form.inc 154 KB
Newer Older
1
<?php
2 3
// $Id$

4
/**
5 6 7 8 9 10
 * @defgroup forms Form builder functions
 * @{
 * Functions that build an abstract representation of a HTML form.
 *
 * All modules should declare their form builder functions to be in this
 * group and each builder function should reference its validate and submit
11
 * functions using \@see. Conversely, validate and submit functions should
12
 * reference the form builder function using \@see. For examples, of this see
13
 * system_modules_uninstall() or user_pass(), the latter of which has the
14 15 16 17 18 19 20 21 22 23 24
 * following in its doxygen documentation:
 *
 * \@ingroup forms
 * \@see user_pass_validate().
 * \@see user_pass_submit().
 *
 * @} End of "defgroup forms".
 */

/**
 * @defgroup form_api Form generation
25
 * @{
26
 * Functions to enable the processing and display of HTML forms.
27
 *
28 29 30 31
 * Drupal uses these functions to achieve consistency in its form processing and
 * presentation, while simplifying code and reducing the amount of HTML that
 * must be explicitly generated by modules.
 *
32 33 34 35
 * The primary function used with forms is drupal_get_form(), which is
 * used for forms presented interactively to a user. Forms can also be built and
 * submitted programmatically without any user input using the
 * drupal_form_submit() function.
36
 *
37 38 39 40 41
 * drupal_get_form() handles retrieving, processing, and displaying a rendered
 * HTML form for modules automatically.
 *
 * Here is an example of how to use drupal_get_form() and a form builder
 * function:
42
 * @code
43 44 45 46 47 48 49
 * $form = drupal_get_form('my_module_example_form');
 * ...
 * function my_module_example_form($form, &$form_state) {
 *   $form['submit'] = array(
 *     '#type' => 'submit',
 *     '#value' => t('Submit'),
 *   );
50
 *   return $form;
51 52 53 54 55 56 57
 * }
 * function my_module_example_form_validate($form, &$form_state) {
 *   // Validation logic.
 * }
 * function my_module_example_form_submit($form, &$form_state) {
 *   // Submission logic.
 * }
58
 * @endcode
59
 *
60 61 62 63 64 65 66 67 68 69
 * Or with any number of additional arguments:
 * @code
 * $extra = "extra";
 * $form = drupal_get_form('my_module_example_form', $extra);
 * ...
 * function my_module_example_form($form, &$form_state, $extra) {
 *   $form['submit'] = array(
 *     '#type' => 'submit',
 *     '#value' => $extra,
 *   );
70
 *   return $form;
71 72
 * }
 * @endcode
73
 *
74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108
 * The $form argument to form-related functions is a structured array containing
 * the elements and properties of the form. For information on the array
 * components and format, and more detailed explanations of the Form API
 * workflow, see the
 * @link http://api.drupal.org/api/drupal/developer--topics--forms_api_reference.html Form API reference @endlink
 * and the
 * @link http://drupal.org/node/37775 Form API section of the handbook. @endlink
 * In addition, there is a set of Form API tutorials in
 * @link form_example_tutorial.inc the Form Example Tutorial @endlink which
 * provide basics all the way up through multistep forms.
 *
 * In the form builder, validation, submission, and other form functions,
 * $form_state is the primary influence on the processing of the form and is
 * passed by reference to most functions, so they use it to communicate with
 * the form system and each other.
 *
 * The $form_state keys are:
 * - 'values': An associative array of values submitted to the form. The
 *   validation functions and submit functions use this array for nearly all
 *   their decision making. (Note that
 *   @link http://api.drupal.org/api/drupal/developer--topics--forms_api_reference.html/7#tree #tree @endlink
 *   determines whether the values are a flat array or an array whose structure
 *   parallels the $form array.)
 * - 'rebuild': If the submit function sets $form_state['rebuild'] to TRUE,
 *   submission is not completed and instead the form is rebuilt using any
 *   information that the submit function has made available to the form builder
 *   function via $form_state. This is commonly used for wizard-style
 *   multi-step forms, add-more buttons, and the like. For further information
 *   see drupal_build_form().
 * - 'redirect': a URL that will be used to redirect the form on submission.
 *   See drupal_redirect_form() for complete information.
 * - 'storage': $form_state['storage'] is not a special key, and no specific
 *   support is provided for it in the Form API, but by tradition it was
 *   the location where application-specific data was stored for communication
 *   between the submit, validation, and form builder functions, especially
109 110 111 112 113 114 115 116 117 118 119 120 121 122
 *   in a multi-step-style form. Form implementations may use any key(s) within
 *   $form_state (other than the keys listed here and other reserved ones used
 *   by Form API internals) for this kind of storage. The recommended way to
 *   ensure that the chosen key doesn't conflict with ones used by the Form API
 *   or other modules is to use the module name as the key name or a prefix for
 *   the key name. For example, the Node module uses $form_state['node'] in node
 *   editing forms to store information about the node being edited, and this
 *   information stays available across successive clicks of the "Preview"
 *   button as well as when the "Save" button is finally clicked.
 * - 'temporary': Since values for all non-reserved keys in $form_state persist
 *   throughout a multistep form sequence, the Form API provides the 'temporary'
 *   key for modules to use for communicating information across form-related
 *   functions during a single page request only. There is no use-case for this
 *   functionality in core.
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
 * - 'triggering_element': (read-only) The form element that triggered
 *   submission. This is the same as the deprecated
 *   $form_state['clicked_button']. It is the element that caused submission,
 *   which may or may not be a button (in the case of AJAX forms.) This is
 *   often used to distinguish between various buttons in a submit handler,
 *   and is also used in AJAX handlers.
 * - 'cache': The typical form workflow involves two page requests. During the
 *   first page request, a form is built and returned for the user to fill in.
 *   Then the user fills the form in and submits it, triggering a second page
 *   request in which the form must be built and processed. By default, $form
 *   and $form_state are built from scratch during each of these page requests.
 *   In some special use-cases, it is necessary or desired to persist the $form
 *   and $form_state variables from the initial page request to the one that
 *   processes the submission. A form builder function can set 'cache' to TRUE
 *   to do this. One example where this is needed is to handle AJAX submissions,
 *   so ajax_process_form() sets this for all forms that include an element with
 *   a #ajax property. (In AJAX, the handler has no way to build the form
 *   itself, so must rely on the cached version created on each page load, so
 *   it's a classic example of this use case.) Note that the persistence of
 *   $form and $form_state across successive submissions of a multi-step form
 *   happens automatically regardless of the value for 'cache'.
 * - 'input': The array of values as they were submitted by the user. These are
 *   raw and unvalidated, so should not be used without a thorough understanding
 *   of security implications. In almost all cases, code should use the data in
 *   the 'values' array exclusively. The most common use of this key is for
 *   multi-step forms that need to clear some of the user input when setting
 *   'rebuild'.
150 151 152
 */

