2 files changed, 50 insertions, 0 deletions

diff --git a/modules/simpletest/tests/form.test b/modules/simpletest/tests/form.test
index 2cba9863a..fb46d94e5 100644
--- a/modules/simpletest/tests/form.test
+++ b/modules/simpletest/tests/form.test
@@ -207,6 +207,19 @@ class FormsTestCase extends DrupalWebTestCase {
       }
     }
   }
+
+  /**
+   * Test Form API protections against input forgery.
+   *
+   * @see _form_test_input_forgery()
+   */
+  function testInputForgery() {
+    $this->drupalGet('form-test/input-forgery');
+    $checkbox = $this->xpath('//input[@name="checkboxes[two]"]');
+    $checkbox[0]['value'] = 'FORGERY';
+    $this->drupalPost(NULL, array('checkboxes[one]' => TRUE, 'checkboxes[two]' => TRUE), t('Submit'));
+    $this->assertText('An illegal choice has been detected.', t('Input forgery was detected.'));
+  }
 }
 
 /**
diff --git a/modules/simpletest/tests/form_test.module b/modules/simpletest/tests/form_test.module
index 94d10faee..6a1cb3258 100644
--- a/modules/simpletest/tests/form_test.module
+++ b/modules/simpletest/tests/form_test.module
@@ -101,6 +101,14 @@ function form_test_menu() {
     'type' => MENU_CALLBACK,
   );
 
+  $items['form-test/input-forgery'] = array(
+    'title' => t('Form test'),
+    'page callback' => 'drupal_get_form',
+    'page arguments' => array('_form_test_input_forgery'),
+    'access callback' => TRUE,
+    'type' => MENU_CALLBACK,
+  );
+
   $items['form-test/form-rebuild-preserve-values'] = array(
     'title' => 'Form values preservation during rebuild test',
     'page callback' => 'drupal_get_form',
@@ -861,6 +869,35 @@ function _form_test_disabled_elements_submit($form, &$form_state) {
 }
 
 /**
+ * Build a form to test input forgery of enabled elements.
+ */
+function _form_test_input_forgery($form, &$form_state) {
+  // For testing that a user can't submit a value not matching one of the
+  // allowed options.
+  $form['checkboxes'] = array(
+    '#type' => 'checkboxes',
+    '#options' => array(
+      'one' => 'One',
+      'two' => 'Two',
+    ),
+  );
+
+  $form['submit'] = array(
+    '#type' => 'submit',
+    '#value' => t('Submit'),
+  );
+  return $form;
+}
+
+/**
+ * Return the form values via JSON.
+ */
+function _form_test_input_forgery_submit($form, &$form_state) {
+  drupal_json_output($form_state['values']);
+  exit();
+}
+
+/**
  * Form builder for testing preservation of values during a rebuild.
  */
 function form_test_form_rebuild_preserve_values_form($form, &$form_state) {