moved static Form configuration to a new class (avoid loading 7 classes just to enable CSRF -- even when no form is present in the page)

2010-11-25 09:30:18 +01:00 · 2010-11-25 09:30:18 +01:00 · 1e983a6115
commit 1e983a6115
parent dfe8bb9fef
4 changed files with 126 additions and 97 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
+++ b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@ -3,7 +3,7 @@
 namespace Symfony\Bundle\FrameworkBundle;

 use Symfony\Component\HttpKernel\Bundle\Bundle;
-use Symfony\Component\Form\Form;
+use Symfony\Component\Form\FormConfiguration;

 /*
 * This file is part of the Symfony framework.
@ -29,10 +29,9 @@ class FrameworkBundle extends Bundle
        if ($this->container->has('error_handler')) {
            $this->container->get('error_handler');
        }
-
        if ($this->container->hasParameter('csrf_secret')) {
-            Form::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
-            Form::enableDefaultCsrfProtection();
+            FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
+            FormConfiguration::enableDefaultCsrfProtection();
        }
    }
 }
--- a/src/Symfony/Component/Form/Form.php
+++ b/src/Symfony/Component/Form/Form.php
@ -29,11 +29,6 @@ use Symfony\Component\Validator\ValidatorInterface;
 */
 class Form extends FieldGroup
 {
-    protected static $defaultCsrfSecret = null;
-    protected static $defaultCsrfProtection = false;
-    protected static $defaultCsrfFieldName = '_token';
-    protected static $defaultLocale = null;
-
    protected $validator = null;
    protected $validationGroups = null;

@ -54,12 +49,12 @@ class Form extends FieldGroup

        $this->setData($data);

-        if (self::$defaultCsrfProtection !== false) {
+        if (FormConfiguration::isDefaultCsrfProtectionEnabled()) {
            $this->enableCsrfProtection();
        }

-        if (self::$defaultLocale !== null) {
-            $this->setLocale(self::$defaultLocale);
+        if (FormConfiguration::getDefaultLocale() !== null) {
+            $this->setLocale(FormConfiguration::getDefaultLocale());
        }

        parent::__construct($name, $options);
@ -85,26 +80,6 @@ class Form extends FieldGroup
        return $this->validationGroups;
    }

-    /**
-     * Sets the default locale for newly created forms.
-     *
-     * @param string $defaultLocale
-     */
-    static public function setDefaultLocale($defaultLocale)
-    {
-        self::$defaultLocale = $defaultLocale;
-    }
-
-    /**
-     * Returns the default locale for newly created forms.
-     *
-     * @return string
-     */
-    static public function getDefaultLocale()
-    {
-        return self::$defaultLocale;
-    }
-
    /**
     * Binds the form with values and files.
     *
@ -198,12 +173,12 @@ class Form extends FieldGroup
    {
        if (!$this->isCsrfProtected()) {
            if ($csrfFieldName === null) {
-                $csrfFieldName = self::$defaultCsrfFieldName;
+                $csrfFieldName = FormConfiguration::getDefaultCsrfFieldName();
            }

            if ($csrfSecret === null) {
-                if (self::$defaultCsrfSecret !== null) {
-                    $csrfSecret = self::$defaultCsrfSecret;
+                if (FormConfiguration::getDefaultCsrfSecret() !== null) {
+                    $csrfSecret = FormConfiguration::getDefaultCsrfSecret();
                } else {
                    $csrfSecret = md5(__FILE__.php_uname());
                }
@ -267,62 +242,6 @@ class Form extends FieldGroup
        }
    }

