// If this form has completed validation, do not validate again.
if ($form_state->
isValidationComplete()) { return;
} // If the session token was set by self::prepareForm(), ensure that it
// matches the current user's session. This is duplicate to code in
// FormBuilder::doBuildForm() but left to protect any custom form handling
// code.
if (isset($form['#token'
])) { if (!
$this->csrfToken->
validate($form_state->
getValue('form_token'
),
$form['#token'
]) ||
$form_state->
hasInvalidToken()) { $this->
setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$this->
finalizeValidation($form,
$form_state,
$form_id);
return;
} } // Recursively validate each form element.
$this->
doValidateForm($form,
$form_state,
$form_id);