You are here

function system_form_alter in Zircon Profile 8

Same name and namespace in other branches
  1. 8.0 core/modules/system/system.module \system_form_alter()

Implements hook_form_alter().

File

core/modules/system/system.module, line 704
Configuration system that lets administrators modify the workings of the site.

Code

function system_form_alter(&$form, FormStateInterface $form_state) {

  // If the page that's being built is cacheable, set the 'immutable' flag, to
  // ensure that when the form is used, a new form build ID is generated when
  // appropriate, to prevent information disclosure.
  // Note: This code just wants to know whether cache response headers are set,
  // not whether page_cache module will be active.
  // \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond will
  // send those headers, in case $request_policy->check($request) succeeds. In
  // that case we need to ensure that the immutable flag is sot, so future POST
  // request won't take over the form state of another user.

  /** @var \Drupal\Core\PageCache\RequestPolicyInterface $request_policy */
  $request_policy = \Drupal::service('page_cache_request_policy');
  $request = \Drupal::requestStack()
    ->getCurrentRequest();
  $request_is_cacheable = $request_policy
    ->check($request) === RequestPolicyInterface::ALLOW;
  if ($request_is_cacheable) {
    $form_state
      ->addBuildInfo('immutable', TRUE);
  }
}