You are here

protected function FormBuilder::valueCallableIsSafe in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/lib/Drupal/Core/Form/FormBuilder.php \Drupal\Core\Form\FormBuilder::valueCallableIsSafe()

Helper function to normalize the different callable formats.

Parameters

callable $value_callable: The callable to be checked.

Return value

bool TRUE if the callable is safe even if the CSRF token is invalid, FALSE otherwise.

1 call to FormBuilder::valueCallableIsSafe()
FormBuilder::handleInputElement in core/lib/Drupal/Core/Form/FormBuilder.php
Adds the #name and #value properties of an input element before rendering.

File

core/lib/Drupal/Core/Form/FormBuilder.php, line 1134
Contains \Drupal\Core\Form\FormBuilder.

Class

FormBuilder
Provides form building and processing.

Namespace

Drupal\Core\Form

Code

protected function valueCallableIsSafe(callable $value_callable) {

  // The same static class method callable may be formatted in two array and
  // two string forms:
  // ['\Classname', 'methodname']
  // ['Classname', 'methodname']
  // '\Classname::methodname'
  // 'Classname::methodname'
  if (is_callable($value_callable, FALSE, $callable_name)) {

    // The third parameter of is_callable() is set to a string form, but we
    // still have to normalize further by stripping a leading '\'.
    return in_array(ltrim($callable_name, '\\'), $this->safeCoreValueCallables);
  }
  return FALSE;
}