form.inc 134 KB
Newer Older
1
<?php
2 3
// $Id$

4
/**
5 6 7 8 9 10
 * @defgroup forms Form builder functions
 * @{
 * Functions that build an abstract representation of a HTML form.
 *
 * All modules should declare their form builder functions to be in this
 * group and each builder function should reference its validate and submit
11
 * functions using \@see. Conversely, validate and submit functions should
12
 * reference the form builder function using \@see. For examples, of this see
13
 * system_modules_uninstall() or user_pass(), the latter of which has the
14 15 16 17 18 19 20 21 22 23 24
 * following in its doxygen documentation:
 *
 * \@ingroup forms
 * \@see user_pass_validate().
 * \@see user_pass_submit().
 *
 * @} End of "defgroup forms".
 */

/**
 * @defgroup form_api Form generation
25
 * @{
26
 * Functions to enable the processing and display of HTML forms.
27
 *
28 29 30 31
 * Drupal uses these functions to achieve consistency in its form processing and
 * presentation, while simplifying code and reducing the amount of HTML that
 * must be explicitly generated by modules.
 *
32
 * The drupal_get_form() function handles retrieving and processing an HTML
33
 * form for modules automatically. For example:
34
 *
35
 * @code
36 37
 *   // Display the user registration form.
 *   $output = drupal_get_form('user_register_form');
38
 * @endcode
39 40
 *
 * Forms can also be built and submitted programmatically without any user input
41
 * using the drupal_form_submit() function.
42 43
 *
 * For information on the format of the structured arrays used to define forms,
44
 * and more detailed explanations of the Form API workflow, see the
45 46
 * @link http://api.drupal.org/api/file/developer/topics/forms_api_reference.html reference @endlink
 * and the @link http://api.drupal.org/api/file/developer/topics/forms_api.html quickstart guide. @endlink
47 48 49
 */

/**
50
 * Wrapper for drupal_build_form() for use when $form_state is not needed.
51 52
 *
 * @param $form_id
53 54 55 56 57 58
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
59
 * @param ...
60
 *   Any additional arguments are passed on to the functions called by
61 62 63
 *   drupal_get_form(), including the unique form constructor function. For
 *   example, the node_edit form requires that a node object is passed in here
 *   when it is called.
64
 * @return
65
 *   The form array.
66 67
 *
 * @see drupal_build_form()
68 69
 */
function drupal_get_form($form_id) {
70
  $form_state = array();
71 72

  $args = func_get_args();
73 74
  // Remove $form_id from the arguments.
  array_shift($args);
75
  $form_state['build_info']['args'] = $args;
76 77 78 79 80

  return drupal_build_form($form_id, $form_state);
}

/**
81
 * Build and process a form based on a form id.
82 83 84
 *
 * The form may also be retrieved from the cache if the form was built in a
 * previous page-load. The form is then passed on for processing, validation
85
 * and submission if there is proper input.
86 87 88 89 90 91 92 93 94 95
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function with that
 *   name exists, it is called to build the form array. Modules that need to
 *   generate the same form (or very similar forms) using different $form_ids
 *   can implement hook_forms(), which maps different $form_id values to the
 *   proper form constructor function. Examples may be found in node_forms(),
 *   search_forms(), and user_forms().
 * @param &$form_state
 *   An array which stores information about the form. This is passed as a
96
 *   reference so that the caller can use it to examine what in the form changed
97 98 99
 *   when the form submission process is complete. Furthermore, it may be used
 *   to store information related to the processed data in the form, which will
 *   persist across page requests when the 'cache' or 'rebuild' flag is set.
100 101
 *   The following parameters may be set in $form_state to affect how the form
 *   is rendered:
102 103 104 105 106 107 108
 *   - build_info: A keyed array of build information that is necessary to
 *     rebuild the form from cache when the original context may no longer be
 *     available:
 *     - args: An array of arguments to pass to the form builder.
 *     - file: An optional include file that contains the form and is
 *       automatically loaded by form_get_cache(). Defaults to the current menu
 *       router item's 'file' definition, if existent.
109 110 111 112 113 114 115 116 117 118 119
 *   - rebuild: Normally, after the entire form processing is completed and
 *     submit handlers ran, a form is considered to be done and
 *     drupal_redirect_form() will redirect the user to a new page using a GET
 *     request (so a browser refresh does not re-submit the form). However, if
 *     'rebuild' has been set to TRUE, then a new copy of the form is
 *     immediately built and sent to the browser; instead of a redirect. This is
 *     used for multi-step forms, such as wizards and confirmation forms. Also,
 *     if a form validation handler has set 'rebuild' to TRUE and a validation
 *     error occurred, then the form is rebuilt prior to being returned,
 *     enabling form elements to be altered, as appropriate to the particular
 *     validation error.
120 121 122 123 124 125 126 127
 *   - input: An array of input that corresponds to $_POST or $_GET, depending
 *     on the 'method' chosen (see below).
 *   - method: The HTTP form method to use for finding the input for this form.
 *     May be 'post' or 'get'. Defaults to 'post'. Note that 'get' method
 *     forms do not use form ids so are always considered to be submitted, which
 *     can have unexpected effects. The 'get' method should only be used on
 *     forms that do not change data, as that is exclusively the domain of post.
 *   - no_redirect: If set to TRUE the form will NOT perform a drupal_goto(),
128 129 130 131 132
 *     even if 'redirect' is set.
 *   - cache: If set to TRUE the original, unprocessed form structure will be
 *     cached, which allows to rebuild the entire form from cache.
 *   - no_cache: If set to TRUE the form will NOT be cached, even if 'cache' is
 *     set.
133 134 135 136 137 138 139 140 141
 *   - always_process: If TRUE and the method is GET, a form_id is not
 *     necessary. This should only be used on RESTful GET forms that do NOT
 *     write data, as this could lead to security issues. It is useful so that
 *     searches do not need to have a form_id in their query arguments to
 *     trigger the search.
 *   - must_validate: Ordinarily, a form is only validated once but there are
 *     times when a form is resubmitted internally and should be validated
 *     again. Setting this to TRUE will force that to happen. This is most
 *     likely to occur during AHAH or AJAX operations.
142 143 144 145
 *   - temporary: An array holding temporary data accessible during the current
 *     page request only. It may be used to temporary save any data that doesn't
 *     need to or shouldn't be cached during the whole form workflow, e.g. data
 *     that needs to be accessed during the current form build process only.
146 147 148 149
 *   - wrapper_callback: Modules that wish to pre-populate certain forms with
 *     common elements, such as back/next/save buttons in multi-step form
 *     wizards, may define a form builder function name that returns a form
 *     structure, which is passed on to the actual form builder function.
150 151 152 153
 *     Such implementations may either define the 'wrapper_callback' via
 *     hook_forms() or have to invoke drupal_build_form() (instead of
 *     drupal_get_form()) on their own in a custom menu callback to prepare
 *     $form_state accordingly.
154 155 156
 *   Further $form_state properties controlling the redirection behavior after
 *   form submission may be found in drupal_redirect_form().
 *
157 158
 * @return
 *   The rendered form or NULL, depending upon the $form_state flags that were set.
159 160
 *
 * @see drupal_redirect_form()
161 162 163 164 165 166 167 168 169
 */
function drupal_build_form($form_id, &$form_state) {
  // Ensure some defaults; if already set they will not be overridden.
  $form_state += form_state_defaults();

