diff options
| author | David Rothstein <drothstein@gmail.com> | 2014-01-15 14:46:48 -0500 |
|---|---|---|
| committer | David Rothstein <drothstein@gmail.com> | 2014-01-15 14:46:48 -0500 |
| commit | fd710c02edfce294919a82a7e456c3d6b652c7fc (patch) | |
| tree | 21f4cf47168bfd751e7333eed301a484b0af7bcd /includes/form.inc | |
| parent | 1687e382ea7faae78ffd0f316569bd3c41a05c9b (diff) | |
| parent | dc791ec5839b52c7616bf66993122aa9a1336384 (diff) | |
| download | brdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.gz brdo-fd710c02edfce294919a82a7e456c3d6b652c7fc.tar.bz2 | |
Merge tag '7.26' into 7.x
7.26 release
Conflicts:
CHANGELOG.txt
includes/bootstrap.inc
Diffstat (limited to 'includes/form.inc')
| -rw-r--r-- | includes/form.inc | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/includes/form.inc b/includes/form.inc index fcfc79653..4e467bab3 100644 --- a/includes/form.inc +++ b/includes/form.inc @@ -235,6 +235,12 @@ function drupal_get_form($form_id) { * likely to occur during Ajax operations. * - programmed: If TRUE, the form was submitted programmatically, usually * invoked via drupal_form_submit(). Defaults to FALSE. + * - programmed_bypass_access_check: If TRUE, programmatic form submissions + * are processed without taking #access into account. Set this to FALSE + * when submitting a form programmatically with values that may have been + * input by the user executing the current request; this will cause #access + * to be respected as it would on a normal form submission. Defaults to + * TRUE. * - process_input: Boolean flag. TRUE signifies correct form submission. * This is always TRUE for programmed forms coming from drupal_form_submit() * (see 'programmed' key), or if the form_id coming from the $_POST data is @@ -402,6 +408,7 @@ function form_state_defaults() { 'submitted' => FALSE, 'executed' => FALSE, 'programmed' => FALSE, + 'programmed_bypass_access_check' => TRUE, 'cache'=> FALSE, 'method' => 'post', 'groups' => array(), @@ -1985,7 +1992,7 @@ function _form_builder_handle_input_element($form_id, &$element, &$form_state) { // #access=FALSE on an element usually allow access for some users, so forms // submitted with drupal_form_submit() may bypass access restriction and be // treated as high-privilege users instead. - $process_input = empty($element['#disabled']) && ($form_state['programmed'] || ($form_state['process_input'] && (!isset($element['#access']) || $element['#access']))); + $process_input = empty($element['#disabled']) && (($form_state['programmed'] && $form_state['programmed_bypass_access_check']) || ($form_state['process_input'] && (!isset($element['#access']) || $element['#access']))); // Set the element's #value property. if (!isset($element['#value']) && !array_key_exists('#value', $element)) { |