Commit 8c22ddf5 authored by alexpott's avatar alexpott

Issue #2699489 by catch, tim.plunkett: FormBuilder $ajax_form_request check...

Issue #2699489 by catch, tim.plunkett: FormBuilder $ajax_form_request check does not check which AJAX form is being requested
parent db7834de
......@@ -316,7 +316,7 @@ public function buildForm($form_id, FormStateInterface &$form_state) {
// In case the post request exceeds the configured allowed size
// (post_max_size), the post request is potentially broken. Add some
// protection against that and at the same time have a nice error message.
if ($ajax_form_request && !isset($form_state->getUserInput()['form_id'])) {
if ($ajax_form_request && !$request->request->has('form_id')) {
throw new BrokenPostRequestException($this->getFileUploadMaxSize());
}
......@@ -327,7 +327,9 @@ public function buildForm($form_id, FormStateInterface &$form_state) {
// then passed through
// \Drupal\Core\Form\FormAjaxResponseBuilderInterface::buildResponse() to
// build a proper AJAX response.
if ($ajax_form_request && $form_state->isProcessingInput()) {
// Only do this when the form ID matches, since there is no guarantee from
// $ajax_form_request that it's an AJAX request for this particular form.
if ($ajax_form_request && $form_state->isProcessingInput() && $request->request->get('form_id') == $form_id) {
throw new FormAjaxException($form, $form_state);
}
......
......@@ -568,6 +568,29 @@ public function testExceededFileSize() {
$this->formBuilder->buildForm($form_arg, $form_state);
}
/**
* @covers ::buildForm
*/
public function testGetPostAjaxRequest() {
$request = new Request([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE], ['form_id' => 'different_form_id']);
$request->setMethod('POST');
$this->requestStack->push($request);
$form_state = (new FormState())
->setUserInput([FormBuilderInterface::AJAX_FORM_REQUEST => TRUE])
->setMethod('get')
->setAlwaysProcess()
->disableRedirect()
->set('ajax', TRUE);
$form_id = '\Drupal\Tests\Core\Form\TestForm';
$expected_form = (new TestForm())->buildForm([], $form_state);
$form = $this->formBuilder->buildForm($form_id, $form_state);
$this->assertFormElement($expected_form, $form, 'test');
$this->assertSame('test-form', $form['#id']);
}
/**
* @covers ::buildForm
*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment