form.inc 137 KB
Newer Older
1
<?php
2 3
// $Id$

4
/**
5 6 7 8 9 10
 * @defgroup forms Form builder functions
 * @{
 * Functions that build an abstract representation of a HTML form.
 *
 * All modules should declare their form builder functions to be in this
 * group and each builder function should reference its validate and submit
11
 * functions using \@see. Conversely, validate and submit functions should
12
 * reference the form builder function using \@see. For examples, of this see
13
 * system_modules_uninstall() or user_pass(), the latter of which has the
14 15 16 17 18 19 20 21 22 23 24
 * following in its doxygen documentation:
 *
 * \@ingroup forms
 * \@see user_pass_validate().
 * \@see user_pass_submit().
 *
 * @} End of "defgroup forms".
 */

/**
 * @defgroup form_api Form generation
25
 * @{
26
 * Functions to enable the processing and display of HTML forms.
27
 *
28 29 30 31
 * Drupal uses these functions to achieve consistency in its form processing and
 * presentation, while simplifying code and reducing the amount of HTML that
 * must be explicitly generated by modules.
 *
32
 * The drupal_get_form() function handles retrieving and processing an HTML
33
 * form for modules automatically. For example:
34
 *
35
 * @code
36 37
 *   // Display the user registration form.
 *   $output = drupal_get_form('user_register_form');
38
 * @endcode
39 40
 *
 * Forms can also be built and submitted programmatically without any user input
41
 * using the drupal_form_submit() function.
42 43
 *
 * For information on the format of the structured arrays used to define forms,
44
 * and more detailed explanations of the Form API workflow, see the
45 46
 * @link http://api.drupal.org/api/file/developer/topics/forms_api_reference.html reference @endlink
 * and the @link http://api.drupal.org/api/file/developer/topics/forms_api.html quickstart guide. @endlink
47 48 49
 */

/**
50
 * Wrapper for drupal_build_form() for use when $form_state is not needed.
51 52
 *
 * @param $form_id
53 54 55 56 57 58
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
59
 * @param ...
60
 *   Any additional arguments are passed on to the functions called by
61 62 63
 *   drupal_get_form(), including the unique form constructor function. For
 *   example, the node_edit form requires that a node object is passed in here
 *   when it is called.
64
 *
65
 * @return
66
 *   The form array.
67 68
 *
 * @see drupal_build_form()
69 70
 */
function drupal_get_form($form_id) {
71
  $form_state = array();
72 73

  $args = func_get_args();
74 75
  // Remove $form_id from the arguments.
  array_shift($args);
76
  $form_state['build_info']['args'] = $args;
77 78 79 80 81

  return drupal_build_form($form_id, $form_state);
}

/**
82
 * Build and process a form based on a form id.
83 84 85
 *
 * The form may also be retrieved from the cache if the form was built in a
 * previous page-load. The form is then passed on for processing, validation
86
 * and submission if there is proper input.
87 88 89 90 91 92 93 94 95 96
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
 * @param &$form_state
 *   An array which stores information about the form. This is passed as a
97
 *   reference so that the caller can use it to examine what in the form changed
98 99 100
 *   when the form submission process is complete. Furthermore, it may be used
 *   to store information related to the processed data in the form, which will
 *   persist across page requests when the 'cache' or 'rebuild' flag is set.
101 102
 *   The following parameters may be set in $form_state to affect how the form
 *   is rendered:
103 104 105 106 107 108 109
 *   - build_info: A keyed array of build information that is necessary to
 *     rebuild the form from cache when the original context may no longer be
 *     available:
 *     - args: An array of arguments to pass to the form builder.
 *     - file: An optional include file that contains the form and is
 *       automatically loaded by form_get_cache(). Defaults to the current menu
 *       router item's 'file' definition, if existent.
110 111 112 113 114 115 116 117 118 119 120
 *   - rebuild: Normally, after the entire form processing is completed and
 *     submit handlers ran, a form is considered to be done and
 *     drupal_redirect_form() will redirect the user to a new page using a GET
 *     request (so a browser refresh does not re-submit the form). However, if
 *     'rebuild' has been set to TRUE, then a new copy of the form is
 *     immediately built and sent to the browser; instead of a redirect. This is
 *     used for multi-step forms, such as wizards and confirmation forms. Also,
 *     if a form validation handler has set 'rebuild' to TRUE and a validation
 *     error occurred, then the form is rebuilt prior to being returned,
 *     enabling form elements to be altered, as appropriate to the particular
 *     validation error.
121 122 123 124 125 126 127 128
 *   - input: An array of input that corresponds to $_POST or $_GET, depending
 *     on the 'method' chosen (see below).
 *   - method: The HTTP form method to use for finding the input for this form.
 *     May be 'post' or 'get'. Defaults to 'post'. Note that 'get' method
 *     forms do not use form ids so are always considered to be submitted, which
 *     can have unexpected effects. The 'get' method should only be used on
 *     forms that do not change data, as that is exclusively the domain of post.
 *   - no_redirect: If set to TRUE the form will NOT perform a drupal_goto(),
129 130 131 132 133
 *     even if 'redirect' is set.
 *   - cache: If set to TRUE the original, unprocessed form structure will be
 *     cached, which allows to rebuild the entire form from cache.
 *   - no_cache: If set to TRUE the form will NOT be cached, even if 'cache' is
 *     set.
134 135 136 137 138 139 140 141 142
 *   - always_process: If TRUE and the method is GET, a form_id is not
 *     necessary. This should only be used on RESTful GET forms that do NOT
 *     write data, as this could lead to security issues. It is useful so that
 *     searches do not need to have a form_id in their query arguments to
 *     trigger the search.
 *   - must_validate: Ordinarily, a form is only validated once but there are
 *     times when a form is resubmitted internally and should be validated
 *     again. Setting this to TRUE will force that to happen. This is most
 *     likely to occur during AHAH or AJAX operations.
143 144 145 146
 *   - temporary: An array holding temporary data accessible during the current
 *     page request only. It may be used to temporary save any data that doesn't
 *     need to or shouldn't be cached during the whole form workflow, e.g. data
 *     that needs to be accessed during the current form build process only.
147 148 149 150
 *   - wrapper_callback: Modules that wish to pre-populate certain forms with
 *     common elements, such as back/next/save buttons in multi-step form
 *     wizards, may define a form builder function name that returns a form
 *     structure, which is passed on to the actual form builder function.
151 152 153 154
 *     Such implementations may either define the 'wrapper_callback' via
 *     hook_forms() or have to invoke drupal_build_form() (instead of
 *     drupal_get_form()) on their own in a custom menu callback to prepare
 *     $form_state accordingly.
155 156 157
 *   Further $form_state properties controlling the redirection behavior after
 *   form submission may be found in drupal_redirect_form().
 *
158 159
 * @return
 *   The rendered form or NULL, depending upon the $form_state flags that were set.
160 161
 *
 * @see drupal_redirect_form()
162 163 164 165 166 167 168 169 170
 */
function drupal_build_form($form_id, &$form_state) {
  // Ensure some defaults; if already set they will not be overridden.
  $form_state += form_state_defaults();

