Merge branch 'fix-csrf-default-2.3' into fix-csrf-default-2.4
Conflicts: src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php
This commit is contained in:
commit
6400bd1d0f
@ -86,7 +86,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
|||||||
->addEventSubscriber(new CsrfValidationListener(
|
->addEventSubscriber(new CsrfValidationListener(
|
||||||
$options['csrf_field_name'],
|
$options['csrf_field_name'],
|
||||||
$options['csrf_token_manager'],
|
$options['csrf_token_manager'],
|
||||||
$options['csrf_token_id'],
|
$options['csrf_token_id'] ?: $builder->getName(),
|
||||||
$options['csrf_message'],
|
$options['csrf_message'],
|
||||||
$this->translator,
|
$this->translator,
|
||||||
$this->translationDomain
|
$this->translationDomain
|
||||||
@ -105,7 +105,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
|||||||
{
|
{
|
||||||
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
|
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
|
||||||
$factory = $form->getConfig()->getFormFactory();
|
$factory = $form->getConfig()->getFormFactory();
|
||||||
$data = (string) $options['csrf_token_manager']->getToken($options['csrf_token_id']);
|
$data = (string) $options['csrf_token_manager']->getToken($options['csrf_token_id'] ?: $form->getName());
|
||||||
|
|
||||||
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
|
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
|
||||||
'mapped' => false,
|
'mapped' => false,
|
||||||
@ -139,7 +139,7 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
|
|||||||
'csrf_token_manager' => $csrfTokenManager,
|
'csrf_token_manager' => $csrfTokenManager,
|
||||||
'csrf_token_id' => $csrfTokenId,
|
'csrf_token_id' => $csrfTokenId,
|
||||||
'csrf_provider' => new CsrfTokenManagerAdapter($this->defaultTokenManager),
|
'csrf_provider' => new CsrfTokenManagerAdapter($this->defaultTokenManager),
|
||||||
'intention' => 'unknown',
|
'intention' => null,
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -141,6 +141,24 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
|||||||
$this->assertEquals('token', $view['csrf']->vars['value']);
|
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
|
||||||
|
{
|
||||||
|
$this->tokenManager->expects($this->once())
|
||||||
|
->method('getToken')
|
||||||
|
->with('FORM_NAME')
|
||||||
|
->will($this->returnValue('token'));
|
||||||
|
|
||||||
|
$view = $this->factory
|
||||||
|
->createNamed('FORM_NAME', 'form', null, array(
|
||||||
|
'csrf_field_name' => 'csrf',
|
||||||
|
'csrf_token_manager' => $this->tokenManager,
|
||||||
|
'compound' => true,
|
||||||
|
))
|
||||||
|
->createView();
|
||||||
|
|
||||||
|
$this->assertEquals('token', $view['csrf']->vars['value']);
|
||||||
|
}
|
||||||
|
|
||||||
public function provideBoolean()
|
public function provideBoolean()
|
||||||
{
|
{
|
||||||
return array(
|
return array(
|
||||||
@ -181,6 +199,37 @@ class FormTypeCsrfExtensionTest extends TypeTestCase
|
|||||||
$this->assertSame($valid, $form->isValid());
|
$this->assertSame($valid, $form->isValid());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @dataProvider provideBoolean
|
||||||
|
*/
|
||||||
|
public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
|
||||||
|
{
|
||||||
|
$this->tokenManager->expects($this->once())
|
||||||
|
->method('isTokenValid')
|
||||||
|
->with(new CsrfToken('FORM_NAME', 'token'))
|
||||||
|
->will($this->returnValue($valid));
|
||||||
|
|
||||||
|
$form = $this->factory
|
||||||
|
->createNamedBuilder('FORM_NAME', 'form', null, array(
|
||||||
|
'csrf_field_name' => 'csrf',
|
||||||
|
'csrf_token_manager' => $this->tokenManager,
|
||||||
|
'compound' => true,
|
||||||
|
))
|
||||||
|
->add('child', 'text')
|
||||||
|
->getForm();
|
||||||
|
|
||||||
|
$form->submit(array(
|
||||||
|
'child' => 'foobar',
|
||||||
|
'csrf' => 'token',
|
||||||
|
));
|
||||||
|
|
||||||
|
// Remove token from data
|
||||||
|
$this->assertSame(array('child' => 'foobar'), $form->getData());
|
||||||
|
|
||||||
|
// Validate accordingly
|
||||||
|
$this->assertSame($valid, $form->isValid());
|
||||||
|
}
|
||||||
|
|
||||||
public function testFailIfRootAndCompoundAndTokenMissing()
|
public function testFailIfRootAndCompoundAndTokenMissing()
|
||||||
{
|
{
|
||||||
$this->tokenManager->expects($this->never())
|
$this->tokenManager->expects($this->never())
|
||||||
|
Reference in New Issue
Block a user