[Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether
This commit is contained in:
parent
2e9278993c
commit
05f1481c6a
@ -159,9 +159,11 @@ class FrameworkExtension extends Extension
|
|||||||
*/
|
*/
|
||||||
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
|
private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
|
||||||
{
|
{
|
||||||
// FIXME: those are not used
|
$container
|
||||||
$container->setParameter('form.csrf_protection.field_name', $config['field_name']);
|
->getDefinition('form.type_extension.csrf')
|
||||||
$container->setParameter('form.csrf_protection.enabled', $config['enabled']);
|
->replaceArgument(0, $config['enabled'])
|
||||||
|
->replaceArgument(1, $config['field_name'])
|
||||||
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -159,6 +159,8 @@
|
|||||||
</service>
|
</service>
|
||||||
<service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
|
<service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
|
||||||
<tag name="form.type_extension" alias="form" />
|
<tag name="form.type_extension" alias="form" />
|
||||||
|
<argument /> <!-- enabled -->
|
||||||
|
<argument /> <!-- field_name -->
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
</container>
|
</container>
|
||||||
|
@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase
|
|||||||
{
|
{
|
||||||
$container = $this->createContainerFromFile('full');
|
$container = $this->createContainerFromFile('full');
|
||||||
|
|
||||||
$this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
|
$def = $container->getDefinition('form.type_extension.csrf');
|
||||||
$this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
|
|
||||||
|
$this->assertTrue($def->getArgument(0));
|
||||||
|
$this->assertEquals('_csrf', $def->getArgument(1));
|
||||||
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
|
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder;
|
|||||||
|
|
||||||
class FormTypeCsrfExtension extends AbstractTypeExtension
|
class FormTypeCsrfExtension extends AbstractTypeExtension
|
||||||
{
|
{
|
||||||
|
private $enabled;
|
||||||
|
private $fieldName;
|
||||||
|
|
||||||
|
public function __construct($enabled = true, $fieldName = '_token')
|
||||||
|
{
|
||||||
|
$this->enabled = $enabled;
|
||||||
|
$this->fieldName = $fieldName;
|
||||||
|
}
|
||||||
|
|
||||||
public function buildForm(FormBuilder $builder, array $options)
|
public function buildForm(FormBuilder $builder, array $options)
|
||||||
{
|
{
|
||||||
if ($options['csrf_protection']) {
|
if ($options['csrf_protection']) {
|
||||||
@ -32,8 +41,8 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
|||||||
public function getDefaultOptions(array $options)
|
public function getDefaultOptions(array $options)
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
'csrf_protection' => true,
|
'csrf_protection' => $this->enabled,
|
||||||
'csrf_field_name' => '_token',
|
'csrf_field_name' => $this->fieldName,
|
||||||
'csrf_provider' => null,
|
'csrf_provider' => null,
|
||||||
'csrf_page_id' => get_class($this),
|
'csrf_page_id' => get_class($this),
|
||||||
);
|
);
|
||||||
|
Reference in New Issue
Block a user