CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
hiddenFieldExists example
public function testForm() {
// Ensure the proper response code for a _form route. $this->drupalGet('form-test/object-builder');
$this->assertSession()->statusCodeEquals(200);
// Ensure the form and text field exist. $this->assertSession()->elementExists('css', 'form#form-test-form-test-object');
$this->assertSession()->fieldExists('bananas');
// Check that the hidden field exists and has a specific value. $this->assertSession()->hiddenFieldExists('strawberry');
$this->assertSession()->hiddenFieldExists('red');
$this->assertSession()->hiddenFieldExists('redstrawberryhiddenfield');
$this->assertSession()->hiddenFieldValueNotEquals('strawberry', 'brown');
$this->assertSession()->hiddenFieldValueEquals('strawberry', 'red');
// Check that a hidden field does not exist. $this->assertSession()->hiddenFieldNotExists('bananas');
$this->assertSession()->hiddenFieldNotExists('pineapple');
$edit = ['bananas' => 'green'];
$this->submitForm($edit, 'Save', 'form-test-form-test-object');
$entity_2 = $storage->create();
$entity_2->save();
$page = $this->getSession()->getPage();
$assert_session = $this->assertSession();
// Display the 'combined form'. $this->drupalGet("test-entity-constraints/nested/{$entity_1->id()}/{$entity_2->id()}");
$assert_session->hiddenFieldValueEquals('entity_2[changed]', REQUEST_TIME);
// Submit the form and check that the entities are updated accordingly. $assert_session->hiddenFieldExists('entity_2[changed]')
->setValue(REQUEST_TIME - 86400);
$page->pressButton('Save');
$elements = $this->cssSelect('.entity-2.error');
$this->assertCount(1, $elements, 'The whole nested entity form has been correctly flagged with an error class.');
}
}
$entity_2->save();
$page = $this->getSession()->getPage();
$assert_session = $this->assertSession();
// Display the 'combined form'. $this->drupalGet("test-entity-constraints/nested/{$entity_1->id()}/{$entity_2->id()}");
$assert_session->hiddenFieldValueEquals('entity_2[changed]', REQUEST_TIME);
// Submit the form and check that the entities are updated accordingly. $assert_session->hiddenFieldExists('entity_2[changed]')
->setValue(REQUEST_TIME - 86400);
$page->pressButton('Save');
$elements = $this->cssSelect('.entity-2.error');
$this->assertCount(1, $elements, 'The whole nested entity form has been correctly flagged with an error class.');
}
}
'isXssSafe' => FALSE,
],
],
];
$this->assertTrue($editor_settings_present, "Text Editor module's JavaScript settings are on the page.");
$this->assertSame($expected, $settings['editor'], "Text Editor module's JavaScript settings on the page are correct.");
$this->assertTrue($editor_js_present, 'Text Editor JavaScript is present.');
$this->assertSession()->elementsCount('xpath', $body, 1);
$this->assertSession()->elementNotExists('css', 'select.js-filter-list');
// Verify that a single text format hidden input exists on the page and has // a "data-editor-for" attribute with the correct value. $hidden_input = $this->assertSession()->hiddenFieldExists('body[0][format]');
$this->assertSame('plain_text', $hidden_input->getValue());
$this->assertSame('edit-body-0-value', $hidden_input->getAttribute('data-editor-for'));
// Create an "article" node that uses the full_html text format, then try // to let the untrusted user edit it. $this->drupalCreateNode([
'type' => 'article',
'body' => [
['value' => $this->randomMachineName(32), 'format' => 'full_html'],
],
]);
],
],
];
$this->assertTrue($editor_settings_present, "Text Editor module's JavaScript settings are on the page.");
$this->assertSame($expected, $settings['editor'], "Text Editor module's JavaScript settings on the page are correct.");
$this->assertTrue($editor_js_present, 'Text Editor JavaScript is present.');
$this->assertSession()->elementsCount('xpath', $body, 1);
$this->assertSession()->elementNotExists('css', 'select.js-filter-list');
// Verify that a single text format hidden input exists on the page and has // a "data-editor-for" attribute with the correct value. $hidden_input = $this->assertSession()->hiddenFieldExists('body[0][format]');
$this->assertSame('plain_text', $hidden_input->getValue());
$this->assertSame('edit-body-0-value', $hidden_input->getAttribute('data-editor-for'));
// Create an "article" node that uses the full_html text format, then try // to let the untrusted user edit it. $this->drupalCreateNode([
'type' => 'article',
'body' => [
['value' => $this->randomMachineName(32), 'format' => 'full_html'],
],
]);
$this->drupalGet("admin/appearance/settings/$theme");
// Add a new managed file. $file = current($this->getTestFiles('image'));
$image_file_path = \Drupal::service('file_system')->realpath($file->uri);
$page->attachFileToField('files[custom_logo]', $image_file_path);
$assert_session->waitForButton('custom_logo_remove_button');
// Assert the new file is uploaded as temporary. This file should not be // saved as permanent if settings are not submitted. $image_field = $this->assertSession()->hiddenFieldExists('custom_logo[fids]');
