function system_form_alter in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/system/system.module \system_form_alter()
Implements hook_form_alter().
File
- core/
modules/ system/ system.module, line 704 - Configuration system that lets administrators modify the workings of the site.
Code
function system_form_alter(&$form, FormStateInterface $form_state) {
// If the page that's being built is cacheable, set the 'immutable' flag, to
// ensure that when the form is used, a new form build ID is generated when
// appropriate, to prevent information disclosure.
// Note: This code just wants to know whether cache response headers are set,
// not whether page_cache module will be active.
// \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond will
// send those headers, in case $request_policy->check($request) succeeds. In
// that case we need to ensure that the immutable flag is sot, so future POST
// request won't take over the form state of another user.
/** @var \Drupal\Core\PageCache\RequestPolicyInterface $request_policy */
$request_policy = \Drupal::service('page_cache_request_policy');
$request = \Drupal::requestStack()
->getCurrentRequest();
$request_is_cacheable = $request_policy
->check($request) === RequestPolicyInterface::ALLOW;
if ($request_is_cacheable) {
$form_state
->addBuildInfo('immutable', TRUE);
}
}