FormBuilder::valueCallableIsSafe

protected FormBuilder::valueCallableIsSafe(callable $value_callable)

Helper function to normalize the different callable formats.

Parameters

callable $value_callable: The callable to be checked.

Return value

bool TRUE if the callable is safe even if the CSRF token is invalid, FALSE otherwise.

File

core/lib/Drupal/Core/Form/FormBuilder.php, line 1131

Class

FormBuilder: Provides form building and processing.

Namespace

Drupal\Core\Form

Code

protected function valueCallableIsSafe(callable $value_callable) {
  // The same static class method callable may be formatted in two array and
  // two string forms:
  // ['\Classname', 'methodname']
  // ['Classname', 'methodname']
  // '\Classname::methodname'
  // 'Classname::methodname'
  if (is_callable($value_callable, FALSE, $callable_name)) {
    // The third parameter of is_callable() is set to a string form, but we
    // still have to normalize further by stripping a leading '\'.
    return in_array(ltrim($callable_name, '\\'), $this->safeCoreValueCallables);
  }
  return FALSE;
}

Links:

https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Form%21FormBuilder.php/function/FormBuilder%3A%3AvalueCallableIsSafe/8.2.x

doc_Drupal

2025-01-10 15:47:30

Comments