  if (!isset($form_state['input'])) {
    $form_state['input'] = $form_state['method'] == 'get' ? $_GET : $_POST;
  }

171 172 173 174 175 176
  if (isset($_SESSION['batch_form_state'])) {
    // We've been redirected here after a batch processing : the form has
    // already been processed, so we grab the post-process $form_state value
    // and move on to form display. See _batch_finished() function.
    $form_state = $_SESSION['batch_form_state'];
    unset($_SESSION['batch_form_state']);
177 178
  }
  else {
179
    // If the incoming input contains a form_build_id, we'll check the
180 181 182 183
    // cache for a copy of the form in question. If it's there, we don't
    // have to rebuild the form to proceed. In addition, if there is stored
    // form_state data from a previous step, we'll retrieve it so it can
    // be passed on to the form processing code.
184
    if (isset($form_state['input']['form_id']) && $form_state['input']['form_id'] == $form_id && !empty($form_state['input']['form_build_id'])) {
185 186
      $form_build_id = $form_state['input']['form_build_id'];
      $form = form_get_cache($form_build_id, $form_state);
187 188
    }

189 190 191 192
    // If the previous bit of code didn't result in a populated $form
    // object, we're hitting the form for the first time and we need
    // to build it from scratch.
    if (!isset($form)) {
193 194
      // Record the filepath of the include file containing the original form,
      // so the form builder callbacks can be loaded when the form is being
195 196 197
      // rebuilt from cache on a different path (such as 'system/ajax'). See
      // form_get_cache(). 
      // $menu_get_item() is not available at installation time.
198
      if (!isset($form_state['build_info']['file']) && !defined('MAINTENANCE_MODE')) {
199 200
        $item = menu_get_item();
        if (!empty($item['file'])) {
201
          $form_state['build_info']['file'] = $item['file'];
202 203 204
        }
      }

205 206 207 208
      $form = drupal_retrieve_form($form_id, $form_state);
      $form_build_id = 'form-' . md5(uniqid(mt_rand(), TRUE));
      $form['#build_id'] = $form_build_id;

209 210 211 212 213
      // Fix the form method, if it is 'get' in $form_state, but not in $form.
      if ($form_state['method'] == 'get' && !isset($form['#method'])) {
        $form['#method'] = 'get';
      }

214
      drupal_prepare_form($form_id, $form, $form_state);
215 216
      // Store a copy of the unprocessed form to cache in case
      // $form_state['cache'] is set.
217
      $original_form = $form;
218
    }
219

220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
    // Now that we know we have a form, we'll process it (validating,
    // submitting, and handling the results returned by its submission
    // handlers. Submit handlers accumulate data in the form_state by
    // altering the $form_state variable, which is passed into them by
    // reference.
    drupal_process_form($form_id, $form, $form_state);
  }

  // Most simple, single-step forms will be finished by this point --
  // drupal_process_form() usually redirects to another page (or to
  // a 'fresh' copy of the form) once processing is complete. If one
  // of the form's handlers has set $form_state['redirect'] to FALSE,
  // the form will simply be re-rendered with the values still in its
  // fields.
  //
235
  // If $form_state['rebuild'] has been set and input has been processed, we
236 237 238
  // know that we're in a multi-part process of some sort and the form's
  // workflow is not complete. We need to construct a fresh copy of the form,
  // passing in the latest $form_state in addition to any other variables passed
239
  // into drupal_get_form().
240
  if ($form_state['rebuild'] && $form_state['process_input'] && !form_get_errors()) {
241
    $form = drupal_rebuild_form($form_id, $form_state);
242
  }
243 244 245 246 247 248 249 250 251 252 253 254 255 256
  // After processing the form, the form builder or a #process callback may
  // have set $form_state['cache'] to indicate that the original form and the
  // $form_state shall be cached. But the form may only be cached if the
  // special 'no_cache' property is not set to TRUE and we are not rebuilding.
  elseif (isset($form_build_id) && $form_state['cache'] && empty($form_state['no_cache'])) {
    // Cache the original, unprocessed form upon initial build of the form.
    if (isset($original_form)) {
      form_set_cache($form_build_id, $original_form, $form_state);
    }
    // After processing a cached form, only update the cached form state.
    else {
      form_set_cache($form_build_id, NULL, $form_state);
    }
  }
257

258 259
  // Don't override #theme if someone already set it.
  if (!isset($form['#theme'])) {
260
    drupal_theme_initialize();
261 262 263 264 265
    $registry = theme_get_registry();
    if (isset($registry[$form_id])) {
      $form['#theme'] = $form_id;
    }
  }
266

267
  return $form;
268
}
269

270 271 272 273 274
/**
 * Retrieve default values for the $form_state array.
 */
function form_state_defaults() {
  return array(
275 276
    'rebuild' => FALSE,
    'redirect' => NULL,
277 278
    'build_info' => array('args' => array()),
    'temporary' => array(),
279 280
    'submitted' => FALSE,
    'programmed' => FALSE,
281 282
    'cache'=> FALSE,
    'method' => 'post',
283
    'groups' => array(),
284
    'buttons' => array(),
285 286 287
  );
}

