function drupal_validate_form in Drupal 6
Same name and namespace in other branches
- 4 includes/form.inc \drupal_validate_form()
- 5 includes/form.inc \drupal_validate_form()
- 7 includes/form.inc \drupal_validate_form()
Validates user-submitted form data from the $form_state using the validate functions defined in a structured form array.
Parameters
$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.
$form: An associative array containing the structure of the form.
$form_state: A keyed array containing the current state of the form. The current user-submitted data is stored in $form_state['values'], though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also $form_state to pass information on to submit handlers. For example: $form_state['data_for_submision'] = $data; This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.
Related topics
3 calls to drupal_validate_form()
- comment_form_add_preview in modules/
comment/ comment.module - Form builder; Generate and validate a comment preview form.
- drupal_process_form in includes/
form.inc - This function is the heart of form API. The form gets built, validated and in appropriate cases, submitted.
- openid_authentication in modules/
openid/ openid.module - Authenticate a user or attempt registration.
File
- includes/
form.inc, line 619
Code
function drupal_validate_form($form_id, $form, &$form_state) {
static $validated_forms = array();
if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
return;
}
// If the session token was set by drupal_prepare_form(), ensure that it
// matches the current user's session.
if (isset($form['#token'])) {
if (!drupal_valid_token($form_state['values']['form_token'], $form['#token']) || !empty($form_state['invalid_token'])) {
// Setting this error will cause the form to fail validation.
form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$validated_forms[$form_id] = TRUE;
return;
}
}
_form_validate($form, $form_state, $form_id);
$validated_forms[$form_id] = TRUE;
}