/**
153
 * Wrapper for drupal_build_form() for use when $form_state is not needed.
154 155
 *
 * @param $form_id
156 157 158 159 160 161
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
162
 * @param ...
163
 *   Any additional arguments are passed on to the functions called by
164 165 166
 *   drupal_get_form(), including the unique form constructor function. For
 *   example, the node_edit form requires that a node object is passed in here
 *   when it is called.
167
 *
168
 * @return
169
 *   The form array.
170 171
 *
 * @see drupal_build_form()
172 173
 */
function drupal_get_form($form_id) {
174
  $form_state = array();
175 176

  $args = func_get_args();
177 178
  // Remove $form_id from the arguments.
  array_shift($args);
179
  $form_state['build_info']['args'] = $args;
180 181 182 183 184

  return drupal_build_form($form_id, $form_state);
}

/**
185
 * Build and process a form based on a form id.
186 187 188
 *
 * The form may also be retrieved from the cache if the form was built in a
 * previous page-load. The form is then passed on for processing, validation
189
 * and submission if there is proper input.
190 191 192 193 194 195 196 197 198 199
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
 * @param &$form_state
 *   An array which stores information about the form. This is passed as a
200
 *   reference so that the caller can use it to examine what in the form changed
201 202 203
 *   when the form submission process is complete. Furthermore, it may be used
 *   to store information related to the processed data in the form, which will
 *   persist across page requests when the 'cache' or 'rebuild' flag is set.
204 205
 *   The following parameters may be set in $form_state to affect how the form
 *   is rendered:
206 207 208 209
 *   - build_info: A keyed array of build information that is necessary to
 *     rebuild the form from cache when the original context may no longer be
 *     available:
 *     - args: An array of arguments to pass to the form builder.
210 211 212 213
 *     - files: An optional array defining include files that need to be loaded
 *       for building the form. Each array entry may be the path to a file or
 *       another array containing values for the parameters 'type', 'module' and
 *       'name' as needed by module_load_include(). The files listed here are
214 215
 *       automatically loaded by form_get_cache(). Defaults to the current menu
 *       router item's 'file' definition, if existent.
216 217 218 219 220 221 222 223 224 225 226
 *   - rebuild: Normally, after the entire form processing is completed and
 *     submit handlers ran, a form is considered to be done and
 *     drupal_redirect_form() will redirect the user to a new page using a GET
 *     request (so a browser refresh does not re-submit the form). However, if
 *     'rebuild' has been set to TRUE, then a new copy of the form is
 *     immediately built and sent to the browser; instead of a redirect. This is
 *     used for multi-step forms, such as wizards and confirmation forms. Also,
 *     if a form validation handler has set 'rebuild' to TRUE and a validation
 *     error occurred, then the form is rebuilt prior to being returned,
 *     enabling form elements to be altered, as appropriate to the particular
 *     validation error.
227 228 229 230 231 232 233 234
 *   - input: An array of input that corresponds to $_POST or $_GET, depending
 *     on the 'method' chosen (see below).
 *   - method: The HTTP form method to use for finding the input for this form.
 *     May be 'post' or 'get'. Defaults to 'post'. Note that 'get' method
 *     forms do not use form ids so are always considered to be submitted, which
 *     can have unexpected effects. The 'get' method should only be used on
 *     forms that do not change data, as that is exclusively the domain of post.
 *   - no_redirect: If set to TRUE the form will NOT perform a drupal_goto(),
235 236 237 238 239
 *     even if 'redirect' is set.
 *   - cache: If set to TRUE the original, unprocessed form structure will be
 *     cached, which allows to rebuild the entire form from cache.
 *   - no_cache: If set to TRUE the form will NOT be cached, even if 'cache' is
 *     set.
240 241 242 243 244 245 246 247 248
 *   - always_process: If TRUE and the method is GET, a form_id is not
 *     necessary. This should only be used on RESTful GET forms that do NOT
 *     write data, as this could lead to security issues. It is useful so that
 *     searches do not need to have a form_id in their query arguments to
 *     trigger the search.
 *   - must_validate: Ordinarily, a form is only validated once but there are
 *     times when a form is resubmitted internally and should be validated
 *     again. Setting this to TRUE will force that to happen. This is most
 *     likely to occur during AHAH or AJAX operations.
249 250 251 252
 *   - temporary: An array holding temporary data accessible during the current
 *     page request only. It may be used to temporary save any data that doesn't
 *     need to or shouldn't be cached during the whole form workflow, e.g. data
 *     that needs to be accessed during the current form build process only.
253 254 255 256
 *   - wrapper_callback: Modules that wish to pre-populate certain forms with
 *     common elements, such as back/next/save buttons in multi-step form
 *     wizards, may define a form builder function name that returns a form
 *     structure, which is passed on to the actual form builder function.
257 258 259 260
 *     Such implementations may either define the 'wrapper_callback' via
 *     hook_forms() or have to invoke drupal_build_form() (instead of
 *     drupal_get_form()) on their own in a custom menu callback to prepare
 *     $form_state accordingly.
261 262 263
 *   Further $form_state properties controlling the redirection behavior after
 *   form submission may be found in drupal_redirect_form().
 *
264 265
 * @return
 *   The rendered form or NULL, depending upon the $form_state flags that were set.
266 267
 *
 * @see drupal_redirect_form()
268 269 270 271 272 273 274 275 276
 */
function drupal_build_form($form_id, &$form_state) {
  // Ensure some defaults; if already set they will not be overridden.
  $form_state += form_state_defaults();