288
/**
289
 * Retrieves a form, caches it and processes it again.
290
 *
291 292
 * If your AJAX callback simulates the pressing of a button, then your AJAX
 * callback will need to do the same as what drupal_get_form() would do when the
293
 * button is pressed: get the form from the cache, run drupal_process_form over
294
 * it and then if it needs rebuild, run drupal_rebuild_form() over it. Then send
295
 * back a part of the returned form.
296 297 298
 * $form_state['triggering_element']['#array_parents'] will help you to find
 * which part.
 * @see ajax_form_callback() for an example.
299 300 301 302 303 304 305 306 307
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
 *   different $form_id values to the proper form constructor function. Examples
 *   may be found in node_forms(), search_forms(), and user_forms().
 * @param $form_state
308
 *   A keyed array containing the current state of the form.
309 310 311 312 313 314
 * @param $old_form
 *   (optional) A previously built $form. Used to retain the #build_id and
 *   #action properties in AJAX callbacks and similar partial form rebuilds.
 *   Should not be passed for regular rebuilds, for which the entire $form
 *   should be rebuilt freshly.
 *
315 316 317
 * @return
 *   The newly built form.
 */
318
function drupal_rebuild_form($form_id, &$form_state, $old_form = NULL) {
319 320 321 322 323 324 325
  // AJAX and other contexts may call drupal_rebuild_form() even when
  // $form_state['rebuild'] isn't set, but _form_builder_handle_input_element()
  // needs to distinguish a rebuild from an initial build in order to process
  // user input correctly. Form constructors and form processing functions may
  // also need to handle a rebuild differently than an initial build.
  $form_state['rebuild'] = TRUE;

326
  $form = drupal_retrieve_form($form_id, $form_state);
327

328 329 330 331 332 333 334 335 336 337 338 339 340
  // If only parts of the form will be returned to the browser (e.g. AJAX or
  // RIA clients), re-use the old #build_id to not require client-side code to
  // manually update the hidden 'build_id' input element.
  // Otherwise, a new #build_id is generated, to not clobber the previous
  // build's data in the form cache; also allowing the user to go back to an
  // earlier build, make changes, and re-submit.
  $form['#build_id'] = isset($old_form['#build_id']) ? $old_form['#build_id'] : 'form-' . md5(mt_rand());

  // #action defaults to request_uri(), but in case of AJAX and other partial
  // rebuilds, the form is submitted to an alternate URL, and the original
  // #action needs to be retained.
  if (isset($old_form['#action'])) {
    $form['#action'] = $old_form['#action'];
341
  }
342

343 344
  drupal_prepare_form($form_id, $form, $form_state);

345
  if (empty($form_state['no_cache'])) {
346 347
    // We cache the form structure and the form state so it can be retrieved
    // later for validation.
348
    form_set_cache($form['#build_id'], $form, $form_state);
349
  }
350

351 352
  // Clear out all group associations as these might be different when
  // re-rendering the form.
353 354
  $form_state['groups'] = array();

355 356 357
  // Do not call drupal_process_form(), since it would prevent the rebuilt form
  // to submit.
  $form = form_builder($form_id, $form, $form_state);
358 359 360
  return $form;
}

361 362 363 364
/**
 * Fetch a form from cache.
 */
function form_get_cache($form_build_id, &$form_state) {
365
  if ($cached = cache_get('form_' . $form_build_id, 'cache_form')) {
366
    $form = $cached->data;
367

368 369
    global $user;
    if ((isset($form['#cache_token']) && drupal_valid_token($form['#cache_token'])) || (!isset($form['#cache_token']) && !$user->uid)) {
370 371
      if ($cached = cache_get('form_state_' . $form_build_id, 'cache_form')) {
        // Re-populate $form_state for subsequent rebuilds.
372
        $form_state = $cached->data + $form_state;
373 374

        // If the original form is contained in an include file, load the file.
375
        // See drupal_build_form().
376 377 378
        if (!empty($form_state['build_info']['file']) && file_exists($form_state['build_info']['file'])) {
          require_once DRUPAL_ROOT . '/' . $form_state['build_info']['file'];
        }
379 380
      }
      return $form;
381 382 383 384 385
    }
  }
}

/**
386
 * Store a form in the cache.
387 388
 */
function form_set_cache($form_build_id, $form, $form_state) {
389 390
  // 6 hours cache life time for forms should be plenty.
  $expire = 21600;
391 392 393 394 395 396 397

  // Cache form structure.
  if (isset($form)) {
    if ($GLOBALS['user']->uid) {
      $form['#cache_token'] = drupal_get_token();
    }
    cache_set('form_' . $form_build_id, $form, 'cache_form', REQUEST_TIME + $expire);
398
  }
399 400

  // Cache form state.
401
  if ($data = array_diff_key($form_state, array_flip(form_state_keys_no_cache()))) {
402
    cache_set('form_state_' . $form_build_id, $data, 'cache_form', REQUEST_TIME + $expire);
403 404 405
  }
}

406 407 408 409 410 411 412 413 414 415 416 417 418 419
/**
 * Returns an array of $form_state keys that shouldn't be cached.
 */
function form_state_keys_no_cache() {
  return array(
    // Public properties defined by form constructors and form handlers.
    'always_process',
    'must_validate',
    'rebuild',
    'redirect',
    'no_redirect',
    'temporary',
    // Internal properties defined by form processing.
    'buttons',
420
    'triggering_element',
421 422 423 424 425 426 427 428 429 430 431 432
    'clicked_button',
    'complete form',
    'groups',
    'input',
    'method',
    'submit_handlers',
    'submitted',
    'validate_handlers',
    'values',
  );
}

