handle disabled csrf protection in the PHP templating form helper
This commit is contained in:
parent
fbbea2f369
commit
2a998e01b9
@ -97,7 +97,7 @@
|
|||||||
<service id="templating.helper.form" class="%templating.helper.form.class%">
|
<service id="templating.helper.form" class="%templating.helper.form.class%">
|
||||||
<tag name="templating.helper" alias="form" />
|
<tag name="templating.helper" alias="form" />
|
||||||
<argument type="service" id="templating.engine.php" />
|
<argument type="service" id="templating.engine.php" />
|
||||||
<argument type="service" id="form.csrf_provider" />
|
<argument type="service" id="form.csrf_provider" on-invalid="null" />
|
||||||
<argument>%templating.helper.form.resources%</argument>
|
<argument>%templating.helper.form.resources%</argument>
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ class FormHelper extends Helper
|
|||||||
* @param CsrfProviderInterface $csrfProvider The CSRF provider
|
* @param CsrfProviderInterface $csrfProvider The CSRF provider
|
||||||
* @param array $resources An array of theme names
|
* @param array $resources An array of theme names
|
||||||
*/
|
*/
|
||||||
public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
|
public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider = null, array $resources = array())
|
||||||
{
|
{
|
||||||
$this->engine = $engine;
|
$this->engine = $engine;
|
||||||
$this->csrfProvider = $csrfProvider;
|
$this->csrfProvider = $csrfProvider;
|
||||||
@ -202,6 +202,10 @@ class FormHelper extends Helper
|
|||||||
*/
|
*/
|
||||||
public function csrfToken($intention)
|
public function csrfToken($intention)
|
||||||
{
|
{
|
||||||
|
if (! $this->csrfProvider instanceof CsrfProviderInterface) {
|
||||||
|
throw new \BadMethodCallException('CSRF token can only be generated if the "form.csrf_provider" service is available');
|
||||||
|
}
|
||||||
|
|
||||||
return $this->csrfProvider->generateCsrfToken($intention);
|
return $this->csrfProvider->generateCsrfToken($intention);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user