  if (!isset($form_state['input'])) {
    $form_state['input'] = $form_state['method'] == 'get' ? $_GET : $_POST;
  }

277 278 279 280 281 282
  if (isset($_SESSION['batch_form_state'])) {
    // We've been redirected here after a batch processing : the form has
    // already been processed, so we grab the post-process $form_state value
    // and move on to form display. See _batch_finished() function.
    $form_state = $_SESSION['batch_form_state'];
    unset($_SESSION['batch_form_state']);
283 284
  }
  else {
285
    // If the incoming input contains a form_build_id, we'll check the
286 287 288 289
    // cache for a copy of the form in question. If it's there, we don't
    // have to rebuild the form to proceed. In addition, if there is stored
    // form_state data from a previous step, we'll retrieve it so it can
    // be passed on to the form processing code.
290 291
    $check_cache = isset($form_state['input']['form_id']) && $form_state['input']['form_id'] == $form_id && !empty($form_state['input']['form_build_id']);
    if ($check_cache) {
292 293
      $form_build_id = $form_state['input']['form_build_id'];
      $form = form_get_cache($form_build_id, $form_state);
294 295
    }

296 297 298 299
    // If the previous bit of code didn't result in a populated $form
    // object, we're hitting the form for the first time and we need
    // to build it from scratch.
    if (!isset($form)) {
300 301
      // Record the filepath of the include file containing the original form,
      // so the form builder callbacks can be loaded when the form is being
302
      // rebuilt from cache on a different path (such as 'system/ajax'). See
303
      // form_get_cache().
304
      // $menu_get_item() is not available at installation time.
305
      if (!isset($form_state['build_info']['files']['menu']) && !defined('MAINTENANCE_MODE')) {
306
        $item = menu_get_item();
307
        if (!empty($item['include_file'])) {
308
          $form_state['build_info']['files']['menu'] = $item['include_file'];
309 310 311
        }
      }

312 313 314 315 316 317 318
      // If we attempted to serve the form from cache, uncacheable $form_state
      // keys need to be removed after retrieving and preparing the form, except
      // any that were already set prior to retrieving the form.
      if ($check_cache) {
        $form_state_before_retrieval = $form_state;
      }

319
      $form = drupal_retrieve_form($form_id, $form_state);
320
      $form_build_id = 'form-' . drupal_hash_base64(uniqid(mt_rand(), TRUE) . mt_rand());
321 322
      $form['#build_id'] = $form_build_id;

323 324 325 326 327
      // Fix the form method, if it is 'get' in $form_state, but not in $form.
      if ($form_state['method'] == 'get' && !isset($form['#method'])) {
        $form['#method'] = 'get';
      }

328
      drupal_prepare_form($form_id, $form, $form_state);
329 330
      // Store a copy of the unprocessed form to cache in case
      // $form_state['cache'] is set.
331
      $original_form = $form;
332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349

      // form_set_cache() removes uncacheable $form_state keys defined in
      // form_state_keys_no_cache() in order for multi-step forms to work
      // properly. This means that form processing logic for single-step forms
      // using $form_state['cache'] may depend on data stored in those keys
      // during drupal_retrieve_form()/drupal_prepare_form(), but form
      // processing should not depend on whether the form is cached or not, so
      // $form_state is adjusted to match what it would be after a
      // form_set_cache()/form_get_cache() sequence. These exceptions are
      // allowed to survive here:
      // - always_process: Does not make sense in conjunction with form caching
      //   in the first place, since passing form_build_id as a GET parameter is
      //   not desired.
      // - temporary: Any assigned data is expected to survives within the same
      //   page request.
      if ($check_cache) {
        $form_state = array_diff_key($form_state, array_flip(array_diff(form_state_keys_no_cache(), array('always_process', 'temporary')))) + $form_state_before_retrieval;
      }
350
    }
351

352 353 354 355 356 357 358 359 360 361 362 363 364 365 366
    // Now that we know we have a form, we'll process it (validating,
    // submitting, and handling the results returned by its submission
    // handlers. Submit handlers accumulate data in the form_state by
    // altering the $form_state variable, which is passed into them by
    // reference.
    drupal_process_form($form_id, $form, $form_state);
  }

