protected function FormBuilder::valueCallableIsSafe

protected FormBuilder::valueCallableIsSafe(callable $value_callable)

Helper function to normalize the different callable formats.

Parameters

callable $value_callable: The callable to be checked.

Return value

bool TRUE if the callable is safe even if the CSRF token is invalid, FALSE otherwise.

File

core/lib/Drupal/Core/Form/FormBuilder.php, line 1129

Class

FormBuilder: Provides form building and processing.

Namespace

Drupal\Core\Form

Code

protected function valueCallableIsSafe(callable $value_callable) {
  // The same static class method callable may be formatted in two array and
  // two string forms:
  // ['\Classname', 'methodname']
  // ['Classname', 'methodname']
  // '\Classname::methodname'
  // 'Classname::methodname'
  if (is_callable($value_callable, FALSE, $callable_name)) {
    // The third parameter of is_callable() is set to a string form, but we
    // still have to normalize further by stripping a leading '\'.
    return in_array(ltrim($callable_name, '\\'), $this->safeCoreValueCallables);
  }
  return FALSE;
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Form!FormBuilder.php/function/FormBuilder::valueCallableIsSafe/8.1.x