->isClicked() on disabled submit button incorrectly returns true #23759
Description
| Q | A |
|---|---|
| Bug report? | yes |
| Feature request? | no |
| BC Break report? | no |
| RFC? | no |
| Symfony version | 3.3.5 |
From the documentation of the 'disabled' option of a SubmitType:
"If you don't want a user to be able to click a button, you can set the disabled option to true. It will not be possible to submit the form with this button, not even when bypassing the browser and sending a request manually, for example with cURL."
That last part seems to be incorrect. When manually enabling a disabled button in the browser and submitting the form, calling isClicked() after that submit, will return true.
Code to reproduce in a Controller action:
$form = $this->createFormBuilder()
->add('someField', TextType::class)
->add('save', SubmitType::class, ['disabled' => true])
->getForm();
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
// Returns true as expected
var_dump($form->get('save')->isDisabled());
// Returns true, while expecting false
var_dump($form->get('save')->isClicked());
// Returns true, while expecting false
var_dump($form->get('save')->isSubmitted());
die();
}