[Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether
This commit is contained in:
parent
2e9278993c
commit
05f1481c6a
@ -159,9 +159,11 @@ class FrameworkExtension extends Extension
|
||||
*/
|
||||
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
|
||||
{
|
||||
// FIXME: those are not used
|
||||
$container->setParameter('form.csrf_protection.field_name', $config['field_name']);
|
||||
$container->setParameter('form.csrf_protection.enabled', $config['enabled']);
|
||||
$container
|
||||
->getDefinition('form.type_extension.csrf')
|
||||
->replaceArgument(0, $config['enabled'])
|
||||
->replaceArgument(1, $config['field_name'])
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -159,6 +159,8 @@
|
||||
</service>
|
||||
<service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
|
||||
<tag name="form.type_extension" alias="form" />
|
||||
<argument /> <!-- enabled -->
|
||||
<argument /> <!-- field_name -->
|
||||
</service>
|
||||
</services>
|
||||
</container>
|
||||
|
@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase
|
||||
{
|
||||
$container = $this->createContainerFromFile('full');
|
||||
|
||||
$this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
|
||||
$this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
|
||||
$def = $container->getDefinition('form.type_extension.csrf');
|
||||
|
||||
$this->assertTrue($def->getArgument(0));
|
||||
$this->assertEquals('_csrf', $def->getArgument(1));
|
||||
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
|
||||
}
|
||||
|
||||
|
@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder;
|
||||
|
||||
class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
{
|
||||
private $enabled;
|
||||
private $fieldName;
|
||||
|
||||
public function __construct($enabled = true, $fieldName = '_token')
|
||||
{
|
||||
$this->enabled = $enabled;
|
||||
$this->fieldName = $fieldName;
|
||||
}
|
||||
|
||||
public function buildForm(FormBuilder $builder, array $options)
|
||||
{
|
||||
if ($options['csrf_protection']) {
|
||||
@ -32,10 +41,10 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
public function getDefaultOptions(array $options)
|
||||
{
|
||||
return array(
|
||||
'csrf_protection' => true,
|
||||
'csrf_field_name' => '_token',
|
||||
'csrf_provider' => null,
|
||||
'csrf_page_id' => get_class($this),
|
||||
'csrf_protection' => $this->enabled,
|
||||
'csrf_field_name' => $this->fieldName,
|
||||
'csrf_provider' => null,
|
||||
'csrf_page_id' => get_class($this),
|
||||
);
|
||||
}
|
||||
|
||||
@ -43,4 +52,4 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||
{
|
||||
return 'form';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user