$file = File::load($image_field->getValue());
$this->assertFalse($file->isPermanent());
$page->pressButton('Save configuration');
\Drupal::entityTypeManager()->getStorage('file')->resetCache();
// Assert the uploaded file is saved as permanent. $image_field = $this->assertSession()->hiddenFieldExists('custom_logo[fids]');
$file = File::load($image_field->getValue());
$this->assertTrue($file->isPermanent());
}
// Add a new managed file. $file = current($this->getTestFiles('image'));
$image_file_path = \Drupal::service('file_system')->realpath($file->uri);
$page->attachFileToField('files[custom_logo]', $image_file_path);
$assert_session->waitForButton('custom_logo_remove_button');
// Assert the new file is uploaded as temporary. This file should not be // saved as permanent if settings are not submitted. $image_field = $this->assertSession()->hiddenFieldExists('custom_logo[fids]');
$file = File::load($image_field->getValue());
$this->assertFalse($file->isPermanent());
$page->pressButton('Save configuration');
\Drupal::entityTypeManager()->getStorage('file')->resetCache();
// Assert the uploaded file is saved as permanent. $image_field = $this->assertSession()->hiddenFieldExists('custom_logo[fids]');
$file = File::load($image_field->getValue());
$this->assertTrue($file->isPermanent());
}
$config = $this->config('system.performance');
$config->set('cache.page.max_age', 300);
$config->save();
}
/** * Return the build id of the current form. */
protected function getFormBuildId() {
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
return (string) $this->assertSession()->hiddenFieldExists('form_build_id')->getAttribute('value');
}
/** * Build-id is regenerated when validating cached form. */
public function testValidateFormStorageOnCachedPage() {
$this->drupalGet('form-test/form-storage-page-cache');
$this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
$this->assertSession()->pageTextContains('No old build id');
$build_id_initial = $this->getFormBuildId();
$config->set('cache.page.max_age', 300);
$config->save();
}
/** * Return the build id of the current form. */
protected function getFormBuildId() {
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
return (string) $this->assertSession()->hiddenFieldExists('form_build_id')->getAttribute('value');
}
/** * Build-id is regenerated when validating cached form. */
public function testValidateFormStorageOnCachedPage() {
$this->drupalGet('form-test/form-storage-page-cache');
$this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
$this->assertSession()->pageTextContains('No old build id');
$build_id_initial = $this->getFormBuildId();
/**
* Tests form build ID regeneration when loading a cached immutable form.
*/
public function testImmutableForm() {
// Request the form with 'cache' query parameter to enable form caching. $this->drupalGet('form_test/form-storage', ['query' => ['cache' => 1, 'immutable' => 1]]);
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
$buildId = $this->assertSession()->hiddenFieldExists('form_build_id')->getValue();
// Trigger validation error by submitting an empty title. $edit = ['title' => ''];
$this->submitForm($edit, 'Continue submit');
// Verify that the build-id did change. $this->assertSession()->hiddenFieldValueNotEquals('form_build_id', $buildId);
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
public function testImmutableForm() {
// Request the form with 'cache' query parameter to enable form caching. $this->drupalGet('form_test/form-storage', ['query' => ['cache' => 1, 'immutable' => 1]]);
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
$buildId = $this->assertSession()->hiddenFieldExists('form_build_id')->getValue();
// Trigger validation error by submitting an empty title. $edit = ['title' => ''];
$this->submitForm($edit, 'Continue submit');
// Verify that the build-id did change. $this->assertSession()->hiddenFieldValueNotEquals('form_build_id', $buildId);
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
$config = $this->config('system.performance');
$config->set('cache.page.max_age', 300);
$config->save();
}
/** * Return the build id of the current form. */
protected function getFormBuildId() {
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
return $this->assertSession()->hiddenFieldExists('form_build_id')->getValue();
}
/** * Create a simple form, then submit the form via AJAX to change to it. */
public function testSimpleAJAXFormValue() {
$this->drupalGet('ajax_forms_test_get_form');
$build_id_initial = $this->getFormBuildId();
// Changing the value of a select input element, triggers an AJAX // request/response. The callback on the form responds with three AJAX
$config->set('cache.page.max_age', 300);
$config->save();
}
/** * Return the build id of the current form. */
protected function getFormBuildId() {
// Ensure the hidden 'form_build_id' field is unique. $this->assertSession()->elementsCount('xpath', '//input[@name="form_build_id"]', 1);