  if (!isset($form_state['input'])) {
    $form_state['input'] = $form_state['method'] == 'get' ? $_GET : $_POST;
  }

170 171 172 173 174 175
  if (isset($_SESSION['batch_form_state'])) {
    // We've been redirected here after a batch processing : the form has
    // already been processed, so we grab the post-process $form_state value
    // and move on to form display. See _batch_finished() function.
    $form_state = $_SESSION['batch_form_state'];
    unset($_SESSION['batch_form_state']);
176 177
  }
  else {
178
    // If the incoming input contains a form_build_id, we'll check the
179 180 181 182
    // cache for a copy of the form in question. If it's there, we don't
    // have to rebuild the form to proceed. In addition, if there is stored
    // form_state data from a previous step, we'll retrieve it so it can
    // be passed on to the form processing code.
183
    if (isset($form_state['input']['form_id']) && $form_state['input']['form_id'] == $form_id && !empty($form_state['input']['form_build_id'])) {
184 185
      $form_build_id = $form_state['input']['form_build_id'];
      $form = form_get_cache($form_build_id, $form_state);
186 187
    }

188 189 190 191
    // If the previous bit of code didn't result in a populated $form
    // object, we're hitting the form for the first time and we need
    // to build it from scratch.
    if (!isset($form)) {
192 193
      // Record the filepath of the include file containing the original form,
      // so the form builder callbacks can be loaded when the form is being
194
      // rebuilt from cache on a different path (such as 'system/ajax').
195 196
      // @see form_get_cache()
      // menu_get_item() is not available at installation time.
197
      if (!isset($form_state['build_info']['file']) && !defined('MAINTENANCE_MODE')) {
198 199
        $item = menu_get_item();
        if (!empty($item['file'])) {
200
          $form_state['build_info']['file'] = $item['file'];
201 202 203
        }
      }

204 205 206 207
      $form = drupal_retrieve_form($form_id, $form_state);
      $form_build_id = 'form-' . md5(uniqid(mt_rand(), TRUE));
      $form['#build_id'] = $form_build_id;

208 209 210 211 212
      // Fix the form method, if it is 'get' in $form_state, but not in $form.
      if ($form_state['method'] == 'get' && !isset($form['#method'])) {
        $form['#method'] = 'get';
      }

213
      drupal_prepare_form($form_id, $form, $form_state);
214 215
      // Store a copy of the unprocessed form to cache in case
      // $form_state['cache'] is set.
216
      $original_form = $form;
217
    }
218

219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
    // Now that we know we have a form, we'll process it (validating,
    // submitting, and handling the results returned by its submission
    // handlers. Submit handlers accumulate data in the form_state by
    // altering the $form_state variable, which is passed into them by
    // reference.
    drupal_process_form($form_id, $form, $form_state);
  }

  // Most simple, single-step forms will be finished by this point --
  // drupal_process_form() usually redirects to another page (or to
  // a 'fresh' copy of the form) once processing is complete. If one
  // of the form's handlers has set $form_state['redirect'] to FALSE,
  // the form will simply be re-rendered with the values still in its
  // fields.
  //
234
  // If $form_state['rebuild'] has been set and input has been processed, we
235 236 237
  // know that we're in a multi-part process of some sort and the form's
  // workflow is not complete. We need to construct a fresh copy of the form,
  // passing in the latest $form_state in addition to any other variables passed
238
  // into drupal_get_form().
239
  if ($form_state['rebuild'] && $form_state['process_input'] && !form_get_errors()) {
240
    $form = drupal_rebuild_form($form_id, $form_state);
241
  }
242 243 244 245 246 247 248 249 250 251 252 253 254 255
  // After processing the form, the form builder or a #process callback may
  // have set $form_state['cache'] to indicate that the original form and the
  // $form_state shall be cached. But the form may only be cached if the
  // special 'no_cache' property is not set to TRUE and we are not rebuilding.
  elseif (isset($form_build_id) && $form_state['cache'] && empty($form_state['no_cache'])) {
    // Cache the original, unprocessed form upon initial build of the form.
    if (isset($original_form)) {
      form_set_cache($form_build_id, $original_form, $form_state);
    }
    // After processing a cached form, only update the cached form state.
    else {
      form_set_cache($form_build_id, NULL, $form_state);
    }
  }
256

257 258
  // Don't override #theme if someone already set it.
  if (!isset($form['#theme'])) {
259
    drupal_theme_initialize();
260 261 262 263 264
    $registry = theme_get_registry();
    if (isset($registry[$form_id])) {
      $form['#theme'] = $form_id;
    }
  }
265

266
  return $form;
267
}
268

269 270 271 272 273
/**
 * Retrieve default values for the $form_state array.
 */
function form_state_defaults() {
  return array(
274 275
    'rebuild' => FALSE,
    'redirect' => NULL,
276 277
    'build_info' => array('args' => array()),
    'temporary' => array(),
278 279
    'submitted' => FALSE,
    'programmed' => FALSE,
280 281
    'cache'=> FALSE,
    'method' => 'post',
282
    'groups' => array(),
283 284 285
  );
}

