merged branch vicb/csrffix (PR #7060)

This PR was squashed before being merged into the 2.2 branch (closes #7060). Commits ------- f842ae6 [FrameworkBundle] CSRF should be on by default Discussion ---------- [FrameworkBundle] CSRF should be on by default --------------------------------------------------------------------------- by stof at 2013-02-13T11:27:32Z 👍 --------------------------------------------------------------------------- by vicb at 2013-02-15T08:54:39Z Oops seems like a file is missing... will update --------------------------------------------------------------------------- by vicb at 2013-02-15T09:04:13Z @fabpot the fix is fixed, ready to be merged ! --------------------------------------------------------------------------- by stloyd at 2013-02-15T09:05:24Z Shouldn't this be noted in upgrade/changelog file? It's kinda of BC break... --------------------------------------------------------------------------- by vicb at 2013-02-15T09:13:18Z don't fix so, this is something I did break a few weeks ago, just reverting to how it is supposed to work. --------------------------------------------------------------------------- by fabpot at 2013-02-15T09:49:21Z If you broke CSRF configuration, I suppose that you also broke form, ESI, framgents, translator, validator, and profiler configuration, no (see fde7585)? --------------------------------------------------------------------------- by vicb at 2013-02-15T09:51:51Z Hey @fabpot I am not that BAD :) "form, ESI, framgents, translator, validator, and profiler" are off by default. Only CSRF should be on by default.
2013-02-15 10:56:14 +01:00 · 2013-02-15 10:56:14 +01:00 · 83fc5ed98f
commit 83fc5ed98f
parent 5276a096a6 f842ae6d99
4 changed files with 15 additions and 2 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@ -94,7 +94,7 @@ class Configuration implements ConfigurationInterface
                    ->canBeEnabled()
                ->end()
                ->arrayNode('csrf_protection')
-                    ->canBeEnabled()
+                    ->canBeDisabled()
                    ->children()
                        ->scalarNode('field_name')->defaultValue('_token')->end()
                    ->end()
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@ -94,7 +94,7 @@ class ConfigurationTest extends \PHPUnit_Framework_TestCase
            'default_locale'      => 'en',
            'form'                => array('enabled' => false),
            'csrf_protection'     => array(
-                'enabled'    => false,
+                'enabled'    => true,
                'field_name' => '_token',
            ),
            'esi'                 => array('enabled' => false),
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml
@ -0,0 +1,6 @@
+framework:
+    secret: s3cr3t
+    form: ~
+    session: ~
+    # CSRF should be enabled by default
+    # csrf_protection: ~
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/YamlFrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/YamlFrameworkExtensionTest.php
@ -22,4 +22,11 @@ class YamlFrameworkExtensionTest extends FrameworkExtensionTest
        $loader = new YamlFileLoader($container, new FileLocator(__DIR__.'/Fixtures/yml'));
        $loader->load($file.'.yml');
    }
+
+    public function testCsrfProtectionShouldBeEnabledByDefault()
+    {
+        $container = $this->createContainerFromFile('csrf');
+
+        $this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
+    }
 }