diff --git a/Classes/Core/Runtime/FormRuntime.php b/Classes/Core/Runtime/FormRuntime.php index e74c5d5..d0047da 100644 --- a/Classes/Core/Runtime/FormRuntime.php +++ b/Classes/Core/Runtime/FormRuntime.php @@ -167,7 +167,7 @@ public function initializeObject() $this->initializeFormStateFromRequest(); $this->initializeCurrentPageFromRequest(); - if (!$this->isFirstRequest() && $this->getRequest()->getHttpRequest()->getMethod() === 'POST') { + if (!$this->isFirstRequest()) { $this->processSubmittedFormValues(); } } diff --git a/Tests/Functional/SimpleFormTest.php b/Tests/Functional/SimpleFormTest.php index ac8a5d8..4d6b693 100644 --- a/Tests/Functional/SimpleFormTest.php +++ b/Tests/Functional/SimpleFormTest.php @@ -80,6 +80,30 @@ public function goingForthAndBackStoresFormValuesOfSecondPageAndTriggersValidati $this->assertSame('', $form['--three-page-form-with-validation']['text3-1']->getValue()); } + /** + * @test + * Thanks to Anian Weber for reporting that issue! + */ + public function validationIsNotSkippedForGetRequests() + { + $this->browser->request('http://localhost/test/form/simpleform/ThreePageFormWithValidation'); + + // Navigate to 2nd form page + $this->gotoNextFormPage($this->browser->getForm()); + + $form = $this->browser->getForm(); + // Change form method to "GET" + ObjectAccess::setProperty($form, 'method', 'GET', true); + + // Set invalid value (field "text2-1" has an IntegerValidator assigned) + $form['--three-page-form-with-validation']['text2-1']->setValue('My Text on the second page'); + + // Submit form + $this->gotoNextFormPage($form); + + // Expect validation errors + $this->assertSame(' error', $this->browser->getCrawler()->filterXPath('//*[contains(@class,"error")]//input[@id="three-page-form-with-validation-text2-1"]')->attr('class')); + } /** * This is an edge-case which occurs if somebody makes the formState persistent, which can happen when subclassing the FormRuntime. @@ -93,6 +117,7 @@ public function goingForthAndBackStoresFormValuesOfSecondPageAndTriggersValidati */ public function goingForthAndBackStoresFormValuesOfSecondPageEvenWhenSecondPageIsManuallyCalledAsGetRequest() { + $this->markTestSkipped('This test is skipped because we no longer allow Form validators to be skipped, see https://github.com/neos/form/security/advisories/GHSA-m5vx-8chx-qvmm'); // 1. TEST SETUP: FORM STATE PREPARATION // - go to the 2nd page of the form, and fill in text2-1. $this->browser->request('http://localhost/test/form/simpleform/ThreePageFormWithValidation');