433
/**
434 435 436 437 438 439 440 441
 * Retrieves, populates, and processes a form.
 *
 * This function allows you to supply values for form elements and submit a
 * form for processing. Compare to drupal_get_form(), which also builds and
 * processes a form, but does not allow you to supply values.
 *
 * There is no return value, but you can check to see if there are errors
 * by calling form_get_errors().
442 443 444 445 446 447
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
448
 *   different $form_id values to the proper form constructor function. Examples
449
 *   may be found in node_forms(), search_forms(), and user_forms().
450
 * @param $form_state
451 452 453 454 455 456 457
 *   A keyed array containing the current state of the form. Most important is
 *   the $form_state['values'] collection, a tree of data used to simulate the
 *   incoming $_POST information from a user's form submission. If a key is not
 *   filled in $form_state['values'], then the default value of the respective
 *   element is used. To submit an unchecked checkbox or other control that
 *   browsers submit by not having a $_POST entry, include the key, but set the
 *   value to NULL.
458
 * @param ...
459
 *   Any additional arguments are passed on to the functions called by
460
 *   drupal_form_submit(), including the unique form constructor function.
461 462
 *   For example, the node_edit form requires that a node object be passed
 *   in here when it is called.
463
 * For example:
464
 * @code
465
 * // register a new user
466 467 468
 * $form_state = array();
 * $form_state['values']['name'] = 'robo-user';
 * $form_state['values']['mail'] = 'robouser@example.com';
469 470
 * $form_state['values']['pass']['pass1'] = 'password';
 * $form_state['values']['pass']['pass2'] = 'password';
471
 * $form_state['values']['op'] = t('Create new account');
472
 * drupal_form_submit('user_register_form', $form_state);
473
 * // Create a new node
474
 * $form_state = array();
475
 * module_load_include('inc', 'node', 'node.pages');
476
 * $node = array('type' => 'story');
477 478 479
 * $form_state['values']['title'] = 'My node';
 * $form_state['values']['body'] = 'This is the body text!';
 * $form_state['values']['name'] = 'robo-user';
480
 * $form_state['values']['op'] = t('Save');
481
 * drupal_form_submit('story_node_form', $form_state, (object)$node);
482
 * @endcode
483
 */
484
function drupal_form_submit($form_id, &$form_state) {
485
  if (!isset($form_state['build_info']['args'])) {
486 487 488
    $args = func_get_args();
    array_shift($args);
    array_shift($args);
489
    $form_state['build_info']['args'] = $args;
490
  }
491 492
  // Merge in default values.
  $form_state += form_state_defaults();
Dries's avatar
Dries committed
493

494 495 496
  $form = drupal_retrieve_form($form_id, $form_state);
  $form_state['input'] = $form_state['values'];
  $form_state['programmed'] = TRUE;
497 498
  // Programmed forms are always submitted.
  $form_state['submitted'] = TRUE;
499

500 501 502 503
  // Reset form validation.
  $form_state['must_validate'] = TRUE;
  form_clear_error();

504 505
  drupal_prepare_form($form_id, $form, $form_state);
  drupal_process_form($form_id, $form, $form_state);
506 507
}

508 509 510 511 512 513 514 515
/**
 * Retrieves the structured array that defines a given form.
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
516
 *   different $form_id values to the proper form constructor function.
517
 * @param $form_state
518 519 520
 *   A keyed array containing the current state of the form, including the
 *   additional arguments to drupal_get_form() or drupal_form_submit() in the
 *   'args' component of the array.
521
 */
522
function drupal_retrieve_form($form_id, &$form_state) {
523
  $forms = &drupal_static(__FUNCTION__);
524

525
  // We save two copies of the incoming arguments: one for modules to use
526
  // when mapping form ids to constructor functions, and another to pass to
527
  // the constructor function itself.
528
  $args = $form_state['build_info']['args'];
529 530 531

  // We first check to see if there's a function named after the $form_id.
  // If there is, we simply pass the arguments on to it to get the form.
532
  if (!function_exists($form_id)) {
533
    // In cases where many form_ids need to share a central constructor function,
534
    // such as the node editing form, modules can implement hook_forms(). It
535
    // maps one or more form_ids to the correct constructor functions.
536 537 538 539 540 541 542 543 544
    //
    // We cache the results of that hook to save time, but that only works
    // for modules that know all their form_ids in advance. (A module that
    // adds a small 'rate this comment' form to each comment in a list
    // would need a unique form_id for each one, for example.)
    //
    // So, we call the hook if $forms isn't yet populated, OR if it doesn't
    // yet have an entry for the requested form_id.
    if (!isset($forms) || !isset($forms[$form_id])) {
545
      $forms = module_invoke_all('forms', $form_id, $args);
546 547 548 549 550 551 552 553
    }
    $form_definition = $forms[$form_id];
    if (isset($form_definition['callback arguments'])) {
      $args = array_merge($form_definition['callback arguments'], $args);
    }
    if (isset($form_definition['callback'])) {
      $callback = $form_definition['callback'];
    }
554 555 556 557 558
    // In case $form_state['wrapper_callback'] is not defined already, we also
    // allow hook_forms() to define one.
    if (!isset($form_state['wrapper_callback']) && isset($form_definition['wrapper_callback'])) {
      $form_state['wrapper_callback'] = $form_definition['wrapper_callback'];
    }
559
  }
560

561 562 563 564 565 566
  $form = array();
  // We need to pass $form_state by reference in order for forms to modify it,
  // since call_user_func_array() requires that referenced variables are passed
  // explicitly.
  $args = array_merge(array($form, &$form_state), $args);

567 568 569 570 571
  // When the passed $form_state (not using drupal_get_form()) defines a
  // 'wrapper_callback', then it requests to invoke a separate (wrapping) form
  // builder function to pre-populate the $form array with form elements, which
  // the actual form builder function ($callback) expects. This allows for
  // pre-populating a form with common elements for certain forms, such as
572
  // back/next/save buttons in multi-step form wizards. See drupal_build_form().
573
  if (isset($form_state['wrapper_callback']) && function_exists($form_state['wrapper_callback'])) {
574 575 576
    $form = call_user_func_array($form_state['wrapper_callback'], $args);
    // Put the prepopulated $form into $args.
    $args[0] = $form;
577
  }
578

579 580
  // If $callback was returned by a hook_forms() implementation, call it.
  // Otherwise, call the function named after the form id.
581
  $form = call_user_func_array(isset($callback) ? $callback : $form_id, $args);
582
  $form['#form_id'] = $form_id;
583

