Verified Commit 077fd519 authored by Jess's avatar Jess
Browse files

SA-CORE-2022-008 by mxr576, xjm, effulgentsia, mxr576, larowlan

parent fe584346

core/lib/Drupal/Core/Form/FormBuilder.php

+1 −1
Original line number Diff line number Diff line
@@ -1217,7 +1217,7 @@ protected function handleInputElement($form_id, &$element, FormStateInterface &$ 
    // #access=FALSE on an element usually allow access for some users, so forms

    // submitted with self::submitForm() may bypass access restriction and be

    // treated as high-privilege users instead.

    $process_input = empty($element['#disabled']) && ($element['#type'] !== 'value') && (($form_state->isProgrammed() && $form_state->isBypassingProgrammedAccessChecks()) || ($form_state->isProcessingInput() && (!isset($element['#access']) || $element['#access'])));

    $process_input = empty($element['#disabled']) && !in_array($element['#type'], ['item', 'value'], TRUE) && (($form_state->isProgrammed() && $form_state->isBypassingProgrammedAccessChecks()) || ($form_state->isProcessingInput() && (!isset($element['#access']) || $element['#access'])));



    // Set the element's #value property.

    if (!isset($element['#value']) && !array_key_exists('#value', $element)) {