merged branch lsmith77/form_helper_csrf_off (PR #3174)
Commits -------cc31a15tweaked the exception message3a1699ahandle disaled csrf protection in the Twig FormExtension2a998e0handle disabled csrf protection in the PHP templating form helper Discussion ---------- handle disabled csrf protection in the PHP templating form helper Bug fix: yes Feature addition: no Backwards compatibility break: no Symfony2 tests pass:  Fixes the following tickets: - --------------------------------------------------------------------------- by fabpot at 2012-01-23T17:00:31Z The same should be done for Twig, no? --------------------------------------------------------------------------- by lsmith77 at 2012-01-23T17:04:24Z hmm i guess so .. will apply the change there too .. once someone tells me how to format that ``instanceof`` check :) --------------------------------------------------------------------------- by lsmith77 at 2012-01-23T17:07:11Z updated the ``FormExtension`` too --------------------------------------------------------------------------- by lsmith77 at 2012-01-23T21:28:52Z hopefully all ready to go now .. --------------------------------------------------------------------------- by lsmith77 at 2012-01-24T08:12:38Z @fabpot: don't want to rush you .. but if this could be merged soon, it would make my life easier :)
This commit is contained in:
Fabien Potencier
commit
d8541abf71
@ -33,7 +33,7 @@ class FormExtension extends \Twig_Extension
|
||||
protected $varStack;
|
||||
protected $template;
|
||||
|
||||
public function __construct(CsrfProviderInterface $csrfProvider, array $resources = array())
|
||||
public function __construct(CsrfProviderInterface $csrfProvider = null, array $resources = array())
|
||||
{
|
||||
$this->csrfProvider = $csrfProvider;
|
||||
$this->themes = new \SplObjectStorage();
|
||||
@ -298,6 +298,10 @@ class FormExtension extends \Twig_Extension
|
||||
*/
|
||||
public function getCsrfToken($intention)
|
||||
{
|
||||
if (!$this->csrfProvider instanceof CsrfProviderInterface) {
|
||||
throw new \BadMethodCallException('CSRF token can only be generated if a CsrfProviderInterface is injected in the constructor.');
|
||||
}
|
||||
|
||||
return $this->csrfProvider->generateCsrfToken($intention);
|
||||
}
|
||||
|
||||
|
||||
@ -97,7 +97,7 @@
|
||||
<service id="templating.helper.form" class="%templating.helper.form.class%">
|
||||
<tag name="templating.helper" alias="form" />
|
||||
<argument type="service" id="templating.engine.php" />
|
||||
<argument type="service" id="form.csrf_provider" />
|
||||
<argument type="service" id="form.csrf_provider" on-invalid="null" />
|
||||
<argument>%templating.helper.form.resources%</argument>
|
||||
</service>
|
||||
|
||||
|
||||
@ -47,7 +47,7 @@ class FormHelper extends Helper
|
||||
* @param CsrfProviderInterface $csrfProvider The CSRF provider
|
||||
* @param array $resources An array of theme names
|
||||
*/
|
||||
public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
|
||||
public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider = null, array $resources = array())
|
||||
{
|
||||
$this->engine = $engine;
|
||||
$this->csrfProvider = $csrfProvider;
|
||||
@ -202,6 +202,10 @@ class FormHelper extends Helper
|
||||
*/
|
||||
public function csrfToken($intention)
|
||||
{
|
||||
if (!$this->csrfProvider instanceof CsrfProviderInterface) {
|
||||
throw new \BadMethodCallException('CSRF token can only be generated if a CsrfProviderInterface is injected in the constructor.');
|
||||
}
|
||||
|
||||
return $this->csrfProvider->generateCsrfToken($intention);
|
||||
}
|
||||
|
||||
|
||||
@ -75,7 +75,7 @@
|
||||
|
||||
<service id="twig.extension.form" class="%twig.extension.form.class%" public="false">
|
||||
<tag name="twig.extension" />
|
||||
<argument type="service" id="form.csrf_provider" />
|
||||
<argument type="service" id="form.csrf_provider" on-invalid="null" />
|
||||
<argument>%twig.form.resources%</argument>
|
||||
</service>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user