[Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether

2011-04-28 11:28:44 +02:00 · 2011-04-28 11:28:44 +02:00 · 05f1481c6a
commit 05f1481c6a
parent 2e9278993c
4 changed files with 25 additions and 10 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@ -159,9 +159,11 @@ class FrameworkExtension extends Extension
     */
    private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
    {
-        // FIXME: those are not used
-        $container->setParameter('form.csrf_protection.field_name', $config['field_name']);
-        $container->setParameter('form.csrf_protection.enabled', $config['enabled']);
+        $container
+            ->getDefinition('form.type_extension.csrf')
+            ->replaceArgument(0, $config['enabled'])
+            ->replaceArgument(1, $config['field_name'])
+        ;
    }

    /**
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
@ -159,6 +159,8 @@
        </service>
        <service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
            <tag name="form.type_extension" alias="form" />
+            <argument /> <!-- enabled -->
+            <argument /> <!-- field_name -->
        </service>
    </services>
 </container>
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase
    {
        $container = $this->createContainerFromFile('full');

-        $this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
-        $this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
+        $def = $container->getDefinition('form.type_extension.csrf');
+
+        $this->assertTrue($def->getArgument(0));
+        $this->assertEquals('_csrf', $def->getArgument(1));
        $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
    }

--- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
+++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder;

 class FormTypeCsrfExtension extends AbstractTypeExtension
 {
+    private $enabled;
+    private $fieldName;
+
+    public function __construct($enabled = true, $fieldName = '_token')
+    {
+        $this->enabled = $enabled;
+        $this->fieldName = $fieldName;
+    }
+
    public function buildForm(FormBuilder $builder, array $options)
    {
        if ($options['csrf_protection']) {
@ -32,10 +41,10 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
    public function getDefaultOptions(array $options)
    {
        return array(
-            'csrf_protection' => true,
-            'csrf_field_name' => '_token',
-            'csrf_provider' => null,
-            'csrf_page_id' => get_class($this),
+            'csrf_protection' => $this->enabled,
+            'csrf_field_name' => $this->fieldName,
+            'csrf_provider'   => null,
+            'csrf_page_id'    => get_class($this),
        );
    }

@ -43,4 +52,4 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
    {
        return 'form';
    }
-}
+}