CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
setInvalidTokenError example
// https://www.drupal.org/node/2504709.
$parsed = UrlHelper::parse($request_uri);
unset($parsed['query'][static::AJAX_FORM_REQUEST], $parsed['query'][MainContentViewSubscriber::WRAPPER_FORMAT]);
$action = $parsed['path'] . ($parsed['query'] ? ('?' . UrlHelper::buildQuery($parsed['query'])) : '');
return UrlHelper::filterBadProtocol($action);
}
/** * {@inheritdoc} */
public function setInvalidTokenError(FormStateInterface $form_state) {
$this->formValidator->setInvalidTokenError($form_state);
}
/** * {@inheritdoc} */
public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
$this->formValidator->validateForm($form_id, $form, $form_state);
}
/** * {@inheritdoc} */
unset($parsed['query'][static::AJAX_FORM_REQUEST], $parsed['query'][MainContentViewSubscriber::WRAPPER_FORMAT]);
$action = $parsed['path'] . ($parsed['query'] ? ('?' . UrlHelper::buildQuery($parsed['query'])) : '');
return UrlHelper::filterBadProtocol($action);
}
/** * {@inheritdoc} */
public function setInvalidTokenError(FormStateInterface $form_state) {
$this->formValidator->setInvalidTokenError($form_state);
}
/** * {@inheritdoc} */
public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
$this->formValidator->validateForm($form_id, $form, $form_state);
}
/** * {@inheritdoc} */
// If this form has completed validation, do not validate again.
if ($form_state->isValidationComplete()) {
return;
}
// If the session token was set by self::prepareForm(), ensure that it // matches the current user's session. This is duplicate to code in // FormBuilder::doBuildForm() but left to protect any custom form handling // code. if (isset($form['#token'])) {
if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
$this->setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they // could invoke non-safe operations which opens the door for CSRF // vulnerabilities. $this->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element. $this->doValidateForm($form, $form_state, $form_id);
return;
}
// If the session token was set by self::prepareForm(), ensure that it // matches the current user's session. This is duplicate to code in // FormBuilder::doBuildForm() but left to protect any custom form handling // code. if (isset($form['#token'])) {
if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
$this->setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they // could invoke non-safe operations which opens the door for CSRF // vulnerabilities. $this->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element. $this->doValidateForm($form, $form_state, $form_id);