You are here

Home » API reference » Zircon Profile 8 » StorageTest.php » StorageTest

public function StorageTest::testImmutableFormLegacyProtection in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/src/Tests/Form/StorageTest.php \Drupal\system\Tests\Form\StorageTest::testImmutableFormLegacyProtection()

Verify that existing contrib code cannot overwrite immutable form state.

File

core/modules/system/src/Tests/Form/StorageTest.php, line 169
Contains \Drupal\system\Tests\Form\StorageTest.

Class

StorageTest
Tests a multistep form using form storage and makes sure validation and caching works right.

Namespace

Drupal\system\Tests\Form

Code

public function testImmutableFormLegacyProtection() {
  $this
    ->drupalGet('form_test/form-storage', [
    'query' => [
      'cache' => 1,
      'immutable' => 1,
    ],
  ]);
  $build_id_fields = $this
    ->xpath('//input[@name="form_build_id"]');
  $this
    ->assertEqual(count($build_id_fields), 1, 'One form build id field on the page');
  $build_id = (string) $build_id_fields[0]['value'];

  // Try to poison the form cache.
  $original = $this
    ->drupalGetAjax('form-test/form-storage-legacy/' . $build_id);
  $this
    ->assertEqual($original['form']['#build_id_old'], $build_id, 'Original build_id was recorded');
  $this
    ->assertNotEqual($original['form']['#build_id'], $build_id, 'New build_id was generated');

  // Assert that a watchdog message was logged by
  // \Drupal::formBuilder()->setCache().
  $status = (bool) db_query_range('SELECT 1 FROM {watchdog} WHERE message = :message', 0, 1, [
    ':message' => 'Form build-id mismatch detected while attempting to store a form in the cache.',
  ]);
  $this
    ->assert($status, 'A watchdog message was logged by \\Drupal::formBuilder()->setCache');

  // Ensure that the form state was not poisoned by the preceding call.
  $original = $this
    ->drupalGetAjax('form-test/form-storage-legacy/' . $build_id);
  $this
    ->assertEqual($original['form']['#build_id_old'], $build_id, 'Original build_id was recorded');
  $this
    ->assertNotEqual($original['form']['#build_id'], $build_id, 'New build_id was generated');
  $this
    ->assert(empty($original['form']['#poisoned']), 'Original form structure was preserved');
  $this
    ->assert(empty($original['form_state']['poisoned']), 'Original form state was preserved');
}