// Store a reference to the complete form in $form_state prior to building
// the form. This allows advanced #process and #after_build callbacks to
// perform changes elsewhere in the form.
$form_state->
setCompleteForm($element);
// Set a flag if we have a correct form submission. This is always TRUE
// for programmed forms coming from self::submitForm(), or if the form_id
// coming from the POST data is set and matches the current form_id.
$input =
$form_state->
getUserInput();
if ($form_state->
isProgrammed() || (!
empty($input) && (isset($input['form_id'
]) && ($input['form_id'
] ==
$form_id)))) { $form_state->
setProcessInput();
if (isset($element['#token'
])) { $input =
$form_state->
getUserInput();
if (empty($input['form_token'
]) || !
$this->csrfToken->
validate($input['form_token'
],
$element['#token'
])) { // Set an early form error to block certain input processing since
// that opens the door for CSRF vulnerabilities.
$this->
setInvalidTokenError($form_state);
// This value is checked in self::handleInputElement().
$form_state->
setInvalidToken(TRUE
);
// Ignore all submitted values.