return $this->assertSession()->hiddenFieldExists('form_build_id')->getValue();
}
/** * Create a simple form, then submit the form via AJAX to change to it. */
public function testSimpleAJAXFormValue() {
$this->drupalGet('ajax_forms_test_get_form');
$build_id_initial = $this->getFormBuildId();
// Changing the value of a select input element, triggers an AJAX // request/response. The callback on the form responds with three AJAX
$file_field_name = $multiple ? 'files[' . $input_base_name . '][]' : 'files[' . $input_base_name . ']';
// Submit without a file. $this->drupalGet($path);
$this->submitForm([], 'Save');
$this->assertSession()->pageTextContains("The file ids are .");
// Submit with a file, but with an invalid form token. Ensure the file // was not saved. $last_fid_prior = $this->getLastFileId();
$this->drupalGet($path);
$form_token_field = $this->assertSession()->hiddenFieldExists('form_token');
$form_token_field->setValue('invalid token');
$edit = [
$file_field_name => \Drupal::service('file_system')->realpath($test_file->getFileUri()),
];
$this->submitForm($edit, 'Save');
$this->assertSession()->pageTextContains('The form has become outdated.');
$last_fid = $this->getLastFileId();
$this->assertEquals($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');
// Submit a new file, without using the Upload button. $last_fid_prior = $this->getLastFileId();
// Submit without a file. $this->drupalGet($path);
$this->submitForm([], 'Save');
$this->assertSession()->pageTextContains("The file ids are .");
// Submit with a file, but with an invalid form token. Ensure the file // was not saved. $last_fid_prior = $this->getLastFileId();
$this->drupalGet($path);
$form_token_field = $this->assertSession()->hiddenFieldExists('form_token');
$form_token_field->setValue('invalid token');
$edit = [
$file_field_name => \Drupal::service('file_system')->realpath($test_file->getFileUri()),
];
$this->submitForm($edit, 'Save');
$this->assertSession()->pageTextContains('The form has become outdated.');
$last_fid = $this->getLastFileId();
$this->assertEquals($last_fid_prior, $last_fid, 'File was not saved when uploaded with an invalid form token.');
// Submit a new file, without using the Upload button. $last_fid_prior = $this->getLastFileId();
public function hiddenFieldValueEquals($field, $value, TraversableElement $container = NULL) {
$node = $this->hiddenFieldExists($field, $container);
$actual = $node->getValue();
$regex = '/^' . preg_quote($value, '/') . '$/ui';
$message = "The hidden field '$field' value is '$actual', but '$value' expected.";
$this->assert((bool) preg_match($regex, $actual), $message);
}
/** * Checks that specific hidden field doesn't have the provided value. * * @param string $field * One of id|name|value for the hidden field. * @param string $value * The hidden field value that needs to be checked. * @param \Behat\Mink\Element\TraversableElement $container * (optional) The document to check against. Defaults to the current page. * * @throws \Behat\Mink\Exception\ElementNotFoundException * @throws \Behat\Mink\Exception\ExpectationException */
'terms[tid:' . $term2->id() . ':0][term][depth]' => 0,
'terms[tid:' . $term3->id() . ':0][term][tid]' => $term3->id(),
'terms[tid:' . $term3->id() . ':0][term][parent]' => $term2->id(),
'terms[tid:' . $term3->id() . ':0][term][depth]' => 1,
'terms[tid:' . $term1->id() . ':0][term][tid]' => $term1->id(),
'terms[tid:' . $term1->id() . ':0][term][parent]' => 0,
'terms[tid:' . $term1->id() . ':0][term][depth]' => 0,
];
// Because we can't post hidden form elements, we have to change them in // code here, and then submit. foreach ($hidden_edit as $field => $value) {
$node = $assert->hiddenFieldExists($field);
$node->setValue($value);
}
// Edit non-hidden elements within submitForm(). $edit = [
'terms[tid:' . $term2->id() . ':0][weight]' => 0,
'terms[tid:' . $term3->id() . ':0][weight]' => 1,
'terms[tid:' . $term1->id() . ':0][weight]' => 2,
];
$this->submitForm($edit, 'Save');
$taxonomy_storage->resetCache();
'terms[tid:' . $term3->id() . ':0][term][tid]' => $term3->id(),
'terms[tid:' . $term3->id() . ':0][term][parent]' => $term2->id(),
'terms[tid:' . $term3->id() . ':0][term][depth]' => 1,
'terms[tid:' . $term1->id() . ':0][term][tid]' => $term1->id(),
'terms[tid:' . $term1->id() . ':0][term][parent]' => 0,
'terms[tid:' . $term1->id() . ':0][term][depth]' => 0,
];
// Because we can't post hidden form elements, we have to change them in // code here, and then submit. foreach ($hidden_edit as $field => $value) {
$node = $assert->hiddenFieldExists($field);
$node->setValue($value);
}
// Edit non-hidden elements within submitForm(). $edit = [
'terms[tid:' . $term2->id() . ':0][weight]' => 0,
'terms[tid:' . $term3->id() . ':0][weight]' => 1,
'terms[tid:' . $term1->id() . ':0][weight]' => 2,
];
$this->submitForm($edit, 'Save');
$taxonomy_storage->resetCache();
// Indent the second term under the first one.