  // Most simple, single-step forms will be finished by this point --
  // drupal_process_form() usually redirects to another page (or to
  // a 'fresh' copy of the form) once processing is complete. If one
  // of the form's handlers has set $form_state['redirect'] to FALSE,
  // the form will simply be re-rendered with the values still in its
  // fields.
  //
367
  // If $form_state['rebuild'] has been set and input has been processed, we
368 369 370
  // know that we're in a multi-part process of some sort and the form's
  // workflow is not complete. We need to construct a fresh copy of the form,
  // passing in the latest $form_state in addition to any other variables passed
371
  // into drupal_get_form().
372
  if ($form_state['rebuild'] && $form_state['process_input'] && !form_get_errors()) {
373
    $form = drupal_rebuild_form($form_id, $form_state);
374
  }
375 376 377 378 379 380 381 382 383 384 385 386 387 388
  // After processing the form, the form builder or a #process callback may
  // have set $form_state['cache'] to indicate that the original form and the
  // $form_state shall be cached. But the form may only be cached if the
  // special 'no_cache' property is not set to TRUE and we are not rebuilding.
  elseif (isset($form_build_id) && $form_state['cache'] && empty($form_state['no_cache'])) {
    // Cache the original, unprocessed form upon initial build of the form.
    if (isset($original_form)) {
      form_set_cache($form_build_id, $original_form, $form_state);
    }
    // After processing a cached form, only update the cached form state.
    else {
      form_set_cache($form_build_id, NULL, $form_state);
    }
  }
389

390 391
  // Don't override #theme if someone already set it.
  if (!isset($form['#theme'])) {
392
    drupal_theme_initialize();
393 394 395 396 397
    $registry = theme_get_registry();
    if (isset($registry[$form_id])) {
      $form['#theme'] = $form_id;
    }
  }
398

399
  return $form;
400
}
401

402 403 404 405 406
/**
 * Retrieve default values for the $form_state array.
 */
function form_state_defaults() {
  return array(
407 408
    'rebuild' => FALSE,
    'redirect' => NULL,
409 410
    'build_info' => array('args' => array()),
    'temporary' => array(),
411 412
    'submitted' => FALSE,
    'programmed' => FALSE,
413 414
    'cache'=> FALSE,
    'method' => 'post',
415
    'groups' => array(),
416
    'buttons' => array(),
417 418 419
  );
}

420
/**
421
 * Retrieves a form, caches it and processes it again.
422
 *
423 424
 * If your AJAX callback simulates the pressing of a button, then your AJAX
 * callback will need to do the same as what drupal_get_form() would do when the
425
 * button is pressed: get the form from the cache, run drupal_process_form over
426
 * it and then if it needs rebuild, run drupal_rebuild_form() over it. Then send
427
 * back a part of the returned form.
428 429 430
 * $form_state['triggering_element']['#array_parents'] will help you to find
 * which part.
 * @see ajax_form_callback() for an example.
431 432 433 434 435 436 437 438 439
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
 *   different $form_id values to the proper form constructor function. Examples
 *   may be found in node_forms(), search_forms(), and user_forms().
 * @param $form_state
440
 *   A keyed array containing the current state of the form.
441 442 443 444 445 446
 * @param $old_form
 *   (optional) A previously built $form. Used to retain the #build_id and
 *   #action properties in AJAX callbacks and similar partial form rebuilds.
 *   Should not be passed for regular rebuilds, for which the entire $form
 *   should be rebuilt freshly.
 *
447 448 449
 * @return
 *   The newly built form.
 */
450
function drupal_rebuild_form($form_id, &$form_state, $old_form = NULL) {
451 452 453 454 455 456 457
  // AJAX and other contexts may call drupal_rebuild_form() even when
  // $form_state['rebuild'] isn't set, but _form_builder_handle_input_element()
  // needs to distinguish a rebuild from an initial build in order to process
  // user input correctly. Form constructors and form processing functions may
  // also need to handle a rebuild differently than an initial build.
  $form_state['rebuild'] = TRUE;

458
  $form = drupal_retrieve_form($form_id, $form_state);
459

460 461 462 463 464 465
  // If only parts of the form will be returned to the browser (e.g. AJAX or
  // RIA clients), re-use the old #build_id to not require client-side code to
  // manually update the hidden 'build_id' input element.
  // Otherwise, a new #build_id is generated, to not clobber the previous
  // build's data in the form cache; also allowing the user to go back to an
  // earlier build, make changes, and re-submit.
466
  $form['#build_id'] = isset($old_form['#build_id']) ? $old_form['#build_id'] : 'form-' . drupal_hash_base64(uniqid(mt_rand(), TRUE) . mt_rand());
467 468 469 470 471 472

  // #action defaults to request_uri(), but in case of AJAX and other partial
  // rebuilds, the form is submitted to an alternate URL, and the original
  // #action needs to be retained.
  if (isset($old_form['#action'])) {
    $form['#action'] = $old_form['#action'];
473
  }
474

475 476
  drupal_prepare_form($form_id, $form, $form_state);

477
  if (empty($form_state['no_cache'])) {
478 479
    // We cache the form structure and the form state so it can be retrieved
    // later for validation.
480
    form_set_cache($form['#build_id'], $form, $form_state);
481
  }
482

483 484
  // Clear out all group associations as these might be different when
  // re-rendering the form.
485 486
  $form_state['groups'] = array();

487 488 489
  // Do not call drupal_process_form(), since it would prevent the rebuilt form
  // to submit.
  $form = form_builder($form_id, $form, $form_state);
490 491 492
  return $form;
}

493 494 495 496
/**
 * Fetch a form from cache.
 */
function form_get_cache($form_build_id, &$form_state) {
497
  if ($cached = cache_get('form_' . $form_build_id, 'cache_form')) {
498
    $form = $cached->data;
499

