moved static Form configuration to a new class (avoid loading 7 classes just to enable CSRF -- even when no form is present in the page)
This commit is contained in:
parent
dfe8bb9fef
commit
1e983a6115
@ -3,7 +3,7 @@
|
||||
namespace Symfony\Bundle\FrameworkBundle;
|
||||
|
||||
use Symfony\Component\HttpKernel\Bundle\Bundle;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Form\FormConfiguration;
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony framework.
|
||||
@ -29,10 +29,9 @@ class FrameworkBundle extends Bundle
|
||||
if ($this->container->has('error_handler')) {
|
||||
$this->container->get('error_handler');
|
||||
}
|
||||
|
||||
if ($this->container->hasParameter('csrf_secret')) {
|
||||
Form::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
|
||||
Form::enableDefaultCsrfProtection();
|
||||
FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
|
||||
FormConfiguration::enableDefaultCsrfProtection();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -29,11 +29,6 @@ use Symfony\Component\Validator\ValidatorInterface;
|
||||
*/
|
||||
class Form extends FieldGroup
|
||||
{
|
||||
protected static $defaultCsrfSecret = null;
|
||||
protected static $defaultCsrfProtection = false;
|
||||
protected static $defaultCsrfFieldName = '_token';
|
||||
protected static $defaultLocale = null;
|
||||
|
||||
protected $validator = null;
|
||||
protected $validationGroups = null;
|
||||
|
||||
@ -54,12 +49,12 @@ class Form extends FieldGroup
|
||||
|
||||
$this->setData($data);
|
||||
|
||||
if (self::$defaultCsrfProtection !== false) {
|
||||
if (FormConfiguration::isDefaultCsrfProtectionEnabled()) {
|
||||
$this->enableCsrfProtection();
|
||||
}
|
||||
|
||||
if (self::$defaultLocale !== null) {
|
||||
$this->setLocale(self::$defaultLocale);
|
||||
if (FormConfiguration::getDefaultLocale() !== null) {
|
||||
$this->setLocale(FormConfiguration::getDefaultLocale());
|
||||
}
|
||||
|
||||
parent::__construct($name, $options);
|
||||
@ -85,26 +80,6 @@ class Form extends FieldGroup
|
||||
return $this->validationGroups;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the default locale for newly created forms.
|
||||
*
|
||||
* @param string $defaultLocale
|
||||
*/
|
||||
static public function setDefaultLocale($defaultLocale)
|
||||
{
|
||||
self::$defaultLocale = $defaultLocale;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default locale for newly created forms.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static public function getDefaultLocale()
|
||||
{
|
||||
return self::$defaultLocale;
|
||||
}
|
||||
|
||||
/**
|
||||
* Binds the form with values and files.
|
||||
*
|
||||
@ -198,12 +173,12 @@ class Form extends FieldGroup
|
||||
{
|
||||
if (!$this->isCsrfProtected()) {
|
||||
if ($csrfFieldName === null) {
|
||||
$csrfFieldName = self::$defaultCsrfFieldName;
|
||||
$csrfFieldName = FormConfiguration::getDefaultCsrfFieldName();
|
||||
}
|
||||
|
||||
if ($csrfSecret === null) {
|
||||
if (self::$defaultCsrfSecret !== null) {
|
||||
$csrfSecret = self::$defaultCsrfSecret;
|
||||
if (FormConfiguration::getDefaultCsrfSecret() !== null) {
|
||||
$csrfSecret = FormConfiguration::getDefaultCsrfSecret();
|
||||
} else {
|
||||
$csrfSecret = md5(__FILE__.php_uname());
|
||||
}
|
||||
@ -267,62 +242,6 @@ class Form extends FieldGroup
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Enables CSRF protection for all new forms
|
||||
*/
|
||||
static public function enableDefaultCsrfProtection()
|
||||
{
|
||||
self::$defaultCsrfProtection = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disables Csrf protection for all forms.
|
||||
*/
|
||||
static public function disableDefaultCsrfProtection()
|
||||
{
|
||||
self::$defaultCsrfProtection = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the CSRF field name used in all new CSRF protected forms
|
||||
*
|
||||
* @param string $name The CSRF field name
|
||||
*/
|
||||
static public function setDefaultCsrfFieldName($name)
|
||||
{
|
||||
self::$defaultCsrfFieldName = $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default CSRF field name
|
||||
*
|
||||
* @return string The CSRF field name
|
||||
*/
|
||||
static public function getDefaultCsrfFieldName()
|
||||
{
|
||||
return self::$defaultCsrfFieldName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the CSRF secret used in all new CSRF protected forms
|
||||
*
|
||||
* @param string $secret
|
||||
*/
|
||||
static public function setDefaultCsrfSecret($secret)
|
||||
{
|
||||
self::$defaultCsrfSecret = $secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default CSRF secret
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static public function getDefaultCsrfSecret()
|
||||
{
|
||||
return self::$defaultCsrfSecret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the maximum POST size was reached in this request.
|
||||
*
|
||||
|
110
src/Symfony/Component/Form/FormConfiguration.php
Normal file
110
src/Symfony/Component/Form/FormConfiguration.php
Normal file
@ -0,0 +1,110 @@
|
||||
<?php
|
||||
|
||||
namespace Symfony\Component\Form;
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony framework.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien.potencier@symfony-project.com>
|
||||
*
|
||||
* This source file is subject to the MIT license that is bundled
|
||||
* with this source code in the file LICENSE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* FormConfiguration holds the default configuration for forms (CSRF, locale, ...).
