From 05f1481c6a22b531ddc049ef6b63b8827c4e19cd Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Thu, 28 Apr 2011 11:28:44 +0200 Subject: [PATCH] [Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether --- .../FrameworkExtension.php | 8 +++++--- .../FrameworkBundle/Resources/config/form.xml | 2 ++ .../FrameworkExtensionTest.php | 6 ++++-- .../Csrf/Type/FormTypeCsrfExtension.php | 19 ++++++++++++++----- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index ab51ecada0..ca9ff6ca35 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -159,9 +159,11 @@ class FrameworkExtension extends Extension */ private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container) { - // FIXME: those are not used - $container->setParameter('form.csrf_protection.field_name', $config['field_name']); - $container->setParameter('form.csrf_protection.enabled', $config['enabled']); + $container + ->getDefinition('form.type_extension.csrf') + ->replaceArgument(0, $config['enabled']) + ->replaceArgument(1, $config['field_name']) + ; } /** diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml index 7b2b4b7731..90357c46eb 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml +++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml @@ -159,6 +159,8 @@ + + diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php index 41b8ff83ef..6f3382b464 100644 --- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php +++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php @@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase { $container = $this->createContainerFromFile('full'); - $this->assertTrue($container->getParameter('form.csrf_protection.enabled')); - $this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name')); + $def = $container->getDefinition('form.type_extension.csrf'); + + $this->assertTrue($def->getArgument(0)); + $this->assertEquals('_csrf', $def->getArgument(1)); $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1))); } diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php index b2aa52acc0..19fd2e0119 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php +++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php @@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder; class FormTypeCsrfExtension extends AbstractTypeExtension { + private $enabled; + private $fieldName; + + public function __construct($enabled = true, $fieldName = '_token') + { + $this->enabled = $enabled; + $this->fieldName = $fieldName; + } + public function buildForm(FormBuilder $builder, array $options) { if ($options['csrf_protection']) { @@ -32,10 +41,10 @@ class FormTypeCsrfExtension extends AbstractTypeExtension public function getDefaultOptions(array $options) { return array( - 'csrf_protection' => true, - 'csrf_field_name' => '_token', - 'csrf_provider' => null, - 'csrf_page_id' => get_class($this), + 'csrf_protection' => $this->enabled, + 'csrf_field_name' => $this->fieldName, + 'csrf_provider' => null, + 'csrf_page_id' => get_class($this), ); } @@ -43,4 +52,4 @@ class FormTypeCsrfExtension extends AbstractTypeExtension { return 'form'; } -} \ No newline at end of file +}