W3cubDocs

/Drupal 8

public function FormValidator::validateForm

public FormValidator::validateForm($form_id, &$form, FormStateInterface &$form_state)

Validates user-submitted form data in the $form_state.

Parameters

$form_id: A unique string identifying the form for validation, submission, theming, and hook_form_alter functions.

$form: An associative array containing the structure of the form, which is passed by reference. Form validation handlers are able to alter the form structure (like #process and #after_build callbacks during form building) in case of a validation error. If a validation handler alters the form structure, it is responsible for validating the values of changed form elements in $form_state->getValues() to prevent form submit handlers from receiving unvalidated values.

$form_state: The current state of the form. The current user-submitted data is stored in $form_state->getValues(), though form validation functions are passed an explicit copy of the values for the sake of simplicity. Validation handlers can also use $form_state to pass information on to submit handlers. For example: $form_state->set('data_for_submission', $data); This technique is useful when validation requires file parsing, web service requests, or other expensive requests that should not be repeated in the submission step.

Overrides FormValidatorInterface::validateForm

File

core/lib/Drupal/Core/Form/FormValidator.php, line 90

Class

FormValidator
Provides validation of form submissions.

Namespace

Drupal\Core\Form

Code

public function validateForm($form_id, &$form, FormStateInterface &$form_state) {
  // If this form is flagged to always validate, ensure that previous runs of
  // validation are ignored.
  if ($form_state->isValidationEnforced()) {
    $form_state->setValidationComplete(FALSE);
  }

  // If this form has completed validation, do not validate again.
  if ($form_state->isValidationComplete()) {
    return;
  }

  // If the session token was set by self::prepareForm(), ensure that it
  // matches the current user's session. This is duplicate to code in
  // FormBuilder::doBuildForm() but left to protect any custom form handling
  // code.
  if (isset($form['#token'])) {
    if (!$this->csrfToken->validate($form_state->getValue('form_token'), $form['#token']) || $form_state->hasInvalidToken()) {
      $this->setInvalidTokenError($form_state);

      // Stop here and don't run any further validation handlers, because they
      // could invoke non-safe operations which opens the door for CSRF
      // vulnerabilities.
      $this->finalizeValidation($form, $form_state, $form_id);
      return;
    }
  }

  // Recursively validate each form element.
  $this->doValidateForm($form, $form_state, $form_id);
  $this->finalizeValidation($form, $form_state, $form_id);
  $this->handleErrorsWithLimitedValidation($form, $form_state, $form_id);
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Form!FormValidator.php/function/FormValidator::validateForm/8.1.x