500 501
    global $user;
    if ((isset($form['#cache_token']) && drupal_valid_token($form['#cache_token'])) || (!isset($form['#cache_token']) && !$user->uid)) {
502 503
      if ($cached = cache_get('form_state_' . $form_build_id, 'cache_form')) {
        // Re-populate $form_state for subsequent rebuilds.
504
        $form_state = $cached->data + $form_state;
505

506
        // If the original form is contained in include files, load the files.
507
        // See drupal_build_form().
508 509 510 511 512 513 514 515 516
        $form_state['build_info'] += array('files' => array());
        foreach ($form_state['build_info']['files'] as $file) {
          if (is_array($file)) {
            $file += array('type' => 'inc', 'name' => $file['module']);
            module_load_include($file['type'], $file['module'], $file['name']);
          }
          elseif (file_exists($file)) {
            require_once DRUPAL_ROOT . '/' . $file;
          }
517
        }
518 519
      }
      return $form;
520 521 522 523 524
    }
  }
}

/**
525
 * Store a form in the cache.
526 527
 */
function form_set_cache($form_build_id, $form, $form_state) {
528 529
  // 6 hours cache life time for forms should be plenty.
  $expire = 21600;
530 531 532 533 534 535 536

  // Cache form structure.
  if (isset($form)) {
    if ($GLOBALS['user']->uid) {
      $form['#cache_token'] = drupal_get_token();
    }
    cache_set('form_' . $form_build_id, $form, 'cache_form', REQUEST_TIME + $expire);
537
  }
538 539

  // Cache form state.
540
  if ($data = array_diff_key($form_state, array_flip(form_state_keys_no_cache()))) {
541
    cache_set('form_state_' . $form_build_id, $data, 'cache_form', REQUEST_TIME + $expire);
542 543 544
  }
}

545 546 547 548 549 550 551 552 553 554 555 556 557 558
/**
 * Returns an array of $form_state keys that shouldn't be cached.
 */
function form_state_keys_no_cache() {
  return array(
    // Public properties defined by form constructors and form handlers.
    'always_process',
    'must_validate',
    'rebuild',
    'redirect',
    'no_redirect',
    'temporary',
    // Internal properties defined by form processing.
    'buttons',
559
    'triggering_element',
560 561 562 563 564 565 566 567 568 569 570 571
    'clicked_button',
    'complete form',
    'groups',
    'input',
    'method',
    'submit_handlers',
    'submitted',
    'validate_handlers',
    'values',
  );
}

572
/**
573 574 575 576 577 578 579 580
 * Retrieves, populates, and processes a form.
 *
 * This function allows you to supply values for form elements and submit a
 * form for processing. Compare to drupal_get_form(), which also builds and
 * processes a form, but does not allow you to supply values.
 *
 * There is no return value, but you can check to see if there are errors
 * by calling form_get_errors().
581 582 583 584 585 586
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
587
 *   different $form_id values to the proper form constructor function. Examples
588
 *   may be found in node_forms(), search_forms(), and user_forms().
589
 * @param $form_state
590 591 592 593 594 595 596
 *   A keyed array containing the current state of the form. Most important is
 *   the $form_state['values'] collection, a tree of data used to simulate the
 *   incoming $_POST information from a user's form submission. If a key is not
 *   filled in $form_state['values'], then the default value of the respective
 *   element is used. To submit an unchecked checkbox or other control that
 *   browsers submit by not having a $_POST entry, include the key, but set the
 *   value to NULL.
597
 * @param ...
598
 *   Any additional arguments are passed on to the functions called by
599
 *   drupal_form_submit(), including the unique form constructor function.
600
 *   For example, the node_edit form requires that a node object be passed
601 602 603 604 605 606 607 608 609 610 611 612 613 614
 *   in here when it is called. Arguments that need to be passed by reference
 *   should not be included here, but rather placed directly in the $form_state
 *   build info array so that the reference can be preserved. For example, a
 *   form builder function with the following signature:
 *   @code
 *   function mymodule_form($form, &$form_state, &$object) {
 *   }
 *   @endcode
 *   would be called via drupal_form_submit() as follows:
 *   @code
 *   $form_state['values'] = $my_form_values;
 *   $form_state['build_info']['args'] = array(&$object);
 *   drupal_form_submit('mymodule_form', $form_state);
 *   @endcode
615
 * For example:
616
 * @code
617
 * // register a new user
618 619 620
 * $form_state = array();
 * $form_state['values']['name'] = 'robo-user';
 * $form_state['values']['mail'] = 'robouser@example.com';
621 622
 * $form_state['values']['pass']['pass1'] = 'password';
 * $form_state['values']['pass']['pass2'] = 'password';
623
 * $form_state['values']['op'] = t('Create new account');
624
 * drupal_form_submit('user_register_form', $form_state);
625
 * @endcode
626
 */
627
function drupal_form_submit($form_id, &$form_state) {
628
  if (!isset($form_state['build_info']['args'])) {
629 630 631
    $args = func_get_args();
    array_shift($args);
    array_shift($args);
632
    $form_state['build_info']['args'] = $args;
633
  }
634 635
  // Merge in default values.
  $form_state += form_state_defaults();
Dries's avatar
Dries committed
636

637 638 639
  $form = drupal_retrieve_form($form_id, $form_state);
  $form_state['input'] = $form_state['values'];
  $form_state['programmed'] = TRUE;
640 641
  // Programmed forms are always submitted.
  $form_state['submitted'] = TRUE;
642

643 644 645 646
  // Reset form validation.
  $form_state['must_validate'] = TRUE;
  form_clear_error();

647 648
  drupal_prepare_form($form_id, $form, $form_state);
  drupal_process_form($form_id, $form, $form_state);
649 650
}

