diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #9328 [2.3][Form] Changed FormTypeCsrfExtension to use the form's name as default intention (bschussek)

Browse Source 
This PR was merged into the 2.3 branch.

Discussion
----------

[2.3][Form] Changed FormTypeCsrfExtension to use the form's name as default intention

Equivalent of #9327, merged into 2.3.

Commits
-------

c4abe83 Merge branch 'fix-csrf-default-2.2' into fix-csrf-default-2.3
b07c618 [Form] Changed FormTypeCsrfExtension to use the form's name as default intention
This commit is contained in:
Fabien Potencier 2013-10-17 23:24:37 +02:00
commit 408769ead1
2 changed files with 52 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
View File

@ -76,7 +76,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
->addEventSubscriber(new CsrfValidationListener(
$options['csrf_field_name'],
$options['csrf_provider'],
$options['intention'],
$options['intention'] ?: $builder->getName(),
$options['csrf_message'],
$this->translator,
$this->translationDomain
@ -95,7 +95,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
{
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
$factory = $form->getConfig()->getAttribute('csrf_factory');
$data = $options['csrf_provider']->generateCsrfToken($options['intention']);
$data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
'mapped' => false,
@ -115,7 +115,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
'csrf_field_name' => $this->defaultFieldName,
'csrf_provider' => $this->defaultCsrfProvider,
'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
'intention' => 'unknown',
'intention' => null,
));
}

49
src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
View File

@ -140,6 +140,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
$this->assertEquals('token', $view['csrf']->vars['value']);
}
public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
{
$this->csrfProvider->expects($this->once())
->method('generateCsrfToken')
->with('FORM_NAME')
->will($this->returnValue('token'));
$view = $this->factory
->createNamed('FORM_NAME', 'form', null, array(
'csrf_field_name' => 'csrf',
'csrf_provider' => $this->csrfProvider,
'compound' => true,
))
->createView();
$this->assertEquals('token', $view['csrf']->vars['value']);
}
public function provideBoolean()
{
return array(
@ -180,6 +198,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
$this->assertSame($valid, $form->isValid());
}
/**
* @dataProvider provideBoolean
*/
public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
{
$this->csrfProvider->expects($this->once())
->method('isCsrfTokenValid')
->with('FORM_NAME', 'token')
->will($this->returnValue($valid));
$form = $this->factory
->createNamedBuilder('FORM_NAME', 'form', null, array(
'csrf_field_name' => 'csrf',
'csrf_provider' => $this->csrfProvider,
'compound' => true,
))
->add('child', 'text')
->getForm();
$form->submit(array(
'child' => 'foobar',
'csrf' => 'token',
));
// Remove token from data
$this->assertSame(array('child' => 'foobar'), $form->getData());
// Validate accordingly
$this->assertSame($valid, $form->isValid());
}
public function testFailIfRootAndCompoundAndTokenMissing()
{
$this->csrfProvider->expects($this->never())