet(Url::fromRoute('form_test.url'));
@ -305,8 +313,8 @@ class FormTest extends BrowserTestBase {
];
$this->drupalPostForm(NULL, $edit, 'Submit');
$this->assertFieldByXpath('//div[contains(@class, "error")]', NULL, 'Error message is displayed with invalid token even when required fields are filled.');
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertFieldByName('url', $edit['url']);
$this->assertText('The form has become outdated.');
$this->assertFieldByName('url', '');
}
/**

2
core/modules/system/tests/src/Functional/Form/ValidationTest.php
View File

@ -74,7 +74,7 @@ class ValidationTest extends BrowserTestBase {
$this->drupalPostForm(NULL, ['name' => 'validate'], 'Save');
$this->assertNoFieldByName('name', '#value changed by #validate', 'Form element #value was not altered.');
$this->assertNoText('Name value: value changed by setValueForElement() in #validate', 'Form element value in $form_state was not altered.');
$this->assertText('The form has become outdated. Copy any unsaved work in the form below');
$this->assertText('The form has become outdated.');
}
/**

20
core/tests/Drupal/Tests/Core/Form/FormBuilderTest.php
View File

@ -832,12 +832,30 @@ class FormBuilderTest extends FormTestBase {
$expected_form = $form_id();
$form_arg = $this->getMockForm($form_id, $expected_form);
// Set up some request data so we can be sure it is removed when a token is
// invalid.
$this->request->request->set('foo', 'bar');
$_POST['foo'] = 'bar';
$form_state = new FormState();
$input['form_id'] = $form_id;
$input['form_token'] = $form_token;
$input['test'] = 'example-value';
$form_state->setUserInput($input);
$this->simulateFormSubmission($form_id, $form_arg, $form_state, FALSE);
$form = $this->simulateFormSubmission($form_id, $form_arg, $form_state, FALSE);
$this->assertSame($expected, $form_state->hasInvalidToken());
if ($expected) {
$this->assertEmpty($form['test']['#value']);
$this->assertEmpty($form_state->getValue('test'));
$this->assertEmpty($_POST);
$this->assertEmpty(iterator_to_array($this->request->request->getIterator()));
}
else {
$this->assertEquals('example-value', $form['test']['#value']);
$this->assertEquals('example-value', $form_state->getValue('test'));
$this->assertEquals('bar', $_POST['foo']);
$this->assertEquals('bar', $this->request->request->get('foo'));
}
}
public function providerTestInvalidToken() {

2
core/tests/Drupal/Tests/Core/Form/FormTestBase.php
View File

@ -173,7 +173,7 @@ abstract class FormTestBase extends UnitTestCase {
->getMock();
$this->account = $this->createMock('Drupal\Core\Session\AccountInterface');
$this->themeManager = $this->createMock('Drupal\Core\Theme\ThemeManagerInterface');
$this->request = new Request();
$this->request = Request::createFromGlobals();
$this->eventDispatcher = $this->createMock('Symfony\Component\EventDispatcher\EventDispatcherInterface');
$this->requestStack = new RequestStack();
$this->requestStack->push($this->request);

2
core/tests/Drupal/Tests/Core/Form/FormValidatorTest.php
View File

@ -131,7 +131,7 @@ class FormValidatorTest extends UnitTestCase {
->getMock();
$form_state->expects($this->once())
->method('setErrorByName')
->with('form_token', 'The form has become outdated. Copy any unsaved work in the form below and then <a href="/test/example?foo=bar">reload this page</a>.');
->with('form_token', 'The form has become outdated. Press the back button, copy any unsaved work in the form, and then reload the page.');
$form_state->setValue('form_token', 'some_random_token');
$form_validator->validateForm('test_form_id', $form, $form_state);
$this->assertTrue($form_state->isValidationComplete());