651 652 653 654 655 656 657 658
/**
 * Retrieves the structured array that defines a given form.
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
659
 *   different $form_id values to the proper form constructor function.
660
 * @param $form_state
661 662 663
 *   A keyed array containing the current state of the form, including the
 *   additional arguments to drupal_get_form() or drupal_form_submit() in the
 *   'args' component of the array.
664
 */
665
function drupal_retrieve_form($form_id, &$form_state) {
666
  $forms = &drupal_static(__FUNCTION__);
667

668
  // We save two copies of the incoming arguments: one for modules to use
669
  // when mapping form ids to constructor functions, and another to pass to
670
  // the constructor function itself.
671
  $args = $form_state['build_info']['args'];
672 673 674

  // We first check to see if there's a function named after the $form_id.
  // If there is, we simply pass the arguments on to it to get the form.
675
  if (!function_exists($form_id)) {
676
    // In cases where many form_ids need to share a central constructor function,
677
    // such as the node editing form, modules can implement hook_forms(). It
678
    // maps one or more form_ids to the correct constructor functions.
679 680 681 682 683 684 685 686 687
    //
    // We cache the results of that hook to save time, but that only works
    // for modules that know all their form_ids in advance. (A module that
    // adds a small 'rate this comment' form to each comment in a list
    // would need a unique form_id for each one, for example.)
    //
    // So, we call the hook if $forms isn't yet populated, OR if it doesn't
    // yet have an entry for the requested form_id.
    if (!isset($forms) || !isset($forms[$form_id])) {
688
      $forms = module_invoke_all('forms', $form_id, $args);
689 690 691 692 693 694 695 696
    }
    $form_definition = $forms[$form_id];
    if (isset($form_definition['callback arguments'])) {
      $args = array_merge($form_definition['callback arguments'], $args);
    }
    if (isset($form_definition['callback'])) {
      $callback = $form_definition['callback'];
    }
697 698 699 700 701
    // In case $form_state['wrapper_callback'] is not defined already, we also
    // allow hook_forms() to define one.
    if (!isset($form_state['wrapper_callback']) && isset($form_definition['wrapper_callback'])) {
      $form_state['wrapper_callback'] = $form_definition['wrapper_callback'];
    }
702
  }
703

704 705 706 707 708 709
  $form = array();
  // We need to pass $form_state by reference in order for forms to modify it,
  // since call_user_func_array() requires that referenced variables are passed
  // explicitly.
  $args = array_merge(array($form, &$form_state), $args);

710 711 712 713 714
  // When the passed $form_state (not using drupal_get_form()) defines a
  // 'wrapper_callback', then it requests to invoke a separate (wrapping) form
  // builder function to pre-populate the $form array with form elements, which
  // the actual form builder function ($callback) expects. This allows for
  // pre-populating a form with common elements for certain forms, such as
715
  // back/next/save buttons in multi-step form wizards. See drupal_build_form().
716
  if (isset($form_state['wrapper_callback']) && function_exists($form_state['wrapper_callback'])) {
717 718 719
    $form = call_user_func_array($form_state['wrapper_callback'], $args);
    // Put the prepopulated $form into $args.
    $args[0] = $form;
720
  }
721

722 723
  // If $callback was returned by a hook_forms() implementation, call it.
  // Otherwise, call the function named after the form id.
724
  $form = call_user_func_array(isset($callback) ? $callback : $form_id, $args);
725
  $form['#form_id'] = $form_id;
726

727
  return $form;
728 729 730
}

/**
731 732
 * Processes a form submission.
 *
733 734 735 736 737
 * This function is the heart of form API. The form gets built, validated and in
 * appropriate cases, submitted.
 *
 * @param $form_id
 *   The unique string identifying the current form.
738 739
 * @param $form
 *   An associative array containing the structure of the form.
740 741
 * @param $form_state
 *   A keyed array containing the current state of the form. This
Dries's avatar
Dries committed
742
 *   includes the current persistent storage data for the form, and
743 744 745
 *   any data passed along by earlier steps when displaying a
 *   multi-step form. Additional information, like the sanitized $_POST
 *   data, is also accumulated here.
746
 */
747 748 749
function drupal_process_form($form_id, &$form, &$form_state) {
  $form_state['values'] = array();

750 751 752 753 754 755 756 757 758 759 760 761 762
  // With $_GET, these forms are always submitted if requested.
  if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) {
    if (!isset($form_state['input']['form_build_id'])) {
      $form_state['input']['form_build_id'] = $form['#build_id'];
    }
    if (!isset($form_state['input']['form_id'])) {
      $form_state['input']['form_id'] = $form_id;
    }
    if (!isset($form_state['input']['form_token']) && isset($form['#token'])) {
      $form_state['input']['form_token'] = drupal_get_token($form['#token']);
    }
  }

763
  // Build the form.
764
  $form = form_builder($form_id, $form, $form_state);
765 766 767

  // Only process the input if we have a correct form submission.
  if ($form_state['process_input']) {
768 769
    drupal_validate_form($form_id, $form, $form_state);

770
    // drupal_html_id() maintains a cache of element IDs it has seen,
771
    // so it can prevent duplicates. We want to be sure we reset that
772
    // cache when a form is processed, so scenarios that result in
773 774
    // the form being built behind the scenes and again for the
    // browser don't increment all the element IDs needlessly.
775
    drupal_static_reset('drupal_html_id');
776

777 778
    if ($form_state['submitted'] && !form_get_errors() && !$form_state['rebuild']) {
      // Execute form submit handlers.
779 780 781 782 783
      form_execute_handlers('submit', $form, $form_state);