584
  return $form;
585 586 587
}

/**
588 589
 * Processes a form submission.
 *
590 591 592 593 594
 * This function is the heart of form API. The form gets built, validated and in
 * appropriate cases, submitted.
 *
 * @param $form_id
 *   The unique string identifying the current form.
595 596
 * @param $form
 *   An associative array containing the structure of the form.
597 598
 * @param $form_state
 *   A keyed array containing the current state of the form. This
Dries's avatar
Dries committed
599
 *   includes the current persistent storage data for the form, and
600 601 602
 *   any data passed along by earlier steps when displaying a
 *   multi-step form. Additional information, like the sanitized $_POST
 *   data, is also accumulated here.
603
 */
604 605 606
function drupal_process_form($form_id, &$form, &$form_state) {
  $form_state['values'] = array();

607 608 609 610 611 612 613 614 615 616 617 618 619
  // With $_GET, these forms are always submitted if requested.
  if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) {
    if (!isset($form_state['input']['form_build_id'])) {
      $form_state['input']['form_build_id'] = $form['#build_id'];
    }
    if (!isset($form_state['input']['form_id'])) {
      $form_state['input']['form_id'] = $form_id;
    }
    if (!isset($form_state['input']['form_token']) && isset($form['#token'])) {
      $form_state['input']['form_token'] = drupal_get_token($form['#token']);
    }
  }

620
  // Build the form.
621
  $form = form_builder($form_id, $form, $form_state);
622 623 624

  // Only process the input if we have a correct form submission.
  if ($form_state['process_input']) {
625 626
    drupal_validate_form($form_id, $form, $form_state);

627
    // drupal_html_id() maintains a cache of element IDs it has seen,
628
    // so it can prevent duplicates. We want to be sure we reset that
629
    // cache when a form is processed, so scenarios that result in
630 631
    // the form being built behind the scenes and again for the
    // browser don't increment all the element IDs needlessly.
632
    drupal_static_reset('drupal_html_id');
633

634 635
    if ($form_state['submitted'] && !form_get_errors() && !$form_state['rebuild']) {
      // Execute form submit handlers.
636 637 638 639 640
      form_execute_handlers('submit', $form, $form_state);

      // We'll clear out the cached copies of the form and its stored data
      // here, as we've finished with them. The in-memory copies are still
      // here, though.
641
      if (variable_get('cache', CACHE_DISABLED) == CACHE_DISABLED && !empty($form_state['values']['form_build_id'])) {
642 643
        cache_clear_all('form_' . $form_state['values']['form_build_id'], 'cache_form');
        cache_clear_all('storage_' . $form_state['values']['form_build_id'], 'cache_form');
644 645 646
      }

      // If batches were set in the submit handlers, we process them now,
647 648
      // possibly ending execution. We make sure we do not react to the batch
      // that is already being processed (if a batch operation performs a
649
      // drupal_form_submit).
650
      if ($batch =& batch_get() && !isset($batch['current_set'])) {
651 652 653 654 655 656 657 658 659 660 661 662 663 664
        // Store $form_state information in the batch definition.
        // We need the full $form_state when either:
        // - Some submit handlers were saved to be called during batch
        //   processing. See form_execute_handlers().
        // - The form is multistep.
        // In other cases, we only need the information expected by
        // drupal_redirect_form().
        if ($batch['has_form_submits'] || !empty($form_state['rebuild']) || !empty($form_state['storage'])) {
          $batch['form_state'] = $form_state;
        }
        else {
          $batch['form_state'] = array_intersect_key($form_state, array_flip(array('programmed', 'rebuild', 'storage', 'no_redirect', 'redirect')));
        }

665
        $batch['progressive'] = !$form_state['programmed'];
666
        batch_process();
667

668 669 670 671
        // Execution continues only for programmatic forms.
        // For 'regular' forms, we get redirected to the batch processing
        // page. Form redirection will be handled in _batch_finished(),
        // after the batch is processed.
672
      }
673

674 675 676
      // Set a flag to indicate the the form has been processed and executed.
      $form_state['executed'] = TRUE;

677 678
      // Redirect the form based on values in $form_state.
      drupal_redirect_form($form_state);
679 680 681 682 683 684 685 686 687 688 689 690 691 692
    }
  }
}

/**
 * Prepares a structured form array by adding required elements,
 * executing any hook_form_alter functions, and optionally inserting
 * a validation token to prevent tampering.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
 *   An associative array containing the structure of the form.
693 694 695
 * @param $form_state
 *   A keyed array containing the current state of the form. Passed
 *   in here so that hook_form_alter() calls can use it, as well.
696
 */
697
function drupal_prepare_form($form_id, &$form, &$form_state) {
698 699
  global $user;

700
  $form['#type'] = 'form';
701
  $form_state['programmed'] = isset($form_state['programmed']) ? $form_state['programmed'] : FALSE;
702

703 704 705 706 707 708 709 710 711
  if (isset($form['#build_id'])) {
    $form['form_build_id'] = array(
      '#type' => 'hidden',
      '#value' => $form['#build_id'],
      '#id' => $form['#build_id'],
      '#name' => 'form_build_id',
    );
  }

712 713 714 715
  // Add a token, based on either #token or form_id, to any form displayed to
  // authenticated users. This ensures that any submitted form was actually
  // requested previously by the user and protects against cross site request
  // forgeries.
716 717 718 719 720 721 722 723
  // This does not apply to programmatically submitted forms. Furthermore, since
  // tokens are session-bound and forms displayed to anonymous users are very
  // likely cached, we cannot assign a token for them.
  // During installation, there is no $user yet.
  if (!empty($user->uid) && !$form_state['programmed']) {
    // Form constructors may explicitly set #token to FALSE when cross site
    // request forgery is irrelevant to the form, such as search forms.
    if (isset($form['#token']) && $form['#token'] === FALSE) {
724
      unset($form['#token']);
725
    }
726
    // Otherwise, generate a public token based on the form id.
727
    else {
728 729 730 731 732 733
      $form['#token'] = $form_id;
      $form['form_token'] = array(
        '#id' => drupal_html_id('edit-' . $form_id . '-form-token'),
        '#type' => 'token',
        '#default_value' => drupal_get_token($form['#token']),
      );
734
    }
735
  }
736

737
  if (isset($form_id)) {
738 739 740
    $form['form_id'] = array(
      '#type' => 'hidden',
      '#value' => $form_id,
741
      '#id' => drupal_html_id("edit-$form_id"),
742
    );
743
  }
744
  if (!isset($form['#id'])) {
745
    $form['#id'] = drupal_html_id($form_id);
746
  }
747

