diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Twig] added {{ csrf_token() }} helper

Browse Source
This commit is contained in:
Kris Wallsmith 2012-01-10 04:55:48 -08:00
parent 009e6d739e
commit e1aced89fd
4 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/Symfony/Bridge/Twig/Extension/FormExtension.php
View File

@ -14,6 +14,7 @@ namespace Symfony\Bridge\Twig\Extension;
use Symfony\Bridge\Twig\TokenParser\FormThemeTokenParser;
use Symfony\Component\Form\FormView;
use Symfony\Component\Form\Exception\FormException;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\Util\FormUtil;
/**
@ -24,6 +25,7 @@ use Symfony\Component\Form\Util\FormUtil;
*/
class FormExtension extends \Twig_Extension
{
protected $csrfProvider;
protected $resources;
protected $blocks;
protected $environment;
@ -31,8 +33,9 @@ class FormExtension extends \Twig_Extension
protected $varStack;
protected $template;
public function __construct(array $resources = array())
public function __construct(CsrfProviderInterface $csrfProvider, array $resources = array())
{
$this->csrfProvider = $csrfProvider;
$this->themes = new \SplObjectStorage();
$this->varStack = array();
$this->blocks = new \SplObjectStorage();
@ -81,6 +84,7 @@ class FormExtension extends \Twig_Extension
'form_label' => new \Twig_Function_Method($this, 'renderLabel', array('is_safe' => array('html'))),
'form_row' => new \Twig_Function_Method($this, 'renderRow', array('is_safe' => array('html'))),
'form_rest' => new \Twig_Function_Method($this, 'renderRest', array('is_safe' => array('html'))),
'csrf_token' => new \Twig_Function_Method($this, 'getCsrfToken'),
'_form_is_choice_group' => new \Twig_Function_Method($this, 'isChoiceGroup', array('is_safe' => array('html'))),
'_form_is_choice_selected' => new \Twig_Function_Method($this, 'isChoiceSelected', array('is_safe' => array('html'))),
);
@ -269,6 +273,34 @@ class FormExtension extends \Twig_Extension
));
}
/**
* Returns a CSRF token.
*
* Use this helper for CSRF protection without the overhead of creating a
* form.
*
* <code>
* <input type="hidden" name="token" value="{{ csrf_token('rm_user_' ~ user.id) }}">
* </code>
*
* Check the token in your action using the same intention.
*
* <code>
* $csrfProvider = $this->get('form.csrf_provider');
* if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) {
* throw new \RuntimeException('CSRF attack detected.');
* }
* </code>
*
* @param string $intention The intention of the protected action
*
* @return string A CSRF token
*/
public function getCsrfToken($intention)
{
return $this->csrfProvider->generateCsrfToken($intention);
}
/**
* Returns the name of the extension.
*

1
src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
View File

@ -75,6 +75,7 @@
<service id="twig.extension.form" class="%twig.extension.form.class%" public="false">
<tag name="twig.extension" />
<argument type="service" id="form.csrf_provider" />
<argument>%twig.form.resources%</argument>
</service>

2
tests/Symfony/Tests/Bridge/Twig/Extension/FormExtensionDivLayoutTest.php
View File

@ -38,7 +38,7 @@ class FormExtensionDivLayoutTest extends AbstractDivLayoutTest
__DIR__,
));
$this->extension = new FormExtension(array(
$this->extension = new FormExtension($this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
'form_div_layout.html.twig',
'custom_widgets.html.twig',
));

2
tests/Symfony/Tests/Bridge/Twig/Extension/FormExtensionTableLayoutTest.php
View File

@ -38,7 +38,7 @@ class FormExtensionTableLayoutTest extends AbstractTableLayoutTest
__DIR__,
));
$this->extension = new FormExtension(array(
$this->extension = new FormExtension($this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
'form_table_layout.html.twig',
'custom_widgets.html.twig',
));