|
||||
*
|
||||
* @author Fabien Potencier <fabien.potencier@symfony-project.com>
|
||||
*/
|
||||
class FormConfiguration
|
||||
{
|
||||
protected static $defaultCsrfSecret = null;
|
||||
protected static $defaultCsrfProtection = false;
|
||||
protected static $defaultCsrfFieldName = '_token';
|
||||
|
||||
protected static $defaultLocale = null;
|
||||
|
||||
/**
|
||||
* Sets the default locale for newly created forms.
|
||||
*
|
||||
* @param string $defaultLocale
|
||||
*/
|
||||
static public function setDefaultLocale($defaultLocale)
|
||||
{
|
||||
self::$defaultLocale = $defaultLocale;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default locale for newly created forms.
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static public function getDefaultLocale()
|
||||
{
|
||||
return self::$defaultLocale;
|
||||
}
|
||||
|
||||
/**
|
||||
* Enables CSRF protection for all new forms
|
||||
*/
|
||||
static public function enableDefaultCsrfProtection()
|
||||
{
|
||||
self::$defaultCsrfProtection = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if Csrf protection for all forms is enabled.
|
||||
*/
|
||||
static public function isDefaultCsrfProtectionEnabled()
|
||||
{
|
||||
return self::$defaultCsrfProtection;
|
||||
}
|
||||
|
||||
/**
|
||||
* Disables Csrf protection for all forms.
|
||||
*/
|
||||
static public function disableDefaultCsrfProtection()
|
||||
{
|
||||
self::$defaultCsrfProtection = false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the CSRF field name used in all new CSRF protected forms
|
||||
*
|
||||
* @param string $name The CSRF field name
|
||||
*/
|
||||
static public function setDefaultCsrfFieldName($name)
|
||||
{
|
||||
self::$defaultCsrfFieldName = $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default CSRF field name
|
||||
*
|
||||
* @return string The CSRF field name
|
||||
*/
|
||||
static public function getDefaultCsrfFieldName()
|
||||
{
|
||||
return self::$defaultCsrfFieldName;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the CSRF secret used in all new CSRF protected forms
|
||||
*
|
||||
* @param string $secret
|
||||
*/
|
||||
static public function setDefaultCsrfSecret($secret)
|
||||
{
|
||||
self::$defaultCsrfSecret = $secret;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the default CSRF secret
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
static public function getDefaultCsrfSecret()
|
||||
{
|
||||
return self::$defaultCsrfSecret;
|
||||
}
|
||||
}
|
@ -6,6 +6,7 @@ require_once __DIR__ . '/Fixtures/Author.php';
|
||||
require_once __DIR__ . '/Fixtures/TestField.php';
|
||||
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Form\FormConfiguration;
|
||||
use Symfony\Component\Form\Field;
|
||||
use Symfony\Component\Form\HiddenField;
|
||||
use Symfony\Component\Form\FieldGroup;
|
||||
@ -58,8 +59,8 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
Form::disableDefaultCsrfProtection();
|
||||
Form::setDefaultCsrfSecret(null);
|
||||
FormConfiguration::disableDefaultCsrfProtection();
|
||||
FormConfiguration::setDefaultCsrfSecret(null);
|
||||
$this->validator = $this->createMockValidator();
|
||||
$this->form = new Form('author', new Author(), $this->validator);
|
||||
}
|
||||
@ -96,7 +97,7 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
public function testDefaultCsrfProtectionCanBeEnabled()
|
||||
{
|
||||
Form::enableDefaultCsrfProtection();
|
||||
FormConfiguration::enableDefaultCsrfProtection();
|
||||
$form = new Form('author', new Author(), $this->validator);
|
||||
|
||||
$this->assertTrue($form->isCsrfProtected());
|
||||
@ -112,7 +113,7 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
public function testDefaultCsrfSecretCanBeSet()
|
||||
{
|
||||
Form::setDefaultCsrfSecret('foobar');
|
||||
FormConfiguration::setDefaultCsrfSecret('foobar');
|
||||
$form = new Form('author', new Author(), $this->validator);
|
||||
$form->enableCsrfProtection();
|
||||
|
||||
@ -121,7 +122,7 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
public function testDefaultCsrfFieldNameCanBeSet()
|
||||
{
|
||||
Form::setDefaultCsrfFieldName('foobar');
|
||||
FormConfiguration::setDefaultCsrfFieldName('foobar');
|
||||
$form = new Form('author', new Author(), $this->validator);
|
||||
$form->enableCsrfProtection();
|
||||
|
||||
@ -172,7 +173,7 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
public function testDefaultLocaleCanBeSet()
|
||||
{
|
||||
Form::setDefaultLocale('de-DE-1996');
|
||||
FormConfiguration::setDefaultLocale('de-DE-1996');
|
||||
$form = new Form('author', new Author(), $this->validator);
|
||||
|
||||
$field = $this->getMock('Symfony\Component\Form\Field', array(), array(), '', false, false);
|
||||
|
Reference in New Issue
Block a user