10000 bug #9333 [2.2][Form] Improved FormTypeCsrfExtension to use the type … · symfony/symfony@2a637b1 · GitHub
[go: up one dir, main page]
Skip to content

Commit 2a637b1

Browse files
fabpotfabpot
committed
bug #9333 [2.2][Form] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty (bschussek)
This PR was merged into the 2.2 branch. Discussion ---------- [2.2][Form] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - ping @stof follow-up PR to #9327 Commits ------- 219e44d [Intl] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty
2 parents 4dbe623 + 219e44d commit 2a637b1

File tree

2 files changed

+52
-2
lines changed

2 files changed

+52
-2
lines changed

src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public function buildForm(FormBuilderInterface $builder, array $options)
5252
->addEventSubscriber(new CsrfValidationListener(
5353
$options['csrf_field_name'],
5454
$options['csrf_provider'],
55-
$options['intention'] ?: $builder->getName()
55+
$options['intention'] ?: ($builder->getName() ?: get_class($builder->getType()->getInnerType()))
5656
))
5757
;
5858
}
@@ -68,7 +68,8 @@ public function finishView(FormView $view, FormInterface $form, array $options)
6868
{
6969
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
7070
$factory = $form->getConfig()->getAttribute('csrf_factory');
71-
$data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
71+
$intention = $options['intention'] ?: ($form->getName() ?: get_class($form->getConfig()->getType()->getInnerType()));
72+
$data = $options['csrf_provider']->generateCsrfToken($intention);
7273

7374
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
7475
'mapped' => false,

src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -147,6 +147,24 @@ public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
147147
$this->assertEquals('token', $view['csrf']->vars['value']);
148148
}
149149

150+
public function testGenerateCsrfTokenUsesTypeClassAsIntentionIfEmptyFormName()
151+
{
152+
$this->csrfProvider->expects($this->once())
153+
->method('generateCsrfToken')
154+
->with('Symfony\Component\Form\Extension\Core\Type\FormType')
155+
->will($this->returnValue('token'));
156+
157+
$view = $this->factory
158+
->createNamed('', 'form', null, array(
159+
'csrf_field_name' => 'csrf',
160+
'csrf_provider' => $this->csrfProvider,
161+
'compound' => true,
162+
))
163+
->createView();
164+
165+
$this->assertEquals('token', $view['csrf']->vars['value']);
166+
}
167+
150168
public function provideBoolean()
151169
{
152170
return array(
@@ -218,6 +236,37 @@ public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionB
218236
$this->assertSame($valid, $form->isValid());
219237
}
220238

239+
/**
240+
* @dataProvider provideBoolean
241+
*/
242+
public function testValidateTokenOnBindIfRootAndCompoundUsesTypeClassAsIntentionIfEmptyFormName($valid)
243+
{
244+
$this->csrfProvider->expects($this->once())
245+
->method('isCsrfTokenValid')
246+
->with('Symfony\Component\Form\Extension\Core\Type\FormType', 'token')
247+
->will($this->returnValue($valid));
248+
249+
$form = $this->factory
250+
->createNamedBuilder('', 'form', null, array(
251+
'csrf_field_name' => 'csrf',
252+
'csrf_provider' => $this->csrfProvider,
253+
'compound' => true,
254+
))
255+
->add('child', 'text')
256+
->getForm();
257+
258+
$form->bind(array(
259+
'child' => 'foobar',
260+
'csrf' => 'token',
261+
));
262+
263+
// Remove token from data
264+
$this->assertSame(array('child' => 'foobar'), $form->getData());
265+
266+
// Validate accordingly
267+
$this->assertSame($valid, $form->isValid());
268+
}
269+
221270
public function testFailIfRootAndCompoundAndTokenMissing()
222271
{
223272
$this->csrfProvider->expects($this->never())

0 commit comments

Comments
 (0)
0