$this->drupalGet('admin/structure/taxonomy/manage/' . $this->vocabulary->get('vid') . '/overview');
$hidden_edit = [
'terms[tid:' . $term2->id() . ':0][term][tid]' => 2,
'terms[tid:' . $term2->id() . ':0][term][parent]' => 1,
'terms[tid:' . $term2->id() . ':0][term][depth]' => 1,
];
// Because we can't post hidden form elements, we have to change them in // code here, and then submit. foreach ($hidden_edit as $field => $value) {
$node = $assert->hiddenFieldExists($field);
$node->setValue($value);
}
$edit = [
'terms[tid:' . $term2->id() . ':0][weight]' => 1,
];
// Submit the edited form and check for HTML indentation element presence. $this->submitForm($edit, 'Save');
$this->assertSession()->responseMatches('|<div class="js-indentation indentation"> </div>|');
// Check explicitly that term 2's parent is term 1. $parents = $taxonomy_storage->loadParents($term2->id());
$hidden_edit = [
'terms[tid:' . $term2->id() . ':0][term][tid]' => 2,
'terms[tid:' . $term2->id() . ':0][term][parent]' => 1,
'terms[tid:' . $term2->id() . ':0][term][depth]' => 1,
];
// Because we can't post hidden form elements, we have to change them in // code here, and then submit. foreach ($hidden_edit as $field => $value) {
$node = $assert->hiddenFieldExists($field);
$node->setValue($value);
}
$edit = [
'terms[tid:' . $term2->id() . ':0][weight]' => 1,
];
// Submit the edited form and check for HTML indentation element presence. $this->submitForm($edit, 'Save');
$this->assertSession()->responseMatches('|<div class="js-indentation indentation"> </div>|');
// Check explicitly that term 2's parent is term 1. $parents = $taxonomy_storage->loadParents($term2->id());
$this->assertEquals($attacker_user->id(), $node_file->getOwnerId(), 'New file belongs to the attacker.');
// Ensure the file can be downloaded. $this->drupalGet($node_file->createFileUrl());
$this->assertSession()->statusCodeEquals(200);
// "Click" the remove button (emulating either a nojs or js submission). // In this POST request, the attacker "guesses" the fid of the victim's // temporary file and uses that to remove this file. $this->drupalGet($node->toUrl('edit-form'));
$file_id_field = $this->assertSession()->hiddenFieldExists($field_name . '[0][fids]');
$file_id_field->setValue((string) $victim_tmp_file->id());
$this->submitForm([], 'Remove');
// The victim's temporary file should not be removed by the attacker's // POST request. $this->assertFileExists($victim_tmp_file->getFileUri());
}
}
// Ensure the file can be downloaded. $this->drupalGet($node_file->createFileUrl());
$this->assertSession()->statusCodeEquals(200);
// "Click" the remove button (emulating either a nojs or js submission). // In this POST request, the attacker "guesses" the fid of the victim's // temporary file and uses that to remove this file. $this->drupalGet($node->toUrl('edit-form'));
$file_id_field = $this->assertSession()->hiddenFieldExists($field_name . '[0][fids]');
$file_id_field->setValue((string) $victim_tmp_file->id());
$this->submitForm([], 'Remove');
// The victim's temporary file should not be removed by the attacker's // POST request. $this->assertFileExists($victim_tmp_file->getFileUri());
}
}