748
  $form += element_info('form');
749
  $form += array('#tree' => FALSE, '#parents' => array());
750

Dries's avatar
Dries committed
751
  if (!isset($form['#validate'])) {
752
    if (function_exists($form_id . '_validate')) {
753
      $form['#validate'] = array($form_id . '_validate');
Dries's avatar
Dries committed
754 755 756
    }
  }

757
  if (!isset($form['#submit'])) {
758
    if (function_exists($form_id . '_submit')) {
759
      // We set submit here so that it can be altered.
760
      $form['#submit'] = array($form_id . '_submit');
Dries's avatar
Dries committed
761 762 763
    }
  }

764 765 766 767 768
  // Invoke hook_form_FORM_ID_alter() implementations.
  drupal_alter('form_' . $form_id, $form, $form_state);

  // Invoke hook_form_alter() implementations.
  drupal_alter('form', $form, $form_state, $form_id);
769 770
}

771 772

/**
773
 * Validates user-submitted form data from the $form_state using
774 775 776 777 778 779
 * the validate functions defined in a structured form array.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
780 781 782 783 784 785 786
 *   An associative array containing the structure of the form, which is passed
 *   by reference. Form validation handlers are able to alter the form structure
 *   (like #process and #after_build callbacks during form building) in case of
 *   a validation error. If a validation handler alters the form structure, it
 *   is responsible for validating the values of changed form elements in
 *   $form_state['values'] to prevent form submit handlers from receiving
 *   unvalidated values.
787 788 789 790 791 792
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
793
 *     $form_state['data_for_submission'] = $data;
794 795 796
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
797
 */
798
function drupal_validate_form($form_id, &$form, &$form_state) {
799
  $validated_forms = &drupal_static(__FUNCTION__, array());
800

801
  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
802 803
    return;
  }
804

805
  // If the session token was set by drupal_prepare_form(), ensure that it
806
  // matches the current user's session.
807
  if (isset($form['#token'])) {
808
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) {
809
      // Setting this error will cause the form to fail validation.
810
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
811 812 813
    }
  }

814
  _form_validate($form, $form_state, $form_id);
815
  $validated_forms[$form_id] = TRUE;
816 817
}

818
/**
819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844
 * Redirects the user to a URL after a form has been processed.
 *
 * After a form was executed, the data in $form_state controls whether the form
 * is redirected. By default, we redirect to a new destination page. The path of
 * the destination page can be set in $form_state['redirect']. If that is not
 * set, the user is redirected to the current page to display a fresh,
 * unpopulated copy of the form.
 *
 * There are several triggers that may prevent a redirection though:
 * - If $form_state['redirect'] is FALSE, a form builder function or form
 *   validation/submit handler does not want a user to be redirected, which
 *   means that drupal_goto() is not invoked. For most forms, the redirection
 *   logic will be the same regardless of whether $form_state['redirect'] is
 *   undefined or FALSE. However, in case it was not defined and the current
 *   request contains a 'destination' query string, drupal_goto() will redirect
 *   to that given destination instead. Only setting $form_state['redirect'] to
 *   FALSE will prevent any redirection.
 * - If $form_state['no_redirect'] is TRUE, then the callback that originally
 *   built the form explicitly disallows any redirection, regardless of the
 *   redirection value in $form_state['redirect']. For example, ajax_get_form()
 *   defines $form_state['no_redirect'] when building a form in an AJAX
 *   callback to prevent any redirection. $form_state['no_redirect'] should NOT
 *   be altered by form builder functions or form validation/submit handlers.
 * - If $form_state['programmed'] is TRUE, the form submission was usually
 *   invoked via drupal_form_submit(), so any redirection would break the script
 *   that invoked drupal_form_submit().
845
 * - If $form_state['rebuild'] is TRUE, the form needs to be rebuilt without
846
 *   redirection.
847
 *
848 849 850 851 852
 * @param $form_state
 *   A keyed array containing the current state of the form.
 *
 * @see drupal_process_form()
 * @see drupal_build_form()
853
 */
854 855 856 857
function drupal_redirect_form($form_state) {
  // Skip redirection for form submissions invoked via drupal_form_submit().
  if (!empty($form_state['programmed'])) {
    return;
858
  }
859 860
  // Skip redirection if rebuild is activated.
  if (!empty($form_state['rebuild'])) {
861 862 863 864 865
    return;
  }
  // Skip redirection if it was explicitly disallowed.
  if (!empty($form_state['no_redirect'])) {
    return;
866
  }
867 868 869 870 871
  // Only invoke drupal_goto() if redirect value was not set to FALSE.
  if (!isset($form_state['redirect']) || $form_state['redirect'] !== FALSE) {
    if (isset($form_state['redirect'])) {
      if (is_array($form_state['redirect'])) {
        call_user_func_array('drupal_goto', $form_state['redirect']);
872 873
      }
      else {
874 875 876 877
        // This function can be called from the installer, which guarantees
        // that $redirect will always be a string, so catch that case here
        // and use the appropriate redirect function.
        $function = drupal_installation_attempted() ? 'install_goto' : 'drupal_goto';
878
        $function($form_state['redirect']);
879 880 881 882
      }
    }
    drupal_goto($_GET['q']);
  }
883 884
}

885 886 887 888 889 890 891
/**
 * Performs validation on form elements. First ensures required fields are
 * completed, #maxlength is not exceeded, and selected options were in the
 * list of options given to the user. Then calls user-defined validators.
 *
 * @param $elements
 *   An associative array containing the structure of the form.
892 893 894 895 896 897
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
898
 *     $form_state['data_for_submission'] = $data;
899 900 901
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
902 903 904 905
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 */
906
function _form_validate(&$elements, &$form_state, $form_id = NULL) {
907 908
  // Also used in the installer, pre-database setup.
  $t = get_t();
909

910 911 912
  // Recurse through all children.
  foreach (element_children($elements) as $key) {
    if (isset($elements[$key]) && $elements[$key]) {
913
      _form_validate($elements[$key], $form_state);
914 915
    }
  }
916