286
/**
287
 * Retrieves a form, caches it and processes it again.
288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304
 *
 * If your AHAH callback simulates the pressing of a button, then your AHAH
 * callback will need to do the same as what drupal_get_form would do when the
 * button is pressed: get the form from the cache, run drupal_process_form over
 * it and then if it needs rebuild, run drupal_rebuild_form over it. Then send
 * back a part of the returned form.
 * $form_state['clicked_button']['#array_parents'] will help you to find which
 * part.
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
 *   different $form_id values to the proper form constructor function. Examples
 *   may be found in node_forms(), search_forms(), and user_forms().
 * @param $form_state
305
 *   A keyed array containing the current state of the form.
306 307 308 309 310 311 312
 * @param $form_build_id
 *   If the AHAH callback calling this function only alters part of the form,
 *   then pass in the existing form_build_id so we can re-cache with the same
 *   csid.
 * @return
 *   The newly built form.
 */
313
function drupal_rebuild_form($form_id, &$form_state, $form_build_id = NULL) {
314 315 316 317 318 319 320
  // AJAX and other contexts may call drupal_rebuild_form() even when
  // $form_state['rebuild'] isn't set, but _form_builder_handle_input_element()
  // needs to distinguish a rebuild from an initial build in order to process
  // user input correctly. Form constructors and form processing functions may
  // also need to handle a rebuild differently than an initial build.
  $form_state['rebuild'] = TRUE;

321
  $form = drupal_retrieve_form($form_id, $form_state);
322 323 324

  if (!isset($form_build_id)) {
    // We need a new build_id for the new version of the form.
325
    $form_build_id = 'form-' . md5(mt_rand());
326 327 328 329
  }
  $form['#build_id'] = $form_build_id;
  drupal_prepare_form($form_id, $form, $form_state);

330
  if (empty($form_state['no_cache'])) {
331 332 333 334 335
    // We cache the form structure so it can be retrieved later for validation.
    // If $form_state['storage'] is populated, we also cache it so that it can
    // be used to resume complex multi-step processes.
    form_set_cache($form_build_id, $form, $form_state);
  }
336

337 338
  // Clear out all group associations as these might be different when
  // re-rendering the form.
339 340
  $form_state['groups'] = array();

341 342 343
  // Do not call drupal_process_form(), since it would prevent the rebuilt form
  // to submit.
  $form = form_builder($form_id, $form, $form_state);
344 345 346
  return $form;
}

347 348 349 350
/**
 * Fetch a form from cache.
 */
function form_get_cache($form_build_id, &$form_state) {
351
  if ($cached = cache_get('form_' . $form_build_id, 'cache_form')) {
352
    $form = $cached->data;
353

354 355
    global $user;
    if ((isset($form['#cache_token']) && drupal_valid_token($form['#cache_token'])) || (!isset($form['#cache_token']) && !$user->uid)) {
356 357
      if ($cached = cache_get('form_state_' . $form_build_id, 'cache_form')) {
        // Re-populate $form_state for subsequent rebuilds.
358
        $form_state = $cached->data + $form_state;
359 360 361 362 363 364

        // If the original form is contained in an include file, load the file.
        // @see drupal_build_form()
        if (!empty($form_state['build_info']['file']) && file_exists($form_state['build_info']['file'])) {
          require_once DRUPAL_ROOT . '/' . $form_state['build_info']['file'];
        }
365 366
      }
      return $form;
367 368 369 370 371
    }
  }
}

/**
372
 * Store a form in the cache.
373 374
 */
function form_set_cache($form_build_id, $form, $form_state) {
375 376
  // 6 hours cache life time for forms should be plenty.
  $expire = 21600;
377 378 379 380 381 382 383

  // Cache form structure.
  if (isset($form)) {
    if ($GLOBALS['user']->uid) {
      $form['#cache_token'] = drupal_get_token();
    }
    cache_set('form_' . $form_build_id, $form, 'cache_form', REQUEST_TIME + $expire);
384
  }
385 386

  // Cache form state.
387
  if ($data = array_diff_key($form_state, array_flip(form_state_keys_no_cache()))) {
388
    cache_set('form_state_' . $form_build_id, $data, 'cache_form', REQUEST_TIME + $expire);
389 390 391
  }
}

392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419
/**
 * Returns an array of $form_state keys that shouldn't be cached.
 */
function form_state_keys_no_cache() {
  return array(
    // Public properties defined by form constructors and form handlers.
    'always_process',
    'cache',
    'no_cache',
    'must_validate',
    'rebuild',
    'redirect',
    'no_redirect',
    'temporary',
    // Internal properties defined by form processing.
    'buttons',
    'clicked_button',
    'complete form',
    'groups',
    'input',
    'method',
    'submit_handlers',
    'submitted',
    'validate_handlers',
    'values',
  );
}

420
/**
421
 * Retrieves a form using a form_id, populates it with $form_state['values'],
422 423 424 425 426 427 428 429
 * processes it, and returns any validation errors encountered. This
 * function is the programmatic counterpart to drupal_get_form().
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
430
 *   different $form_id values to the proper form constructor function. Examples
431
 *   may be found in node_forms(), search_forms(), and user_forms().
432
 * @param $form_state
433 434 435 436 437 438 439
 *   A keyed array containing the current state of the form. Most important is
 *   the $form_state['values'] collection, a tree of data used to simulate the
 *   incoming $_POST information from a user's form submission. If a key is not
 *   filled in $form_state['values'], then the default value of the respective
 *   element is used. To submit an unchecked checkbox or other control that
 *   browsers submit by not having a $_POST entry, include the key, but set the
 *   value to NULL.
440
 * @param ...
441
 *   Any additional arguments are passed on to the functions called by
442
 *   drupal_form_submit(), including the unique form constructor function.
443 444
 *   For example, the node_edit form requires that a node object be passed
 *   in here when it is called.
445 446
 * For example:
 *
447
 * @code
448
 * // register a new user
449 450 451
 * $form_state = array();
 * $form_state['values']['name'] = 'robo-user';
 * $form_state['values']['mail'] = 'robouser@example.com';
452 453
 * $form_state['values']['pass']['pass1'] = 'password';
 * $form_state['values']['pass']['pass2'] = 'password';
454
 * $form_state['values']['op'] = t('Create new account');
455
 * drupal_form_submit('user_register_form', $form_state);
456 457
 *
 * // Create a new node
458
 * $form_state = array();
459
 * module_load_include('inc', 'node', 'node.pages');
460
 * $node = array('type' => 'story');
461 462 463
 * $form_state['values']['title'] = 'My node';
 * $form_state['values']['body'] = 'This is the body text!';
 * $form_state['values']['name'] = 'robo-user';
464
 * $form_state['values']['op'] = t('Save');
465
 * drupal_form_submit('story_node_form', $form_state, (object)$node);
466
 * @endcode
467
 */
468
function drupal_form_submit($form_id, &$form_state) {
469
  if (!isset($form_state['build_info']['args'])) {
470 471 472
    $args = func_get_args();
    array_shift($args);
    array_shift($args);
473
    $form_state['build_info']['args'] = $args;
474
  }
475 476
  // Merge in default values.
  $form_state += form_state_defaults();
Dries's avatar
Dries committed
477

