[FrameworkBundle] added $view['form']->csrfToken() helper
This commit is contained in:
parent
e1aced89fd
commit
753c06761a
@ -97,6 +97,7 @@
|
|||||||
<service id="templating.helper.form" class="%templating.helper.form.class%">
|
<service id="templating.helper.form" class="%templating.helper.form.class%">
|
||||||
<tag name="templating.helper" alias="form" />
|
<tag name="templating.helper" alias="form" />
|
||||||
<argument type="service" id="templating.engine.php" />
|
<argument type="service" id="templating.engine.php" />
|
||||||
|
<argument type="service" id="form.csrf_provider" />
|
||||||
<argument>%templating.helper.form.resources%</argument>
|
<argument>%templating.helper.form.resources%</argument>
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
|
@ -15,6 +15,7 @@ use Symfony\Component\Templating\Helper\Helper;
|
|||||||
use Symfony\Component\Templating\EngineInterface;
|
use Symfony\Component\Templating\EngineInterface;
|
||||||
use Symfony\Component\Form\FormView;
|
use Symfony\Component\Form\FormView;
|
||||||
use Symfony\Component\Form\Exception\FormException;
|
use Symfony\Component\Form\Exception\FormException;
|
||||||
|
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
|
||||||
use Symfony\Component\Form\Util\FormUtil;
|
use Symfony\Component\Form\Util\FormUtil;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -27,6 +28,8 @@ class FormHelper extends Helper
|
|||||||
{
|
{
|
||||||
protected $engine;
|
protected $engine;
|
||||||
|
|
||||||
|
protected $csrfProvider;
|
||||||
|
|
||||||
protected $varStack;
|
protected $varStack;
|
||||||
|
|
||||||
protected $context;
|
protected $context;
|
||||||
@ -38,14 +41,16 @@ class FormHelper extends Helper
|
|||||||
protected $templates;
|
protected $templates;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor;
|
* Constructor.
|
||||||
*
|
*
|
||||||
* @param EngineInterface $engine The templating engine
|
* @param EngineInterface $engine The templating engine
|
||||||
* @param array $resources An array of theme name
|
* @param CsrfProviderInterface $csrfProvider The CSRF provider
|
||||||
|
* @param array $resources An array of theme names
|
||||||
*/
|
*/
|
||||||
public function __construct(EngineInterface $engine, array $resources)
|
public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
|
||||||
{
|
{
|
||||||
$this->engine = $engine;
|
$this->engine = $engine;
|
||||||
|
$this->csrfProvider = $csrfProvider;
|
||||||
$this->resources = $resources;
|
$this->resources = $resources;
|
||||||
$this->varStack = array();
|
$this->varStack = array();
|
||||||
$this->context = array();
|
$this->context = array();
|
||||||
@ -172,6 +177,34 @@ class FormHelper extends Helper
|
|||||||
return $this->renderSection($view, 'rest', $variables);
|
return $this->renderSection($view, 'rest', $variables);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a CSRF token.
|
||||||
|
*
|
||||||
|
* Use this helper for CSRF protection without the overhead of creating a
|
||||||
|
* form.
|
||||||
|
*
|
||||||
|
* <code>
|
||||||
|
* echo $view['form']->csrfToken('rm_user_'.$user->getId());
|
||||||
|
* </code>
|
||||||
|
*
|
||||||
|
* Check the token in your action using the same intention.
|
||||||
|
*
|
||||||
|
* <code>
|
||||||
|
* $csrfProvider = $this->get('form.csrf_provider');
|
||||||
|
* if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) {
|
||||||
|
* throw new \RuntimeException('CSRF attack detected.');
|
||||||
|
* }
|
||||||
|
* </code>
|
||||||
|
*
|
||||||
|
* @param string $intention The intention of the protected action
|
||||||
|
*
|
||||||
|
* @return string A CSRF token
|
||||||
|
*/
|
||||||
|
public function csrfToken($intention)
|
||||||
|
{
|
||||||
|
return $this->csrfProvider->generateCsrfToken($intention);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Renders a template.
|
* Renders a template.
|
||||||
*
|
*
|
||||||
|
@ -37,7 +37,7 @@ class FormHelperDivLayoutTest extends AbstractDivLayoutTest
|
|||||||
$loader = new FilesystemLoader(array());
|
$loader = new FilesystemLoader(array());
|
||||||
$engine = new PhpEngine($templateNameParser, $loader);
|
$engine = new PhpEngine($templateNameParser, $loader);
|
||||||
|
|
||||||
$this->helper = new FormHelper($engine, array('FrameworkBundle:Form'));
|
$this->helper = new FormHelper($engine, $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array('FrameworkBundle:Form'));
|
||||||
|
|
||||||
$engine->setHelpers(array(
|
$engine->setHelpers(array(
|
||||||
$this->helper,
|
$this->helper,
|
||||||
|
@ -37,7 +37,7 @@ class FormHelperTableLayoutTest extends AbstractTableLayoutTest
|
|||||||
$loader = new FilesystemLoader(array());
|
$loader = new FilesystemLoader(array());
|
||||||
$engine = new PhpEngine($templateNameParser, $loader);
|
$engine = new PhpEngine($templateNameParser, $loader);
|
||||||
|
|
||||||
$this->helper = new FormHelper($engine, array(
|
$this->helper = new FormHelper($engine, $this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
|
||||||
'FrameworkBundle:Form',
|
'FrameworkBundle:Form',
|
||||||
'FrameworkBundle:FormTable'
|
'FrameworkBundle:FormTable'
|
||||||
));
|
));
|
||||||
|
Reference in New Issue
Block a user