917
  // Validate the current input.
918
  if (!isset($elements['#validated']) || !$elements['#validated']) {
919
    // The following errors are always shown.
920
    if (isset($elements['#needs_validation'])) {
921 922
      // Verify that the value is not longer than #maxlength.
      if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
923
        form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
924 925
      }

926
      if (isset($elements['#options']) && isset($elements['#value'])) {
927 928 929 930 931 932 933 934 935 936
        if ($elements['#type'] == 'select') {
          $options = form_options_flatten($elements['#options']);
        }
        else {
          $options = $elements['#options'];
        }
        if (is_array($elements['#value'])) {
          $value = $elements['#type'] == 'checkboxes' ? array_keys(array_filter($elements['#value'])) : $elements['#value'];
          foreach ($value as $v) {
            if (!isset($options[$v])) {
937
              form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
938
              watchdog('form', 'Illegal choice %choice in !name element.', array('%choice' => $v, '!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title']), WATCHDOG_ERROR);
939
            }
940 941
          }
        }
942
        elseif (!isset($options[$elements['#value']])) {
943
          form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
944
          watchdog('form', 'Illegal choice %choice in %name element.', array('%choice' => $elements['#value'], '%name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title']), WATCHDOG_ERROR);
945
        }
946 947 948
      }
    }

949 950 951 952
    // While this element is being validated, it may be desired that some calls
    // to form_set_error() be suppressed and not result in a form error, so
    // that a button that implements low-risk functionality (such as "Previous"
    // or "Add more") that doesn't require all user input to be valid can still
953
    // have its submit handlers triggered. The triggering element's
954 955
    // #limit_validation_errors property contains the information for which
    // errors are needed, and all other errors are to be suppressed. The
956 957 958 959 960 961
    // #limit_validation_errors property is ignored if submit handlers will run,
    // but the element doesn't have a #submit property, because it's too large a
    // security risk to have any invalid user input when executing form-level
    // submit handlers.
    if (isset($form_state['triggering_element']['#limit_validation_errors']) && ($form_state['triggering_element']['#limit_validation_errors'] !== FALSE) && !($form_state['submitted'] && !isset($form_state['triggering_element']['#submit']))) {
      form_set_error(NULL, '', $form_state['triggering_element']['#limit_validation_errors']);
962
    }
963 964 965 966 967 968 969 970 971 972 973 974 975 976 977
    // If submit handlers won't run (due to the submission having been triggered
    // by an element whose #executes_submit_callback property isn't TRUE), then
    // it's safe to suppress all validation errors, and we do so by default,
    // which is particularly useful during an AJAX submission triggered by a
    // non-button. An element can override this default by setting the
    // #limit_validation_errors property. For button element types,
    // #limit_validation_errors defaults to FALSE (via system_element_info()),
    // so that full validation is their default behavior.
    elseif (isset($form_state['triggering_element']) && !isset($form_state['triggering_element']['#limit_validation_errors']) && !$form_state['submitted']) {
      form_set_error(NULL, '', array());
    }
    // As an extra security measure, explicitly turn off error suppression if
    // one of the above conditions wasn't met. Since this is also done at the
    // end of this function, doing it here is only to handle the rare edge case
    // where a validate handler invokes form processing of another form.
978 979 980
    else {
      drupal_static_reset('form_set_error:limit_validation_errors');
    }
981

982 983 984 985 986 987 988 989 990 991
    // Make sure a value is passed when the field is required.
    // A simple call to empty() will not cut it here as some fields, like
    // checkboxes, can return a valid value of '0'. Instead, check the
    // length if it's a string, and the item count if it's an array.
    // An unchecked checkbox has a #value of numeric 0, different than string
    // '0', which could be a valid value.
    if (isset($elements['#needs_validation']) && $elements['#required'] && (!count($elements['#value']) || (is_string($elements['#value']) && strlen(trim($elements['#value'])) == 0) || $elements['#value'] === 0)) {
      form_error($elements, $t('!name field is required.', array('!name' => $elements['#title'])));
    }

992
    // Call user-defined form level validators.
993 994 995 996 997 998 999
    if (isset($form_id)) {
      form_execute_handlers('validate', $elements, $form_state);
    }
    // Call any element-specific validators. These must act on the element
    // #value data.
    elseif (isset($elements['#element_validate'])) {
      foreach ($elements['#element_validate'] as $function) {
1000 1001
        $function($elements, $form_state, $form_state['complete form']);
      }
1002
    }
1003
    $elements['#validated'] = TRUE;
1004
  }
1005 1006 1007 1008 1009

  // Done validating this element, so turn off error suppression.
  // _form_validate() turns it on again when starting on the next element, if
  // it's still appropriate to do so.
  drupal_static_reset('form_set_error:limit_validation_errors');
1010 1011
}

1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028
/**
 * A helper function used to execute custom validation and submission
 * handlers for a given form. Button-specific handlers are checked
 * first. If none exist, the function falls back to form-level handlers.
 *
 * @param $type
 *   The type of handler to execute. 'validate' or 'submit' are the
 *   defaults used by Form API.
 * @param $form
 *   An associative array containing the structure of the form.
 * @param $form_state
 *   A keyed array containing the current state of the form. If the user
 *   submitted the form by clicking a button with custom handler functions
 *   defined, those handlers will be stored here.
 */
function form_execute_handlers($type, &$form, &$form_state) {
  $return = FALSE;
1029
  // If there was a button pressed, use its handlers.
1030 1031
  if (isset($form_state[$type . '_handlers'])) {
    $handlers = $form_state[$type . '_handlers'];
1032
  }
1033
  // Otherwise, check for a form-level handler.
1034 1035
  elseif (isset($form['#' . $type])) {
    $handlers = $form['#' . $type];
1036 1037 1038 1039 1040 1041
  }
  else {
    $handlers = array();
  }

  foreach ($handlers as $function) {
1042 1043 1044 1045 1046 1047 1048
    // Check if a previous _submit handler has set a batch, but make sure we
    // do not react to a batch that is already being processed (for instance
    // if a batch operation performs a drupal_form_submit()).
    if ($type == 'submit' && ($batch =& batch_get()) && !isset($batch['id'])) {
      // Some previous submit handler has set a batch. To ensure correct
      // execution order, store the call in a special 'control' batch set.
      // See _batch_next_set().
1049
      $batch['sets'][] = array('form_submit' => $function);
1050
      $batch['has_form_submits'] = TRUE;
1051 1052 1053
    }
    else {
      $function($form, $form_state);
1054
    }
1055
    $return = TRUE;
1056 1057 1058 1059
  }
  return $return;
}