478 479 480
  $form = drupal_retrieve_form($form_id, $form_state);
  $form_state['input'] = $form_state['values'];
  $form_state['programmed'] = TRUE;
481 482
  // Programmed forms are always submitted.
  $form_state['submitted'] = TRUE;
483

484 485
  drupal_prepare_form($form_id, $form, $form_state);
  drupal_process_form($form_id, $form, $form_state);
486 487
}

488 489 490 491 492 493 494 495
/**
 * Retrieves the structured array that defines a given form.
 *
 * @param $form_id
 *   The unique string identifying the desired form. If a function
 *   with that name exists, it is called to build the form array.
 *   Modules that need to generate the same form (or very similar forms)
 *   using different $form_ids can implement hook_forms(), which maps
496
 *   different $form_id values to the proper form constructor function.
497 498
 * @param $form_state
 *   A keyed array containing the current state of the form.
499
 * @param ...
500 501
 *   Any additional arguments needed by the unique form constructor
 *   function. Generally, these are any arguments passed into the
502
 *   drupal_get_form() or drupal_form_submit() functions after the first
503 504 505
 *   argument. If a module implements hook_forms(), it can examine
 *   these additional arguments and conditionally return different
 *   builder functions as well.
506
 */
507
function drupal_retrieve_form($form_id, &$form_state) {
508
  $forms = &drupal_static(__FUNCTION__);
509

510
  // We save two copies of the incoming arguments: one for modules to use
511
  // when mapping form ids to constructor functions, and another to pass to
512
  // the constructor function itself.
513
  $args = $form_state['build_info']['args'];
514 515 516

  // We first check to see if there's a function named after the $form_id.
  // If there is, we simply pass the arguments on to it to get the form.
517
  if (!function_exists($form_id)) {
518
    // In cases where many form_ids need to share a central constructor function,
519
    // such as the node editing form, modules can implement hook_forms(). It
520
    // maps one or more form_ids to the correct constructor functions.
521 522 523 524 525 526 527 528 529
    //
    // We cache the results of that hook to save time, but that only works
    // for modules that know all their form_ids in advance. (A module that
    // adds a small 'rate this comment' form to each comment in a list
    // would need a unique form_id for each one, for example.)
    //
    // So, we call the hook if $forms isn't yet populated, OR if it doesn't
    // yet have an entry for the requested form_id.
    if (!isset($forms) || !isset($forms[$form_id])) {
530
      $forms = module_invoke_all('forms', $form_id, $args);
531 532 533 534 535 536 537 538
    }
    $form_definition = $forms[$form_id];
    if (isset($form_definition['callback arguments'])) {
      $args = array_merge($form_definition['callback arguments'], $args);
    }
    if (isset($form_definition['callback'])) {
      $callback = $form_definition['callback'];
    }
539 540 541 542 543
    // In case $form_state['wrapper_callback'] is not defined already, we also
    // allow hook_forms() to define one.
    if (!isset($form_state['wrapper_callback']) && isset($form_definition['wrapper_callback'])) {
      $form_state['wrapper_callback'] = $form_definition['wrapper_callback'];
    }
544
  }
545

546 547 548 549 550 551
  $form = array();
  // We need to pass $form_state by reference in order for forms to modify it,
  // since call_user_func_array() requires that referenced variables are passed
  // explicitly.
  $args = array_merge(array($form, &$form_state), $args);

552 553 554 555 556 557 558 559
  // When the passed $form_state (not using drupal_get_form()) defines a
  // 'wrapper_callback', then it requests to invoke a separate (wrapping) form
  // builder function to pre-populate the $form array with form elements, which
  // the actual form builder function ($callback) expects. This allows for
  // pre-populating a form with common elements for certain forms, such as
  // back/next/save buttons in multi-step form wizards.
  // @see drupal_build_form()
  if (isset($form_state['wrapper_callback']) && function_exists($form_state['wrapper_callback'])) {
560 561 562
    $form = call_user_func_array($form_state['wrapper_callback'], $args);
    // Put the prepopulated $form into $args.
    $args[0] = $form;
563
  }
564

565 566
  // If $callback was returned by a hook_forms() implementation, call it.
  // Otherwise, call the function named after the form id.
567
  $form = call_user_func_array(isset($callback) ? $callback : $form_id, $args);
568
  $form['#form_id'] = $form_id;
569

570
  return $form;
571 572 573
}

/**
574 575
 * Processes a form submission.
 *
576 577 578 579 580
 * This function is the heart of form API. The form gets built, validated and in
 * appropriate cases, submitted.
 *
 * @param $form_id
 *   The unique string identifying the current form.
581 582
 * @param $form
 *   An associative array containing the structure of the form.
583 584
 * @param $form_state
 *   A keyed array containing the current state of the form. This
Dries's avatar
Dries committed
585
 *   includes the current persistent storage data for the form, and
586 587 588
 *   any data passed along by earlier steps when displaying a
 *   multi-step form. Additional information, like the sanitized $_POST
 *   data, is also accumulated here.
589
 */
590 591 592
function drupal_process_form($form_id, &$form, &$form_state) {
  $form_state['values'] = array();

593 594 595 596 597 598 599 600 601 602 603 604 605
  // With $_GET, these forms are always submitted if requested.
  if ($form_state['method'] == 'get' && !empty($form_state['always_process'])) {
    if (!isset($form_state['input']['form_build_id'])) {
      $form_state['input']['form_build_id'] = $form['#build_id'];
    }
    if (!isset($form_state['input']['form_id'])) {
      $form_state['input']['form_id'] = $form_id;
    }
    if (!isset($form_state['input']['form_token']) && isset($form['#token'])) {
      $form_state['input']['form_token'] = drupal_get_token($form['#token']);
    }
  }

606
  // Build the form.
607
  $form = form_builder($form_id, $form, $form_state);
608 609 610

  // Only process the input if we have a correct form submission.
  if ($form_state['process_input']) {
611 612
    drupal_validate_form($form_id, $form, $form_state);

