Commit 6d0ba6bf authored by webchick's avatar webchick

Issue #2143349 by larowlan: Submitting a form as an anonymous user when...

Issue #2143349 by larowlan: Submitting a form as an anonymous user when $form['#token'] = FALSE results in a notice.
parent 447d8c21
......@@ -591,6 +591,11 @@ public function processForm($form_id, &$form, &$form_state) {
// Only process the input if we have a correct form submission.
if ($form_state['process_input']) {
// Form constructors may explicitly set #token to FALSE when cross site
// request forgery is irrelevant to the form, such as search forms.
if (isset($form['#token']) && $form['#token'] === FALSE) {
unset($form['#token']);
}
$this->validateForm($form_id, $form, $form_state);
// drupal_html_id() maintains a cache of element IDs it has seen, so it
......
......@@ -216,6 +216,9 @@ private function formSubmitHelper($form, $edit) {
$form_state = form_state_defaults();
$form['op'] = array('#type' => 'submit', '#value' => t('Submit'));
// The form token CSRF protection should not interfere with this test, so we
// bypass it by setting the token to FALSE.
$form['#token'] = FALSE;
$form_state['input'] = $edit;
$form_state['input']['form_id'] = $form_id;
......@@ -224,10 +227,6 @@ private function formSubmitHelper($form, $edit) {
drupal_process_form($form_id, $form, $form_state);
// The form token CSRF protection should not interfere with this test, so we
// bypass it by marking this test form as programmed.
$form_state['programmed'] = TRUE;
$errors = form_get_errors($form_state);
// Clear errors and messages.
......
......@@ -111,8 +111,8 @@ function testRequiredFields() {
$form_state['input']['form_id'] = $form_id;
$form_state['method'] = 'post';
// The form token CSRF protection should not interfere with this test,
// so we bypass it by marking this test form as programmed.
$form_state['programmed'] = TRUE;
// so we bypass it by setting the token to FALSE.
$form['#token'] = FALSE;
drupal_prepare_form($form_id, $form, $form_state);
drupal_process_form($form_id, $form, $form_state);
$errors = form_get_errors($form_state);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment