handle disabled csrf protection in the PHP templating form helper

2012-01-23 17:49:28 +01:00 · 2012-01-23 17:49:28 +01:00 · 2a998e01b9
commit 2a998e01b9
parent fbbea2f369
2 changed files with 6 additions and 2 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
@ -97,7 +97,7 @@
        <service id="templating.helper.form" class="%templating.helper.form.class%">
            <tag name="templating.helper" alias="form" />
            <argument type="service" id="templating.engine.php" />
-            <argument type="service" id="form.csrf_provider" />
+            <argument type="service" id="form.csrf_provider" on-invalid="null" />
            <argument>%templating.helper.form.resources%</argument>
        </service>

--- a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
@ -47,7 +47,7 @@ class FormHelper extends Helper
     * @param CsrfProviderInterface $csrfProvider The CSRF provider
     * @param array                 $resources    An array of theme names
     */
-    public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
+    public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider = null, array $resources = array())
    {
        $this->engine = $engine;
        $this->csrfProvider = $csrfProvider;
@ -202,6 +202,10 @@ class FormHelper extends Helper
     */
    public function csrfToken($intention)
    {
+        if (! $this->csrfProvider instanceof CsrfProviderInterface) {
+            throw new \BadMethodCallException('CSRF token can only be generated if the "form.csrf_provider" service is available');
+        }
+
        return $this->csrfProvider->generateCsrfToken($intention);
    }