setInvalidTokenError example

    // https://www.drupal.org/node/2504709.     $parsed = UrlHelper::parse($request_uri);
    unset($parsed['query'][static::AJAX_FORM_REQUEST]$parsed['query'][MainContentViewSubscriber::WRAPPER_FORMAT]);
    $action = $parsed['path'] . ($parsed['query'] ? ('?' . UrlHelper::buildQuery($parsed['query'])) : '');
    return UrlHelper::filterBadProtocol($action);
  }

  /** * {@inheritdoc} */
  public function setInvalidTokenError(FormStateInterface $form_state) {
    $this->formValidator->setInvalidTokenError($form_state);
  }

  /** * {@inheritdoc} */
  public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
    $this->formValidator->validateForm($form_id$form$form_state);
  }

  /** * {@inheritdoc} */
// If this form has completed validation, do not validate again.     if ($form_state->isValidationComplete()) {
      return;
    }

    // If the session token was set by self::prepareForm(), ensure that it     // matches the current user's session. This is duplicate to code in     // FormBuilder::doBuildForm() but left to protect any custom form handling     // code.     if (isset($form['#token'])) {
      if (!$this->csrfToken->validate($form_state->getValue('form_token')$form['#token']) || $form_state->hasInvalidToken()) {
        $this->setInvalidTokenError($form_state);

        // Stop here and don't run any further validation handlers, because they         // could invoke non-safe operations which opens the door for CSRF         // vulnerabilities.         $this->finalizeValidation($form$form_state$form_id);
        return;
      }
    }

    // Recursively validate each form element.     $this->doValidateForm($form$form_state$form_id);
    
Home | Imprint | This part of the site doesn't use cookies.