public function StorageTest::testImmutableFormLegacyProtection in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/src/Tests/Form/StorageTest.php \Drupal\system\Tests\Form\StorageTest::testImmutableFormLegacyProtection()
Verify that existing contrib code cannot overwrite immutable form state.
File
- core/
modules/ system/ src/ Tests/ Form/ StorageTest.php, line 169 - Contains \Drupal\system\Tests\Form\StorageTest.
Class
- StorageTest
- Tests a multistep form using form storage and makes sure validation and caching works right.
Namespace
Drupal\system\Tests\FormCode
public function testImmutableFormLegacyProtection() {
$this
->drupalGet('form_test/form-storage', [
'query' => [
'cache' => 1,
'immutable' => 1,
],
]);
$build_id_fields = $this
->xpath('//input[@name="form_build_id"]');
$this
->assertEqual(count($build_id_fields), 1, 'One form build id field on the page');
$build_id = (string) $build_id_fields[0]['value'];
// Try to poison the form cache.
$original = $this
->drupalGetAjax('form-test/form-storage-legacy/' . $build_id);
$this
->assertEqual($original['form']['#build_id_old'], $build_id, 'Original build_id was recorded');
$this
->assertNotEqual($original['form']['#build_id'], $build_id, 'New build_id was generated');
// Assert that a watchdog message was logged by
// \Drupal::formBuilder()->setCache().
$status = (bool) db_query_range('SELECT 1 FROM {watchdog} WHERE message = :message', 0, 1, [
':message' => 'Form build-id mismatch detected while attempting to store a form in the cache.',
]);
$this
->assert($status, 'A watchdog message was logged by \\Drupal::formBuilder()->setCache');
// Ensure that the form state was not poisoned by the preceding call.
$original = $this
->drupalGetAjax('form-test/form-storage-legacy/' . $build_id);
$this
->assertEqual($original['form']['#build_id_old'], $build_id, 'Original build_id was recorded');
$this
->assertNotEqual($original['form']['#build_id'], $build_id, 'New build_id was generated');
$this
->assert(empty($original['form']['#poisoned']), 'Original form structure was preserved');
$this
->assert(empty($original['form_state']['poisoned']), 'Original form state was preserved');
}