613
    // drupal_html_id() maintains a cache of element IDs it has seen,
614
    // so it can prevent duplicates. We want to be sure we reset that
615
    // cache when a form is processed, so scenarios that result in
616 617
    // the form being built behind the scenes and again for the
    // browser don't increment all the element IDs needlessly.
618
    drupal_static_reset('drupal_html_id');
619

620 621
    if ($form_state['submitted'] && !form_get_errors() && !$form_state['rebuild']) {
      // Execute form submit handlers.
622 623 624 625 626
      form_execute_handlers('submit', $form, $form_state);

      // We'll clear out the cached copies of the form and its stored data
      // here, as we've finished with them. The in-memory copies are still
      // here, though.
627
      if (variable_get('cache', CACHE_DISABLED) == CACHE_DISABLED && !empty($form_state['values']['form_build_id'])) {
628 629
        cache_clear_all('form_' . $form_state['values']['form_build_id'], 'cache_form');
        cache_clear_all('storage_' . $form_state['values']['form_build_id'], 'cache_form');
630 631 632
      }

      // If batches were set in the submit handlers, we process them now,
633 634
      // possibly ending execution. We make sure we do not react to the batch
      // that is already being processed (if a batch operation performs a
635
      // drupal_form_submit).
636
      if ($batch =& batch_get() && !isset($batch['current_set'])) {
637 638 639 640 641 642 643 644 645 646 647 648 649 650
        // Store $form_state information in the batch definition.
        // We need the full $form_state when either:
        // - Some submit handlers were saved to be called during batch
        //   processing. See form_execute_handlers().
        // - The form is multistep.
        // In other cases, we only need the information expected by
        // drupal_redirect_form().
        if ($batch['has_form_submits'] || !empty($form_state['rebuild']) || !empty($form_state['storage'])) {
          $batch['form_state'] = $form_state;
        }
        else {
          $batch['form_state'] = array_intersect_key($form_state, array_flip(array('programmed', 'rebuild', 'storage', 'no_redirect', 'redirect')));
        }

651
        $batch['progressive'] = !$form_state['programmed'];
652
        batch_process();
653

654 655 656 657
        // Execution continues only for programmatic forms.
        // For 'regular' forms, we get redirected to the batch processing
        // page. Form redirection will be handled in _batch_finished(),
        // after the batch is processed.
658
      }
659

660 661 662
      // Set a flag to indicate the the form has been processed and executed.
      $form_state['executed'] = TRUE;

663 664
      // Redirect the form based on values in $form_state.
      drupal_redirect_form($form_state);
665 666 667 668 669 670 671 672 673 674 675 676 677 678
    }
  }
}

/**
 * Prepares a structured form array by adding required elements,
 * executing any hook_form_alter functions, and optionally inserting
 * a validation token to prevent tampering.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
 *   An associative array containing the structure of the form.
679 680 681
 * @param $form_state
 *   A keyed array containing the current state of the form. Passed
 *   in here so that hook_form_alter() calls can use it, as well.
682
 */
683
function drupal_prepare_form($form_id, &$form, &$form_state) {
684 685
  global $user;

686
  $form['#type'] = 'form';
687
  $form_state['programmed'] = isset($form_state['programmed']) ? $form_state['programmed'] : FALSE;
688

689 690 691 692 693 694 695 696 697
  if (isset($form['#build_id'])) {
    $form['form_build_id'] = array(
      '#type' => 'hidden',
      '#value' => $form['#build_id'],
      '#id' => $form['#build_id'],
      '#name' => 'form_build_id',
    );
  }

698 699 700 701
  // Add a token, based on either #token or form_id, to any form displayed to
  // authenticated users. This ensures that any submitted form was actually
  // requested previously by the user and protects against cross site request
  // forgeries.
702 703 704 705 706 707 708 709
  // This does not apply to programmatically submitted forms. Furthermore, since
  // tokens are session-bound and forms displayed to anonymous users are very
  // likely cached, we cannot assign a token for them.
  // During installation, there is no $user yet.
  if (!empty($user->uid) && !$form_state['programmed']) {
    // Form constructors may explicitly set #token to FALSE when cross site
    // request forgery is irrelevant to the form, such as search forms.
    if (isset($form['#token']) && $form['#token'] === FALSE) {
710
      unset($form['#token']);
711
    }
712
    // Otherwise, generate a public token based on the form id.
713
    else {
714 715 716 717 718 719
      $form['#token'] = $form_id;
      $form['form_token'] = array(
        '#id' => drupal_html_id('edit-' . $form_id . '-form-token'),
        '#type' => 'token',
        '#default_value' => drupal_get_token($form['#token']),
      );
720
    }
721
  }
722

723
  if (isset($form_id)) {
724 725 726
    $form['form_id'] = array(
      '#type' => 'hidden',
      '#value' => $form_id,
727
      '#id' => drupal_html_id("edit-$form_id"),
728
    );
729
  }
730
  if (!isset($form['#id'])) {
731
    $form['#id'] = drupal_html_id($form_id);
732
  }
733

734
  $form += element_info('form');
735
  $form += array('#tree' => FALSE, '#parents' => array());
736

Dries's avatar
Dries committed
737
  if (!isset($form['#validate'])) {
738
    if (function_exists($form_id . '_validate')) {
739
      $form['#validate'] = array($form_id . '_validate');
Dries's avatar
Dries committed
740 741 742
    }
  }

743
  if (!isset($form['#submit'])) {
744
    if (function_exists($form_id . '_submit')) {
745
      // We set submit here so that it can be altered.
746
      $form['#submit'] = array($form_id . '_submit');
Dries's avatar
Dries committed
747 748 749
    }
  }

750 751 752 753 754
  // Invoke hook_form_FORM_ID_alter() implementations.
  drupal_alter('form_' . $form_id, $form, $form_state);

  // Invoke hook_form_alter() implementations.
  drupal_alter('form', $form, $form_state, $form_id);
755 756
}

757 758

/**
759
 * Validates user-submitted form data from the $form_state using
760 761 762 763 764 765
 * the validate functions defined in a structured form array.
 *
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 * @param $form
766 767 768 769 770 771 772
 *   An associative array containing the structure of the form, which is passed
 *   by reference. Form validation handlers are able to alter the form structure
 *   (like #process and #after_build callbacks during form building) in case of
 *   a validation error. If a validation handler alters the form structure, it
 *   is responsible for validating the values of changed form elements in
 *   $form_state['values'] to prevent form submit handlers from receiving
 *   unvalidated values.
773 774 775 776 777 778
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
779
 *     $form_state['data_for_submission'] = $data;
780 781 782
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
783
 */
784
function drupal_validate_form($form_id, &$form, &$form_state) {
785
  $validated_forms = &drupal_static(__FUNCTION__, array());
786