      // We'll clear out the cached copies of the form and its stored data
      // here, as we've finished with them. The in-memory copies are still
      // here, though.
784
      if (!variable_get('cache', 0) && !empty($form_state['values']['form_build_id'])) {
785
        cache_clear_all('form_' . $form_state['values']['form_build_id'], 'cache_form');
786
        cache_clear_all('form_state_' . $form_state['values']['form_build_id'], 'cache_form');
787 788 789
      }

      // If batches were set in the submit handlers, we process them now,
790 791
      // possibly ending execution. We make sure we do not react to the batch
      // that is already being processed (if a batch operation performs a
792
      // drupal_form_submit).
793
      if ($batch =& batch_get() && !isset($batch['current_set'])) {
794 795 796 797 798 799 800
        // Store $form_state information in the batch definition.
        // We need the full $form_state when either:
        // - Some submit handlers were saved to be called during batch
        //   processing. See form_execute_handlers().
        // - The form is multistep.
        // In other cases, we only need the information expected by
        // drupal_redirect_form().
801
        if ($batch['has_form_submits'] || !empty($form_state['rebuild'])) {
802 803 804 805 806 807
          $batch['form_state'] = $form_state;
        }
        else {
          $batch['form_state'] = array_intersect_key($form_state, array_flip(array('programmed', 'rebuild', 'storage', 'no_redirect', 'redirect')));
        }

808
        $batch['progressive'] = !$form_state['programmed'];
809
        batch_process();
810

811 812 813 814
        // Execution continues only for programmatic forms.
        // For 'regular' forms, we get redirected to the batch processing
        // page. Form redirection will be handled in _batch_finished(),
        // after the batch is processed.
815
      }
816

817 818 819
      // Set a flag to indicate the the form has been processed and executed.
      $form_state['executed'] = TRUE;

820 821
      // Redirect the form based on values in $form_state.
      drupal_redirect_form($form_state);
822 823 824 825 826 827 828 829 830 831 832 833 834 835
    }
  }
}

/**
 * Prepares a structured form array by adding required elements,
 * executing any hook_form_alter functions, and optionally inserting
 * a validation token to prevent tampering.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
 *   An associative array containing the structure of the form.
836 837 838
 * @param $form_state
 *   A keyed array containing the current state of the form. Passed
 *   in here so that hook_form_alter() calls can use it, as well.
839
 */
840
function drupal_prepare_form($form_id, &$form, &$form_state) {
841 842
  global $user;

843
  $form['#type'] = 'form';
844
  $form_state['programmed'] = isset($form_state['programmed']) ? $form_state['programmed'] : FALSE;
845

846 847 848 849 850 851 852 853 854
  if (isset($form['#build_id'])) {
    $form['form_build_id'] = array(
      '#type' => 'hidden',
      '#value' => $form['#build_id'],
      '#id' => $form['#build_id'],
      '#name' => 'form_build_id',
    );
  }

855 856 857 858
  // Add a token, based on either #token or form_id, to any form displayed to
  // authenticated users. This ensures that any submitted form was actually
  // requested previously by the user and protects against cross site request
  // forgeries.
859 860 861 862 863 864 865 866
  // This does not apply to programmatically submitted forms. Furthermore, since
  // tokens are session-bound and forms displayed to anonymous users are very
  // likely cached, we cannot assign a token for them.
  // During installation, there is no $user yet.
  if (!empty($user->uid) && !$form_state['programmed']) {
    // Form constructors may explicitly set #token to FALSE when cross site
    // request forgery is irrelevant to the form, such as search forms.
    if (isset($form['#token']) && $form['#token'] === FALSE) {
867
      unset($form['#token']);
868
    }
869
    // Otherwise, generate a public token based on the form id.
870
    else {
871 872 873 874 875 876
      $form['#token'] = $form_id;
      $form['form_token'] = array(
        '#id' => drupal_html_id('edit-' . $form_id . '-form-token'),
        '#type' => 'token',
        '#default_value' => drupal_get_token($form['#token']),
      );
877
    }
878
  }
879

880
  if (isset($form_id)) {
881 882 883
    $form['form_id'] = array(
      '#type' => 'hidden',
      '#value' => $form_id,
884
      '#id' => drupal_html_id("edit-$form_id"),
885
    );
886
  }
887
  if (!isset($form['#id'])) {
888
    $form['#id'] = drupal_html_id($form_id);
889
  }
Steven Wittens's avatar
Steven Wittens committed
890

891
  $form += element_info('form');
892
  $form += array('#tree' => FALSE, '#parents' => array());
893

Dries's avatar
Dries committed
894
  if (!isset($form['#validate'])) {
895
    if (function_exists($form_id . '_validate')) {
896
      $form['#validate'] = array($form_id . '_validate');
Dries's avatar
Dries committed
897 898 899
    }
  }

900
  if (!isset($form['#submit'])) {
901
    if (function_exists($form_id . '_submit')) {
902
      // We set submit here so that it can be altered.
903
      $form['#submit'] = array($form_id . '_submit');
Dries's avatar
Dries committed
904 905 906
    }
  }

907 908
  // Invoke hook_form_alter() and hook_form_FORM_ID_alter() implementations.
  drupal_alter(array('form', 'form_' . $form_id), $form, $form_state, $form_id);
909 910
}

