diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether

Browse Source
This commit is contained in:
Fabien Potencier 2011-04-28 11:28:44 +02:00
parent 2e9278993c
commit 05f1481c6a
4 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
View File

@ -159,9 +159,11 @@ class FrameworkExtension extends Extension
*/ */
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container) private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
{ {
// FIXME: those are not used $container
$container->setParameter('form.csrf_protection.field_name', $config['field_name']); ->getDefinition('form.type_extension.csrf')
$container->setParameter('form.csrf_protection.enabled', $config['enabled']); ->replaceArgument(0, $config['enabled'])
->replaceArgument(1, $config['field_name'])
;
} }
/** /**

2
src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml
View File

@ -159,6 +159,8 @@
</service> </service>
<service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension"> <service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
<tag name="form.type_extension" alias="form" /> <tag name="form.type_extension" alias="form" />
<argument /> <!-- enabled -->
<argument /> <!-- field_name -->
</service> </service>
</services> </services>
</container> </container>

6
src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
View File

@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase
{ {
$container = $this->createContainerFromFile('full'); $container = $this->createContainerFromFile('full');
$this->assertTrue($container->getParameter('form.csrf_protection.enabled')); $def = $container->getDefinition('form.type_extension.csrf');
$this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
$this->assertTrue($def->getArgument(0));
$this->assertEquals('_csrf', $def->getArgument(1));
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1))); $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
} }

13
src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
View File

@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder;
class FormTypeCsrfExtension extends AbstractTypeExtension class FormTypeCsrfExtension extends AbstractTypeExtension
{ {
private $enabled;
private $fieldName;
public function __construct($enabled = true, $fieldName = '_token')
{
$this->enabled = $enabled;
$this->fieldName = $fieldName;
}
public function buildForm(FormBuilder $builder, array $options) public function buildForm(FormBuilder $builder, array $options)
{ {
if ($options['csrf_protection']) { if ($options['csrf_protection']) {
@ -32,8 +41,8 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
public function getDefaultOptions(array $options) public function getDefaultOptions(array $options)
{ {
return array( return array(
'csrf_protection' => true, 'csrf_protection' => $this->enabled,
'csrf_field_name' => '_token', 'csrf_field_name' => $this->fieldName,
'csrf_provider' => null, 'csrf_provider' => null,
'csrf_page_id' => get_class($this), 'csrf_page_id' => get_class($this),
); );