diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php index 336cf04756..c42a88904e 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php +++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php @@ -76,7 +76,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension ->addEventSubscriber(new CsrfValidationListener( $options['csrf_field_name'], $options['csrf_provider'], - $options['intention'], + $options['intention'] ?: $builder->getName(), $options['csrf_message'], $this->translator, $this->translationDomain @@ -95,7 +95,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension { if ($options['csrf_protection'] && !$view->parent && $options['compound']) { $factory = $form->getConfig()->getAttribute('csrf_factory'); - $data = $options['csrf_provider']->generateCsrfToken($options['intention']); + $data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName()); $csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array( 'mapped' => false, @@ -115,7 +115,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension 'csrf_field_name' => $this->defaultFieldName, 'csrf_provider' => $this->defaultCsrfProvider, 'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.', - 'intention' => 'unknown', + 'intention' => null, )); } diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php index 0a1f0dc481..1fa5667871 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php @@ -140,6 +140,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase $this->assertEquals('token', $view['csrf']->vars['value']); } + public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault() + { + $this->csrfProvider->expects($this->once()) + ->method('generateCsrfToken') + ->with('FORM_NAME') + ->will($this->returnValue('token')); + + $view = $this->factory + ->createNamed('FORM_NAME', 'form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'compound' => true, + )) + ->createView(); + + $this->assertEquals('token', $view['csrf']->vars['value']); + } + public function provideBoolean() { return array( @@ -180,6 +198,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase $this->assertSame($valid, $form->isValid()); } + /** + * @dataProvider provideBoolean + */ + public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid) + { + $this->csrfProvider->expects($this->once()) + ->method('isCsrfTokenValid') + ->with('FORM_NAME', 'token') + ->will($this->returnValue($valid)); + + $form = $this->factory + ->createNamedBuilder('FORM_NAME', 'form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'compound' => true, + )) + ->add('child', 'text') + ->getForm(); + + $form->submit(array( + 'child' => 'foobar', + 'csrf' => 'token', + )); + + // Remove token from data + $this->assertSame(array('child' => 'foobar'), $form->getData()); + + // Validate accordingly + $this->assertSame($valid, $form->isValid()); + } + public function testFailIfRootAndCompoundAndTokenMissing() { $this->csrfProvider->expects($this->never())