911 912

/**
913
 * Validates user-submitted form data from the $form_state using
914 915 916 917 918 919
 * the validate functions defined in a structured form array.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
920 921 922 923 924 925 926
 *   An associative array containing the structure of the form, which is passed
 *   by reference. Form validation handlers are able to alter the form structure
 *   (like #process and #after_build callbacks during form building) in case of
 *   a validation error. If a validation handler alters the form structure, it
 *   is responsible for validating the values of changed form elements in
 *   $form_state['values'] to prevent form submit handlers from receiving
 *   unvalidated values.
927 928 929 930 931 932
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
933
 *     $form_state['data_for_submission'] = $data;
934 935 936
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
937
 */
938
function drupal_validate_form($form_id, &$form, &$form_state) {
939
  $validated_forms = &drupal_static(__FUNCTION__, array());
940

941
  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
942 943
    return;
  }
944

945
  // If the session token was set by drupal_prepare_form(), ensure that it
946
  // matches the current user's session.
947
  if (isset($form['#token'])) {
948
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) {
949
      // Setting this error will cause the form to fail validation.
950
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
951 952 953
    }
  }

954
  _form_validate($form, $form_state, $form_id);
955
  $validated_forms[$form_id] = TRUE;
956 957
}

958
/**
959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984
 * Redirects the user to a URL after a form has been processed.
 *
 * After a form was executed, the data in $form_state controls whether the form
 * is redirected. By default, we redirect to a new destination page. The path of
 * the destination page can be set in $form_state['redirect']. If that is not
 * set, the user is redirected to the current page to display a fresh,
 * unpopulated copy of the form.
 *
 * There are several triggers that may prevent a redirection though:
 * - If $form_state['redirect'] is FALSE, a form builder function or form
 *   validation/submit handler does not want a user to be redirected, which
 *   means that drupal_goto() is not invoked. For most forms, the redirection
 *   logic will be the same regardless of whether $form_state['redirect'] is
 *   undefined or FALSE. However, in case it was not defined and the current
 *   request contains a 'destination' query string, drupal_goto() will redirect
 *   to that given destination instead. Only setting $form_state['redirect'] to
 *   FALSE will prevent any redirection.
 * - If $form_state['no_redirect'] is TRUE, then the callback that originally
 *   built the form explicitly disallows any redirection, regardless of the
 *   redirection value in $form_state['redirect']. For example, ajax_get_form()
 *   defines $form_state['no_redirect'] when building a form in an AJAX
 *   callback to prevent any redirection. $form_state['no_redirect'] should NOT
 *   be altered by form builder functions or form validation/submit handlers.
 * - If $form_state['programmed'] is TRUE, the form submission was usually
 *   invoked via drupal_form_submit(), so any redirection would break the script
 *   that invoked drupal_form_submit().
985
 * - If $form_state['rebuild'] is TRUE, the form needs to be rebuilt without
986
 *   redirection.
987
 *
988 989 990 991 992
 * @param $form_state
 *   A keyed array containing the current state of the form.
 *
 * @see drupal_process_form()
 * @see drupal_build_form()
993
 */
994 995 996 997
function drupal_redirect_form($form_state) {
  // Skip redirection for form submissions invoked via drupal_form_submit().
  if (!empty($form_state['programmed'])) {
    return;
998
  }
999 1000
  // Skip redirection if rebuild is activated.
  if (!empty($form_state['rebuild'])) {
1001 1002 1003 1004 1005
    return;
  }
  // Skip redirection if it was explicitly disallowed.
  if (!empty($form_state['no_redirect'])) {
    return;
1006
  }
1007 1008 1009 1010 1011
  // Only invoke drupal_goto() if redirect value was not set to FALSE.
  if (!isset($form_state['redirect']) || $form_state['redirect'] !== FALSE) {
    if (isset($form_state['redirect'])) {
      if (is_array($form_state['redirect'])) {
        call_user_func_array('drupal_goto', $form_state['redirect']);
1012 1013
      }
      else {
1014 1015 1016 1017
        // This function can be called from the installer, which guarantees
        // that $redirect will always be a string, so catch that case here
        // and use the appropriate redirect function.
        $function = drupal_installation_attempted() ? 'install_goto' : 'drupal_goto';
1018
        $function($form_state['redirect']);
1019 1020 1021 1022
      }
    }
    drupal_goto($_GET['q']);
  }
1023 1024
}

1025 1026 1027 1028 1029 1030 1031
/**
 * Performs validation on form elements. First ensures required fields are
 * completed, #maxlength is not exceeded, and selected options were in the
 * list of options given to the user. Then calls user-defined validators.
 *
 * @param $elements
 *   An associative array containing the structure of the form.
1032 1033 1034 1035 1036 1037
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
1038
 *     $form_state['data_for_submission'] = $data;
1039 1040 1041
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
1042 1043 1044 1045
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 */
1046
function _form_validate(&$elements, &$form_state, $form_id = NULL) {
1047 1048
  // Also used in the installer, pre-database setup.
  $t = get_t();
1049

1050 1051 1052
  // Recurse through all children.
  foreach (element_children($elements) as $key) {
    if (isset($elements[$key]) && $elements[$key]) {
1053
      _form_validate($elements[$key], $form_state);
1054 1055
    }
  }
1056

1057
  // Validate the current input.
drumm's avatar
drumm committed
1058
  if (!isset($elements['#validated']) || !$elements['#validated']) {
1059
    // The following errors are always shown.
1060
    if (isset($elements['#needs_validation'])) {
1061 1062
      // Verify that the value is not longer than #maxlength.
      if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
1063
        form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
1064 1065
      }

1066
      if (isset($elements['#options']) && isset($elements['#value'])) {
1067 1068 1069 1070 1071 1072 1073
        if ($elements['#type'] == 'select') {
          $options = form_options_flatten($elements['#options']);
        }
        else {
          $options = $elements['#options'];
        }
        if (is_array($elements['#value'])) {
<