public function FormValidator::validateForm in Zircon Profile 8.0
Same name and namespace in other branches
- 8 core/lib/Drupal/Core/Form/FormValidator.php \Drupal\Core\Form\FormValidator::validateForm()
Validates user-submitted form data in the $form_state.
Parameters
$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.
$form: An associative array containing the structure of the form, which is passed by reference. Form validation handlers are able to alter the form structure (like #process and #after_build callbacks during form building) in case of a validation error. If a validation handler alters the form structure, it is responsible for validating the values of changed form elements in $form_state->getValues() to prevent form submit handlers from receiving unvalidated values.
$form_state: The current state of the form. The current user-submitted data is stored in $form_state->getValues(), though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also use $form_state to pass information on to submit handlers. For example: $form_state->set('data_for_submission', $data); This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.
Overrides FormValidatorInterface::validateForm
File
- core/
lib/ Drupal/ Core/ Form/ FormValidator.php, line 95 - Contains \Drupal\Core\Form\FormValidator.
Class
- FormValidator
- Provides validation of form submissions.
Namespace
Drupal\Core\FormCode
public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
// If this form is flagged to always validate, ensure that previous runs of
// validation are ignored.
if ($form_state
->isValidationEnforced()) {
$form_state
->setValidationComplete(FALSE);
}
// If this form has completed validation, do not validate again.
if ($form_state
->isValidationComplete()) {
return;
}
// If the session token was set by self::prepareForm(), ensure that it
// matches the current user's session. This is duplicate to code in
// FormBuilder::doBuildForm() but left to protect any custom form handling
// code.
if (isset($form['#token'])) {
if (!$this->csrfToken
->validate($form_state
->getValue('form_token'), $form['#token']) || $form_state
->hasInvalidToken()) {
$this
->setInvalidTokenError($form_state);
// Stop here and don't run any further validation handlers, because they
// could invoke non-safe operations which opens the door for CSRF
// vulnerabilities.
$this
->finalizeValidation($form, $form_state, $form_id);
return;
}
}
// Recursively validate each form element.
$this
->doValidateForm($form, $form_state, $form_id);
$this
->finalizeValidation($form, $form_state, $form_id);
$this
->handleErrorsWithLimitedValidation($form, $form_state, $form_id);
}