787
  if (isset($validated_forms[$form_id]) && empty($form_state['must_validate'])) {
788 789
    return;
  }
790

791
  // If the session token was set by drupal_prepare_form(), ensure that it
792
  // matches the current user's session.
793
  if (isset($form['#token'])) {
794
    if (!drupal_valid_token($form_state['values']['form_token'], $form['#token'])) {
795
      // Setting this error will cause the form to fail validation.
796
      form_set_error('form_token', t('Validation error, please try again. If this error persists, please contact the site administrator.'));
797 798 799
    }
  }

800
  _form_validate($form, $form_state, $form_id);
801
  $validated_forms[$form_id] = TRUE;
802 803
}

804
/**
805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830
 * Redirects the user to a URL after a form has been processed.
 *
 * After a form was executed, the data in $form_state controls whether the form
 * is redirected. By default, we redirect to a new destination page. The path of
 * the destination page can be set in $form_state['redirect']. If that is not
 * set, the user is redirected to the current page to display a fresh,
 * unpopulated copy of the form.
 *
 * There are several triggers that may prevent a redirection though:
 * - If $form_state['redirect'] is FALSE, a form builder function or form
 *   validation/submit handler does not want a user to be redirected, which
 *   means that drupal_goto() is not invoked. For most forms, the redirection
 *   logic will be the same regardless of whether $form_state['redirect'] is
 *   undefined or FALSE. However, in case it was not defined and the current
 *   request contains a 'destination' query string, drupal_goto() will redirect
 *   to that given destination instead. Only setting $form_state['redirect'] to
 *   FALSE will prevent any redirection.
 * - If $form_state['no_redirect'] is TRUE, then the callback that originally
 *   built the form explicitly disallows any redirection, regardless of the
 *   redirection value in $form_state['redirect']. For example, ajax_get_form()
 *   defines $form_state['no_redirect'] when building a form in an AJAX
 *   callback to prevent any redirection. $form_state['no_redirect'] should NOT
 *   be altered by form builder functions or form validation/submit handlers.
 * - If $form_state['programmed'] is TRUE, the form submission was usually
 *   invoked via drupal_form_submit(), so any redirection would break the script
 *   that invoked drupal_form_submit().
831
 * - If $form_state['rebuild'] is TRUE, the form needs to be rebuilt without
832
 *   redirection.
833
 *
834 835 836 837 838
 * @param $form_state
 *   A keyed array containing the current state of the form.
 *
 * @see drupal_process_form()
 * @see drupal_build_form()
839
 */
840 841 842 843
function drupal_redirect_form($form_state) {
  // Skip redirection for form submissions invoked via drupal_form_submit().
  if (!empty($form_state['programmed'])) {
    return;
844
  }
845 846
  // Skip redirection if rebuild is activated.
  if (!empty($form_state['rebuild'])) {
847 848 849 850 851
    return;
  }
  // Skip redirection if it was explicitly disallowed.
  if (!empty($form_state['no_redirect'])) {
    return;
852
  }
853 854 855 856 857
  // Only invoke drupal_goto() if redirect value was not set to FALSE.
  if (!isset($form_state['redirect']) || $form_state['redirect'] !== FALSE) {
    if (isset($form_state['redirect'])) {
      if (is_array($form_state['redirect'])) {
        call_user_func_array('drupal_goto', $form_state['redirect']);
858 859
      }
      else {
860 861 862 863
        // This function can be called from the installer, which guarantees
        // that $redirect will always be a string, so catch that case here
        // and use the appropriate redirect function.
        $function = drupal_installation_attempted() ? 'install_goto' : 'drupal_goto';
864
        $function($form_state['redirect']);
865 866 867 868
      }
    }
    drupal_goto($_GET['q']);
  }
869 870
}

871 872 873 874 875 876 877
/**
 * Performs validation on form elements. First ensures required fields are
 * completed, #maxlength is not exceeded, and selected options were in the
 * list of options given to the user. Then calls user-defined validators.
 *
 * @param $elements
 *   An associative array containing the structure of the form.
878 879 880 881 882 883
 * @param $form_state
 *   A keyed array containing the current state of the form. The current
 *   user-submitted data is stored in $form_state['values'], though
 *   form validation functions are passed an explicit copy of the
 *   values for the sake of simplicity. Validation handlers can also
 *   $form_state to pass information on to submit handlers. For example:
884
 *     $form_state['data_for_submission'] = $data;
885 886 887
 *   This technique is useful when validation requires file parsing,
 *   web service requests, or other expensive requests that should
 *   not be repeated in the submission step.
888 889 890 891
 * @param $form_id
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
 */
892
function _form_validate(&$elements, &$form_state, $form_id = NULL) {
893 894
  // Also used in the installer, pre-database setup.
  $t = get_t();
895

896 897 898
  // Recurse through all children.
  foreach (element_children($elements) as $key) {
    if (isset($elements[$key]) && $elements[$key]) {
899
      _form_validate($elements[$key], $form_state);
900 901
    }
  }
902

903
  // Validate the current input.
904
  if (!isset($elements['#validated']) || !$elements['#validated']) {
905
    // The following errors are always shown.
906
    if (isset($elements['#needs_validation'])) {
907 908
      // Verify that the value is not longer than #maxlength.
      if (isset($elements['#maxlength']) && drupal_strlen($elements['#value']) > $elements['#maxlength']) {
909
        form_error($elements, $t('!name cannot be longer than %max characters but is currently %length characters long.', array('!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title'], '%max' => $elements['#maxlength'], '%length' => drupal_strlen($elements['#value']))));
910 911
      }

912
      if (isset($elements['#options']) && isset($elements['#value'])) {
913 914 915 916 917 918 919 920 921 922
        if ($elements['#type'] == 'select') {
          $options = form_options_flatten($elements['#options']);
        }
        else {
          $options = $elements['#options'];
        }
        if (is_array($elements['#value'])) {
          $value = $elements['#type'] == 'checkboxes' ? array_keys(array_filter($elements['#value'])) : $elements['#value'];
          foreach ($value as $v) {
            if (!isset($options[$v])) {
923
              form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
924
              watchdog('form', 'Illegal choice %choice in !name element.', array('%choice' => $v, '!name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title']), WATCHDOG_ERROR);
925
            }
926 927
          }
        }
928
        elseif (!isset($options[$elements['#value']])) {
929
          form_error($elements, $t('An illegal choice has been detected. Please contact the site administrator.'));
930
          watchdog('form', 'Illegal choice %choice in %name element.', array('%choice' => $elements['#value'], '%name' => empty($elements['#title']) ? $elements['#parents'][0] : $elements['#title']), WATCHDOG_ERROR);
931
        }
932 933 934
      }
    }

