diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Form] CSRF token is now only validated for root form

Browse Source
This commit is contained in:
Bernhard Schussek 2011-03-25 00:09:23 +01:00
parent 4372bd5dc8
commit d2b07058f4
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/Symfony/Component/Form/Type/CsrfType.php
View File

@ -34,9 +34,10 @@ class CsrfType extends AbstractType
$builder $builder
->setData($csrfProvider->generateCsrfToken($pageId)) ->setData($csrfProvider->generateCsrfToken($pageId))
->addValidator(new CallbackValidator( ->addValidator(new CallbackValidator(
function (FormInterface $field) use ($csrfProvider, $pageId) { function (FormInterface $form) use ($csrfProvider, $pageId) {
if (!$csrfProvider->isCsrfTokenValid($pageId, $field->getData())) { if ($form->hasParent() && $form->getParent()->isRoot()
$field->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form')); && !$csrfProvider->isCsrfTokenValid($pageId, $form->getData())) {
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
} }
} }
)); ));