diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
index 7c6f05a3af..9cc86bded2 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
@@ -97,6 +97,7 @@
+
%templating.helper.form.resources%
diff --git a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
index 3a66602498..084381aa1e 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
@@ -15,6 +15,7 @@ use Symfony\Component\Templating\Helper\Helper;
use Symfony\Component\Templating\EngineInterface;
use Symfony\Component\Form\FormView;
use Symfony\Component\Form\Exception\FormException;
+use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\Util\FormUtil;
/**
@@ -27,6 +28,8 @@ class FormHelper extends Helper
{
protected $engine;
+ protected $csrfProvider;
+
protected $varStack;
protected $context;
@@ -38,14 +41,16 @@ class FormHelper extends Helper
protected $templates;
/**
- * Constructor;
+ * Constructor.
*
- * @param EngineInterface $engine The templating engine
- * @param array $resources An array of theme name
+ * @param EngineInterface $engine The templating engine
+ * @param CsrfProviderInterface $csrfProvider The CSRF provider
+ * @param array $resources An array of theme names
*/
- public function __construct(EngineInterface $engine, array $resources)
+ public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
{
$this->engine = $engine;
+ $this->csrfProvider = $csrfProvider;
$this->resources = $resources;
$this->varStack = array();
$this->context = array();
@@ -172,6 +177,34 @@ class FormHelper extends Helper
return $this->renderSection($view, 'rest', $variables);
}
+ /**
+ * Returns a CSRF token.
+ *
+ * Use this helper for CSRF protection without the overhead of creating a
+ * form.
+ *
+ *
+ * echo $view['form']->csrfToken('rm_user_'.$user->getId());
+ *
+ *
+ * Check the token in your action using the same intention.
+ *
+ *
+ * $csrfProvider = $this->get('form.csrf_provider');
+ * if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) {
+ * throw new \RuntimeException('CSRF attack detected.');
+ * }
+ *
+ *
+ * @param string $intention The intention of the protected action
+ *
+ * @return string A CSRF token
+ */
+ public function csrfToken($intention)
+ {
+ return $this->csrfProvider->generateCsrfToken($intention);
+ }
+
/**
* Renders a template.
*
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
index 01b0bc614e..7955f418ff 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperDivLayoutTest.php
@@ -37,7 +37,7 @@ class FormHelperDivLayoutTest extends AbstractDivLayoutTest
$loader = new FilesystemLoader(array());
$engine = new PhpEngine($templateNameParser, $loader);
- $this->helper = new FormHelper($engine, array('FrameworkBundle:Form'));
+ $this->helper = new FormHelper($engine, $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array('FrameworkBundle:Form'));
$engine->setHelpers(array(
$this->helper,
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
index be209444ed..da2223135c 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/Templating/Helper/FormHelperTableLayoutTest.php
@@ -37,7 +37,7 @@ class FormHelperTableLayoutTest extends AbstractTableLayoutTest
$loader = new FilesystemLoader(array());
$engine = new PhpEngine($templateNameParser, $loader);
- $this->helper = new FormHelper($engine, array(
+ $this->helper = new FormHelper($engine, $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
'FrameworkBundle:Form',
'FrameworkBundle:FormTable'
));