function FormValidator::validateForm
Same name in other branches
- 9 core/lib/Drupal/Core/Form/FormValidator.php \Drupal\Core\Form\FormValidator::validateForm()
- 10 core/lib/Drupal/Core/Form/FormValidator.php \Drupal\Core\Form\FormValidator::validateForm()
- 11.x core/lib/Drupal/Core/Form/FormValidator.php \Drupal\Core\Form\FormValidator::validateForm()
Overrides FormValidatorInterface::validateForm
File
-
core/
lib/ Drupal/ Core/ Form/ FormValidator.php, line 89
Class
- FormValidator
- Provides validation of form submissions.
Namespace
Drupal\Core\FormCode
public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
// If this form is flagged to always validate, ensure that previous runs of
// validation are ignored.
if ($form_state->isValidationEnforced()) {
$form_state->setValidationComplete(FALSE);
}
// If this form has completed validation, do not validate again.
if ($form_state->isValidationComplete()) {
return;
}
// If the session token was set by self::prepareForm(), ensure that it
// matches the current user's session. This is duplicate to code in
// FormBuilder::doBuildForm() but left to protect any custom form handling
// code.
if (isset($form['#token'])) {
if (!$this->csrfToken
->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
$this->setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$this->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element.
$this->doValidateForm($form, $form_state, $form_id);
$this->finalizeValidation($form, $form_state, $form_id);
$this->handleErrorsWithLimitedValidation($form, $form_state, $form_id);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.