This PR was squashed before being merged into the master branch (closes#5838).
Commits
-------
201f3e6 [Form] Fixed cannot unset string offsets in CsrfValidationListener
Discussion
----------
[Form] Fixed cannot unset string offsets in CsrfValidationListener
Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
License of the code: MIT
Documentation PR: -
A php fatal error is happening when someone rewrite the entire form data for an object with a single input.
```
Fatal error: Cannot unset string offsets in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 72
```
Example:
```html
<form action="/app_dev.php/post/create" method="post" >
<div id="posttype">
<div>
<label for="posttype_name" class="required">Name</label>
<input type="text" id="posttype_name" name="posttype[name]" required="required" maxlength="255" />
</div>
<div>
<label for="posttype_text" class="required">Text</label>
<textarea id="posttype_text" name="posttype[text]" required="required"></textarea>
</div>
<input type="hidden" id="posttype__token" name="posttype[_token]" value="83a1617c694fbdea43c2527f1a55c7419ce82a42" /></div>
<p>
<button type="submit">Create</button>
</p>
</form>
```
If someone alters the html to add a simple input at the bottom of the form like this one:
```html
<input type="text" id="posttype" name="posttype" value="test123" />
```
The result will be a php fatal error.
---------------------------------------------------------------------------
by bschussek at 2012-10-26T09:49:05Z
Thank you for the pull request! Could you please reference the pull request in the test?
```php
// https://github.com/symfony/symfony/pull/5838
public function testStringFormData()
{
...
```
---------------------------------------------------------------------------
by jfcixmedia at 2012-10-26T10:21:29Z
@bschussek Added, thanks.
Commits
-------
6d94f3e Ensure there is a session before getting the session id
Discussion
----------
[Form] Ensure there is a session before getting the session id
Solves "The CSRF token is invalid. Please try to resubmit the form" error when a form is generated before the session is started.
---------------------------------------------------------------------------
by fabpot at 2012-07-09T10:23:32Z
Adding a CSRF token only makes sense if you are on a page with a "user". If not (and if you don't use HTTP auth or whatever), then there is no need for a CSRF token.
---------------------------------------------------------------------------
by frosas at 2012-07-09T14:42:40Z
This PR doesn't change any logic on whether a CSRF token is added or not, it just fixes a bug when a token is requested.
CSRF fields are now only added when the view is built. For this reason we already know if
the form is the root form and avoid to create unnecessary CSRF fields for nested fields.
Commits
-------
cde34fd [Form] Throwing an AlreadyBoundException in `add`, `remove`, `setParent`, `bind` and `setData` if called on a bound form
Discussion
----------
[Form] Throwing an AlreadyBoundException in `add`, `remove`, `setParent`, `bind` and `setData` if called on a bound form
Bug fix: yes
Feature addition: no
Backwards compatibility break: **yes**
Symfony2 tests pass: yes
Fixes the following tickets: -
Todo: -
The above mentioned methods now throw an exception because when invoked on a bound form they might cause strange side effects. You should rely on event listeners instead of modifying bound forms.
See also #3022
With implementations of this interface, existing types can be amended.
The Csrf extension, for example, now contains a class FormTypeCsrfExtension
that adds CSRF capabilities to the "form" type.
To register new type extensions in the DIC, tag them with "form.type_extension"
and the name of the extended type as alias.
The extension classes are now the only constructor argument of the FormFactory class. They replace the existing "type loader" classes.
new FormFactory(array(
new CoreExtension($validator, $storage),
new CsrfExtension($csrfProvider),
new DoctrineOrmExtension($em),
));
Together with a few upcoming commits this mechanism will make
* extension of the form framework in bundles and
* usage of the forms outside of Symfony2
much easier.