-    /**
-     * Enables CSRF protection for all new forms
-     */
-    static public function enableDefaultCsrfProtection()
-    {
-        self::$defaultCsrfProtection = true;
-    }
-
-    /**
-     * Disables Csrf protection for all forms.
-     */
-    static public function disableDefaultCsrfProtection()
-    {
-        self::$defaultCsrfProtection = false;
-    }
-
-    /**
-     * Sets the CSRF field name used in all new CSRF protected forms
-     *
-     * @param string $name The CSRF field name
-     */
-    static public function setDefaultCsrfFieldName($name)
-    {
-        self::$defaultCsrfFieldName = $name;
-    }
-
-    /**
-     * Returns the default CSRF field name
-     *
-     * @return string The CSRF field name
-     */
-    static public function getDefaultCsrfFieldName()
-    {
-        return self::$defaultCsrfFieldName;
-    }
-
-    /**
-     * Sets the CSRF secret used in all new CSRF protected forms
-     *
-     * @param string $secret
-     */
-    static public function setDefaultCsrfSecret($secret)
-    {
-        self::$defaultCsrfSecret = $secret;
-    }
-
-    /**
-     * Returns the default CSRF secret
-     *
-     * @return string
-     */
-    static public function getDefaultCsrfSecret()
-    {
-        return self::$defaultCsrfSecret;
-    }
-
    /**
     * Returns whether the maximum POST size was reached in this request.
     *
--- a/src/Symfony/Component/Form/FormConfiguration.php
+++ b/src/Symfony/Component/Form/FormConfiguration.php
@ -0,0 +1,110 @@
+<?php
+
+namespace Symfony\Component\Form;
+
+/*
+ * This file is part of the Symfony framework.
+ *
+ * (c) Fabien Potencier <fabien.potencier@symfony-project.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+/**
+ * FormConfiguration holds the default configuration for forms (CSRF, locale, ...).
+ *
+ * @author Fabien Potencier <fabien.potencier@symfony-project.com>
+ */
+class FormConfiguration
+{
+    protected static $defaultCsrfSecret = null;
+    protected static $defaultCsrfProtection = false;
+    protected static $defaultCsrfFieldName = '_token';
+
+    protected static $defaultLocale = null;
+
+    /**
+     * Sets the default locale for newly created forms.
+     *
+     * @param string $defaultLocale
+     */
+    static public function setDefaultLocale($defaultLocale)
+    {
+        self::$defaultLocale = $defaultLocale;
+    }
+
+    /**
+     * Returns the default locale for newly created forms.
+     *
+     * @return string
+     */
+    static public function getDefaultLocale()
+    {
+        return self::$defaultLocale;
+    }
+
+    /**
+     * Enables CSRF protection for all new forms
+     */
+    static public function enableDefaultCsrfProtection()
+    {
+        self::$defaultCsrfProtection = true;
+    }
+
+    /**
+     * Checks if Csrf protection for all forms is enabled.
+     */
+    static public function isDefaultCsrfProtectionEnabled()
+    {
+        return self::$defaultCsrfProtection;
+    }
+
+    /**
+     * Disables Csrf protection for all forms.
+     */
+    static public function disableDefaultCsrfProtection()
+    {
+        self::$defaultCsrfProtection = false;
+    }
+
+    /**
+     * Sets the CSRF field name used in all new CSRF protected forms
+     *
+     * @param string $name The CSRF field name
+     */
+    static public function setDefaultCsrfFieldName($name)
+    {
+        self::$defaultCsrfFieldName = $name;
+    }
+
+    /**
+     * Returns the default CSRF field name
+     *
+     * @return string The CSRF field name
+     */
+    static public function getDefaultCsrfFieldName()
+    {
+        return self::$defaultCsrfFieldName;
+    }
+
+    /**
+     * Sets the CSRF secret used in all new CSRF protected forms
+     *
+     * @param string $secret
+     */
+    static public function setDefaultCsrfSecret($secret)
+    {
+        self::$defaultCsrfSecret = $secret;
+    }
+
+    /**
+     * Returns the default CSRF secret
+     *
+     * @return string
+     */
+    static public function getDefaultCsrfSecret()
+    {
+        return self::$defaultCsrfSecret;
+    }
+}
--- a/tests/Symfony/Tests/Component/Form/FormTest.php
+++ b/tests/Symfony/Tests/Component/Form/FormTest.php
@ -6,6 +6,7 @@ require_once __DIR__ . '/Fixtures/Author.php';
 require_once __DIR__ . '/Fixtures/TestField.php';

 use Symfony\Component\Form\Form;
+use Symfony\Component\Form\FormConfiguration;
 use Symfony\Component\Form\Field;
 use Symfony\Component\Form\HiddenField;
 use Symfony\Component\Form\FieldGroup;
@ -58,8 +59,8 @@ class FormTest extends \PHPUnit_Framework_TestCase

    protected function setUp()
    {
-        Form::disableDefaultCsrfProtection();
-        Form::setDefaultCsrfSecret(null);
+        FormConfiguration::disableDefaultCsrfProtection();
+        FormConfiguration::setDefaultCsrfSecret(null);
        $this->validator = $this->createMockValidator();
        $this->form = new Form('author', new Author(), $this->validator);
    }
@ -96,7 +97,7 @@ class FormTest extends \PHPUnit_Framework_TestCase

    public function testDefaultCsrfProtectionCanBeEnabled()
    {
-        Form::enableDefaultCsrfProtection();
+        FormConfiguration::enableDefaultCsrfProtection();
        $form = new Form('author', new Author(), $this->validator);

        $this->assertTrue($form->isCsrfProtected());
@ -112,7 +113,7 @@ class FormTest extends \PHPUnit_Framework_TestCase

    public function testDefaultCsrfSecretCanBeSet()
    {
-        Form::setDefaultCsrfSecret('foobar');
+        FormConfiguration::setDefaultCsrfSecret('foobar');
        $form = new Form('author', new Author(), $this->validator);
        $form->enableCsrfProtection();

@ -121,7 +122,7 @@ class FormTest extends \PHPUnit_Framework_TestCase

    public function testDefaultCsrfFieldNameCanBeSet()
    {
-        Form::setDefaultCsrfFieldName('foobar');
+        FormConfiguration::setDefaultCsrfFieldName('foobar');
        $form = new Form('author', new Author(), $this->validator);
        $form->enableCsrfProtection();

@ -172,7 +173,7 @@ class FormTest extends \PHPUnit_Framework_TestCase

    public function testDefaultLocaleCanBeSet()
    {
-        Form::setDefaultLocale('de-DE-1996');
+        FormConfiguration::setDefaultLocale('de-DE-1996');
        $form = new Form('author', new Author(), $this->validator);

        $field = $this->getMock('Symfony\Component\Form\Field', array(), array(), '', false, false);