935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964
    // While this element is being validated, it may be desired that some calls
    // to form_set_error() be suppressed and not result in a form error, so
    // that a button that implements low-risk functionality (such as "Previous"
    // or "Add more") that doesn't require all user input to be valid can still
    // have its submit handlers triggered. The clicked button's
    // #limit_validation_errors property contains the information for which
    // errors are needed, and all other errors are to be suppressed. The
    // #limit_validation_errors property is ignored if the button doesn't also
    // define its own submit handlers, because it's too large a security risk to
    // have any invalid user input when executing form-level submit handlers.
    if (isset($form_state['clicked_button']['#limit_validation_errors']) && isset($form_state['clicked_button']['#submit'])) {
      form_set_error(NULL, '', $form_state['clicked_button']['#limit_validation_errors']);
    }
    else {
      // As an extra security measure, explicitly turn off error suppression.
      // Since this is also done at the end of this function, doing it here is
      // only to handle the rare edge case where a validate handler invokes form
      // processing of another form.
      drupal_static_reset('form_set_error:limit_validation_errors');
    }
    // Make sure a value is passed when the field is required.
    // A simple call to empty() will not cut it here as some fields, like
    // checkboxes, can return a valid value of '0'. Instead, check the
    // length if it's a string, and the item count if it's an array.
    // An unchecked checkbox has a #value of numeric 0, different than string
    // '0', which could be a valid value.
    if (isset($elements['#needs_validation']) && $elements['#required'] && (!count($elements['#value']) || (is_string($elements['#value']) && strlen(trim($elements['#value'])) == 0) || $elements['#value'] === 0)) {
      form_error($elements, $t('!name field is required.', array('!name' => $elements['#title'])));
    }

965
    // Call user-defined form level validators.
966 967 968 969 970 971 972
    if (isset($form_id)) {
      form_execute_handlers('validate', $elements, $form_state);
    }
    // Call any element-specific validators. These must act on the element
    // #value data.
    elseif (isset($elements['#element_validate'])) {
      foreach ($elements['#element_validate'] as $function) {
973 974
        $function($elements, $form_state, $form_state['complete form']);        
      }      
975
    }
976
    $elements['#validated'] = TRUE;
977
  }
978 979 980 981 982

  // Done validating this element, so turn off error suppression.
  // _form_validate() turns it on again when starting on the next element, if
  // it's still appropriate to do so.
  drupal_static_reset('form_set_error:limit_validation_errors');
983 984
}

985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001
/**
 * A helper function used to execute custom validation and submission
 * handlers for a given form. Button-specific handlers are checked
 * first. If none exist, the function falls back to form-level handlers.
 *
 * @param $type
 *   The type of handler to execute. 'validate' or 'submit' are the
 *   defaults used by Form API.
 * @param $form
 *   An associative array containing the structure of the form.
 * @param $form_state
 *   A keyed array containing the current state of the form. If the user
 *   submitted the form by clicking a button with custom handler functions
 *   defined, those handlers will be stored here.
 */
function form_execute_handlers($type, &$form, &$form_state) {
  $return = FALSE;
1002
  // If there was a button pressed, use its handlers.
1003 1004
  if (isset($form_state[$type . '_handlers'])) {
    $handlers = $form_state[$type . '_handlers'];
1005
  }
1006
  // Otherwise, check for a form-level handler.
1007 1008
  elseif (isset($form['#' . $type])) {
    $handlers = $form['#' . $type];
1009 1010 1011 1012 1013 1014
  }
  else {
    $handlers = array();
  }

  foreach ($handlers as $function) {
1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025
    // Check to see if a previous _submit handler has set a batch, but
    // make sure we do not react to a batch that is already being processed
    // (for instance if a batch operation performs a drupal_form_submit()).
    if ($type == 'submit' && ($batch =& batch_get()) && !isset($batch['current_set'])) {
      // Some previous _submit handler has set a batch. We store the call
      // in a special 'control' batch set, for execution at the correct
      // time during the batch processing workflow.
      $batch['sets'][] = array('form_submit' => $function);
    }
    else {
      $function($form, $form_state);
1026
    }
1027
    $return = TRUE;
1028 1029 1030 1031
  }
  return $return;
}

