// With JavaScript or other easy hacking, input can be submitted even for
// elements with #access=FALSE or #disabled=TRUE. For security, these must
// not be processed. Forms that set #disabled=TRUE on an element do not
// expect input for the element, and even forms submitted with
// self::submitForm() must not be able to get around this. Forms that set
// #access=FALSE on an element usually allow access for some users, so forms
// submitted with self::submitForm() may bypass access restriction and be
// treated as high-privilege users instead.
$process_input =
empty($element['#disabled'
]) &&
!
in_array($element['#type'
],
['item', 'value'
], TRUE
) && ( ($form_state->
isProgrammed() &&
$form_state->
isBypassingProgrammedAccessChecks()) || ($form_state->
isProcessingInput() && (!
isset($element['#access'
]) || (($element['#access'
] instanceof AccessResultInterface &&
$element['#access'
]->
isAllowed()) || ($element['#access'
] === TRUE
)))) );
// Set the element's #value property.
if (!
isset($element['#value'
]) && !
array_key_exists('#value',
$element)) { // @todo Once all elements are converted to plugins in
// https://www.drupal.org/node/2311393, rely on
// $element['#value_callback'] directly.
$value_callable = !
empty($element['#value_callback'
]) ?
$element['#value_callback'
] : 'form_type_' .
$element['#type'
] . '_value';
if (!
is_callable($value_callable)) { $value_callable = '\Drupal\Core\Render\Element\FormElement::valueCallback';
}