1060
/**
1061
 * Files an error against a form element.
1062 1063 1064 1065 1066 1067 1068 1069
 *
 * @param $name
 *   The name of the form element. If the #parents property of your form
 *   element is array('foo', 'bar', 'baz') then you may set an error on 'foo'
 *   or 'foo][bar][baz'. Setting an error on 'foo' sets an error for every
 *   element where the #parents array starts with 'foo'.
 * @param $message
 *   The error message to present to the user.
1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118
 * @param $limit_validation_errors
 *   Internal use only. The #limit_validation_errors property of the clicked
 *   button if it exists. Multistep forms not wanting to validate the whole form
 *   can set the #limit_validation_errors property on buttons to avoid
 *   validation errors of some elements preventing the button's submit handlers
 *   from running. For example, pressing the "Previous" button should not fire
 *   validation errors just because the current step has invalid values. AJAX is
 *   another typical example.
 *   If this property is set on the clicked button, the button must also define
 *   its #submit property and those handlers will be executed even if there is
 *   invalid input, so extreme care should be taken with respect to what is
 *   performed by them. This is typically not a problem with buttons like
 *   "Previous" or "Add more" that do not invoke persistent storage of the
 *   submitted form values.
 *   Do not use the #limit_validation_errors property on buttons that trigger
 *   saving of form values to the database.
 *   The #limit_validation_errors property is a list of "sections" within
 *   $form_state['values'] that must contain valid values. Each "section" is an
 *   array with the ordered set of keys needed to reach that part of
 *   $form_state['values'] (i.e., the #parents property of the element).
 *   For example:
 *   @code
 *     $form['actions']['previous']['#limit_validation_errors'] = array(
 *       array('step1'),
 *       array('foo', 'bar'),
 *     );
 *   @endcode
 *   This will require $form_state['values']['step1'] and everything within it
 *   (for example, $form_state['values']['step1']['choice']) to be valid, so
 *   calls to form_set_error('step1', $message) or
 *   form_set_error('step1][choice', $message) will prevent the submit handlers
 *   from running, and result in the error message being displayed to the user.
 *   However, calls to form_set_error('step2', $message) and
 *   form_set_error('step2][groupX][choiceY', $message) will be suppressed,
 *   resulting in the message not being displayed to the user, and the submit
 *   handlers will run despite $form_state['values']['step2'] and
 *   $form_state['values']['step2']['groupX']['choiceY'] containing invalid
 *   values. Errors for an invalid $form_state['values']['foo'] will be
 *   suppressed, but errors for invalid values for
 *   $form_state['values']['foo']['bar'] and everything within it will be
 *   recorded. If the button doesn't need any user input to be valid, then the
 *   #limit_validation_errors can be set to an empty array, in which case, all
 *   calls to form_set_error() will be suppressed.
 *   Partial form validation is implemented by suppressing errors rather than by
 *   skipping the input processing and validation steps entirely, because some
 *   forms have button-level submit handlers that call Drupal API functions that
 *   assume that certain data exists within $form_state['values'], and while not
 *   doing anything with that data that requires it to be valid, PHP errors
 *   would be triggered if the input processing and validation steps were fully
1119
 *   skipped. See http://drupal.org/node/370537.
1120
 *
1121
 * @return
1122
 *   Return value is for internal use only. To get a list of errors, use
1123
 *   form_get_errors() or form_get_error().
1124
 */
1125
function form_set_error($name = NULL, $message = '', $limit_validation_errors = NULL) {
1126
  $form = &drupal_static(__FUNCTION__, array());
1127 1128 1129 1130 1131
  $sections = &drupal_static(__FUNCTION__ . ':limit_validation_errors');
  if (isset($limit_validation_errors)) {
    $sections = $limit_validation_errors;
  }

1132
  if (isset($name) && !isset($form[$name])) {
1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159
    $record = TRUE;
    if (isset($sections)) {
      // #limit_validation_errors is an array of "sections" within which user
      // input must be valid. If the element is within one of these sections,
      // the error must be recorded. Otherwise, it can be suppressed.
      // #limit_validation_errors can be an empty array, in which case all
      // errors are suppressed. For example, a "Previous" button might want its
      // submit action to be triggered even if none of the submitted values are
      // valid.
      $record = FALSE;
      foreach ($sections as $section) {
        // Exploding by '][' reconstructs the element's #parents. If the
        // reconstructed #parents begin with the same keys as the specified
        // section, then the element's values are within the part of
        // $form_state['values'] that the clicked button requires to be valid,
        // so errors for this element must be recorded.
        if (array_slice(explode('][', $name), 0, count($section)) === $section) {
          $record = TRUE;
          break;
        }
      }
    }
    if ($record) {
      $form[$name] = $message;
      if ($message) {
        drupal_set_message($message, 'error');
      }
1160
    }
1161
  }
1162

1163 1164 1165
  return $form;
}

1166 1167 1168 1169 1170 1171 1172
/**
 * Clear all errors against all form elements made by form_set_error().
 */
function form_clear_error() {
  drupal_static_reset('form_set_error');
}

1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197
/**
 * Return an associative array of all errors.
 */
function form_get_errors() {
  $form = form_set_error();
  if (!empty($form)) {
    return $form;
  }
}

/**
 * Return the error message filed against the form with the specified name.
 */
function form_get_error($element) {
  $form = form_set_error();
  $key = $element['#parents'][0];
  if (isset($form[$key])) {
    return $form[$key];
  }
  $key = implode('][', $element['#parents']);
  if (isset($form[$key])) {
    return $form[$key];
  }
}

1198 1199 1200
/**
 * Flag an element as having an error.
 */
1201
function form_error(&$element, $message = '') {
1202
  form_set_error(implode('][', $element['#parents']), $message);
1203 1204 1205
}

/**