1032
/**
1033
 * Files an error against a form element.
1034 1035 1036 1037 1038 1039 1040 1041
 *
 * @param $name
 *   The name of the form element. If the #parents property of your form
 *   element is array('foo', 'bar', 'baz') then you may set an error on 'foo'
 *   or 'foo][bar][baz'. Setting an error on 'foo' sets an error for every
 *   element where the #parents array starts with 'foo'.
 * @param $message
 *   The error message to present to the user.
1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092
 * @param $limit_validation_errors
 *   Internal use only. The #limit_validation_errors property of the clicked
 *   button if it exists. Multistep forms not wanting to validate the whole form
 *   can set the #limit_validation_errors property on buttons to avoid
 *   validation errors of some elements preventing the button's submit handlers
 *   from running. For example, pressing the "Previous" button should not fire
 *   validation errors just because the current step has invalid values. AJAX is
 *   another typical example.
 *   If this property is set on the clicked button, the button must also define
 *   its #submit property and those handlers will be executed even if there is
 *   invalid input, so extreme care should be taken with respect to what is
 *   performed by them. This is typically not a problem with buttons like
 *   "Previous" or "Add more" that do not invoke persistent storage of the
 *   submitted form values.
 *   Do not use the #limit_validation_errors property on buttons that trigger
 *   saving of form values to the database.
 *   The #limit_validation_errors property is a list of "sections" within
 *   $form_state['values'] that must contain valid values. Each "section" is an
 *   array with the ordered set of keys needed to reach that part of
 *   $form_state['values'] (i.e., the #parents property of the element).
 *   For example:
 *   @code
 *     $form['actions']['previous']['#limit_validation_errors'] = array(
 *       array('step1'),
 *       array('foo', 'bar'),
 *     );
 *   @endcode
 *   This will require $form_state['values']['step1'] and everything within it
 *   (for example, $form_state['values']['step1']['choice']) to be valid, so
 *   calls to form_set_error('step1', $message) or
 *   form_set_error('step1][choice', $message) will prevent the submit handlers
 *   from running, and result in the error message being displayed to the user.
 *   However, calls to form_set_error('step2', $message) and
 *   form_set_error('step2][groupX][choiceY', $message) will be suppressed,
 *   resulting in the message not being displayed to the user, and the submit
 *   handlers will run despite $form_state['values']['step2'] and
 *   $form_state['values']['step2']['groupX']['choiceY'] containing invalid
 *   values. Errors for an invalid $form_state['values']['foo'] will be
 *   suppressed, but errors for invalid values for
 *   $form_state['values']['foo']['bar'] and everything within it will be
 *   recorded. If the button doesn't need any user input to be valid, then the
 *   #limit_validation_errors can be set to an empty array, in which case, all
 *   calls to form_set_error() will be suppressed.
 *   Partial form validation is implemented by suppressing errors rather than by
 *   skipping the input processing and validation steps entirely, because some
 *   forms have button-level submit handlers that call Drupal API functions that
 *   assume that certain data exists within $form_state['values'], and while not
 *   doing anything with that data that requires it to be valid, PHP errors
 *   would be triggered if the input processing and validation steps were fully
 *   skipped. @see http://drupal.org/node/370537.
 *
1093
 * @return
1094
 *   Return value is for internal use only. To get a list of errors, use
1095
 *   form_get_errors() or form_get_error().
1096
 */
1097
function form_set_error($name = NULL, $message = '', $limit_validation_errors = NULL) {
1098
  $form = &drupal_static(__FUNCTION__, array());
1099 1100 1101 1102 1103
  $sections = &drupal_static(__FUNCTION__ . ':limit_validation_errors');
  if (isset($limit_validation_errors)) {
    $sections = $limit_validation_errors;
  }

1104
  if (isset($name) && !isset($form[$name])) {
1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131
    $record = TRUE;
    if (isset($sections)) {
      // #limit_validation_errors is an array of "sections" within which user
      // input must be valid. If the element is within one of these sections,
      // the error must be recorded. Otherwise, it can be suppressed.
      // #limit_validation_errors can be an empty array, in which case all
      // errors are suppressed. For example, a "Previous" button might want its
      // submit action to be triggered even if none of the submitted values are
      // valid.
      $record = FALSE;
      foreach ($sections as $section) {
        // Exploding by '][' reconstructs the element's #parents. If the
        // reconstructed #parents begin with the same keys as the specified
        // section, then the element's values are within the part of
        // $form_state['values'] that the clicked button requires to be valid,
        // so errors for this element must be recorded.
        if (array_slice(explode('][', $name), 0, count($section)) === $section) {
          $record = TRUE;
          break;
        }
      }
    }
    if ($record) {
      $form[$name] = $message;
      if ($message) {
        drupal_set_message($message, 'error');
      }
1132
    }
1133
  }
1134

1135 1136 1137
  return $form;
}

1138 1139 1140 1141 1142 1143 1144
/**
 * Clear all errors against all form elements made by form_set_error().
 */
function form_clear_error() {
  drupal_static_reset('form_set_error');
}

1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169
/**
 * Return an associative array of all errors.
 */
function form_get_errors() {
  $form = form_set_error();
  if (!empty($form)) {
    return $form;
  }
}

/**
 * Return the error message filed against the form with the specified name.
 */
function form_get_error($element) {
  $form = form_set_error();
  $key = $element['#parents'][0];
  if (isset($form[$key])) {
    return $form[$key];
  }
  $key = implode('][', $element['#parents']);
  if (isset($form[$key])) {
    return $form[$key];
  }
}

1170 1171 1172
/**
 * Flag an element as having an error.
 */
1173
function form_error(&$element, $message = '') {
1174
  form_set_error(implode('][', $element['#parents']), $message);
1175 1176 1177
}

/**
1178
 * Walk through the structured form array, adding any required
1179
 * properties to each element and mapping the incoming input
1180 1181
 * data to the proper elements. Also, execute any #process handlers
 * attached to a specific element.
1182 1183
 *
 * @param $form_id
1184 1185
 *   A unique string identifying the form for validation, submission,
 *   theming, and hook_form_alter functions.
1186 1187
 * @param $element
 *   An associative array containing the structure of the current element.
1188 1189 1190 1191 1192
 * @param $form_state
 *   A keyed array containing the current state of the form. In this
 *   context, it is used to accumulate information about which button
 *   was clicked when the form was submitted, as well as the sanitized
 *   $_POST data.
1193
 */
1194
function form_builder($form_id, $element, &$form_state) {
1195
  // Initialize as unprocessed.
1196
  $element['#processed'] = FALSE;
1197

1198
  // Use element defaults.
1199
  if (isset($element['#type']) && ($info = element_info($element['#type']))) {
1200 1201 1202 1203
    // Overlay $info onto $element, retaining preexisting keys in $element.
    $element += $info;
    $element['#defaults_loaded'] = TRUE;
  }
1204 1205 1206 1207
  // Assign basic defaults common for all form elements.
  $element += array(
    '#required' => FALSE,
    '#attributes' => array(),
1208
    '#title_display' => 'before',
1209
  );
1210 1211 1212

  // Special handling if we're on the top level form element.
  if (isset($element['#type']) && $element['#type'] == 'form') {
1213
    if (!empty($element['#https']) && variable_get('https', FALSE) &&
1214
        !url_is_external($element['#action'])) {
1215 1216 1217 1218 1219 1220
      global $base_root;

      // Not an external URL so ensure that it is secure.
      $element['#action'] = str_replace('http://', 'https://', $base_root) . $element['#action'];
    }

1221 1222 1223 1224 1225 1226 1227 1228 1229 1230
    // Store a complete copy of the form in form_state prior to building the form.
    $form_state['complete form'] = $element;
    // Set a flag if we have a correct form submission. This is always TRUE for
    // programmed forms coming from drupal_form_submit(), or if the form_id coming
    // from the POST data is set and matches the current form_id.
    if ($form_state['programmed'] || (!empty($form_state['input']) && (isset($form_state['input']['form_id']) && ($form_state['input']['form_id'] == $form_id)))) {
      $form_state['process_input'] = TRUE;
    }
    else {
      $form_state['process_input'] = FALSE;
1231
    }