10000 [Form] Fixed: CSRF token was not displayed on empty complex forms · symfony/symfony@649752c · GitHub
[go: up one dir, main page]
Skip to content

Commit 649752c

Browse files
webmozartwebmozart
committed
[Form] Fixed: CSRF token was not displayed on empty complex forms
1 parent c623fcf commit 649752c

File tree

5 files changed

+38
-41
lines changed

5 files changed

+38
-41
lines changed

src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ public function onBindClientData(FilterDataEvent $event)
6363
$form = $event->getForm();
6464
$data = $event->getData();
6565

66-
if ($form->isRoot() && $form->hasChildren()) {
66+
if ($form->isRoot() && !$form->getAttribute('primitive')) {
6767
if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
6868
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
6969
}

src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ public function buildForm(FormBuilder $builder, array $options)
6464
*/
6565
public function buildViewBottomUp(FormView $view, FormInterface $form)
6666
{
67-
if (!$view->hasParent() && $view->hasChildren() && $form->hasAttribute('csrf_field_name')) {
67+
if (!$view->hasParent() && !$form->getAttribute('primitive') && $form->hasAttribute('csrf_field_name')) {
6868
$name = $form->getAttribute('csrf_field_name');
6969
$csrfProvider = $form->getAttribute('csrf_provider');
7070
$intention = $form->getAttribute('csrf_intention');

src/Symfony/Component/Form/Tests/AbstractDivLayoutTest.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -285,6 +285,7 @@ public function testEmptyCollection()
285285

286286
$this->assertWidgetMatchesXpath($form->createView(), array(),
287287
'/div
288+
[./input[@type="hidden"][@id="name__token"]]
288289
[count(./div)=0]
289290
'
290291
);

src/Symfony/Component/Form/Tests/AbstractTableLayoutTest.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -178,7 +178,8 @@ public function testEmptyCollection()
178178

179179
$this->assertWidgetMatchesXpath($form->createView(), array(),
180180
'/table
181-
[count(./tr[./td/input])=0]
181+
[./tr[@style="display: none"][./td[@colspan="2"]/input[@type="hidden"][@id="name__token"]]]
182+
[count(./tr[./td/input])=1]
182183
'
183184
);
184185
}

src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php

Lines changed: 33 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -56,43 +56,42 @@ protected function getExtensions()
5656
));
5757
}
5858

59-
public function testCsrfProtectionByDefaultIfRootAndChildren()
59+
public function testCsrfProtectionByDefaultIfRootAndNotPrimitive()
6060
{
< 57AE /code>
6161
$view = $this->factory
62-
->createBuilder('form', null, array(
62+
->create('form', null, array(
6363
'csrf_field_name' => 'csrf',
64+
'primitive' => false,
6465
))
65-
->add($this->factory->createNamedBuilder('form', 'child'))
66-
->getForm()
6766
->createView();
6867

6968
$this->assertTrue($view->hasChild('csrf'));
7069
}
7170

72-
public function testNoCsrfProtectionByDefaultIfChildrenButNotRoot()
71+
public function testNoCsrfProtectionByDefaultIfNotPrimitiveButNotRoot()
7372
{
7473
$view = $this->factory
7574
->createNamedBuilder('form', 'root')
7675
->add($this->factory
7776
->createNamedBuilder('form', 'form', null, array(
7877
'csrf_field_name' => 'csrf',
78+
'primitive' => false,
7979
))
80-
->add($this->factory->createNamedBuilder('form', 'child'))
8180
)
8281
->getForm()
83-
->get('form')
84-
->createView();
82+
->createView()
83+
->getChild('form');
8584

8685
$this->assertFalse($view->hasChild('csrf'));
8786
}
8887

89-
public function testNoCsrfProtectionByDefaultIfRootButNoChildren()
88+
public function testNoCsrfProtectionByDefaultIfRootButPrimitive()
9089
{
9190
$view = $this->factory
92-
->createBuilder('form', null, array(
91+
->create('form', null, array(
9392
'csrf_field_name' => 'csrf',
93+
'primitive' => true,
9494
))
95-
->getForm()
9695
->createView();
9796

9897
$this->assertFalse($view->hasChild('csrf'));
@@ -101,12 +100,11 @@ public function testNoCsrfProtectionByDefaultIfRootButNoChildren()
101100
public function testCsrfProtectionCanBeDisabled()
102101
{
103102
$view = $this->factory
104-
->createBuilder('form', null, array(
103+
->create('form', null, array(
105104
'csrf_field_name' => 'csrf',
106105
'csrf_protection' => false,
106+
'primitive' => false,
107107
))
108-
->add($this->factory->createNamedBuilder('form', 'child'))
109-
->getForm()
110108
->createView();
111109

112110
$this->assertFalse($view->hasChild('csrf'));
@@ -120,13 +118,12 @@ public function testGenerateCsrfToken()
120118
->will($this->returnValue('token'));
121119

122120
$view = $this->factory
123-
->createBuilder('form', null, array(
121+
->create('form', null, array(
124122
'csrf_field_name' => 'csrf',
125123
'csrf_provider' => $this->csrfProvider,
126-
'intention' => '%INTENTION%'
124+
'intention' => '%INTENTION%',
125+
'primitive' => false,
127126
))
128-
->add($this->factory->createNamedBuilder('form', 'child'))
129-
->getForm()
130127
->createView();
131128

132129
$this->assertEquals('token', $view->getChild('csrf')->get('value'));
@@ -143,21 +140,20 @@ public function provideBoolean()
143140
/**
144141
* @dataProvider provideBoolean
145142
*/
146-
public function testValidateTokenOnBindIfRootAndChildren($valid)
143+
public function testValidateTokenOnBindIfRootAndNotPrimitive($valid)
147144
{
148145
$this->csrfProvider->expects($this->once())
149146
->method('isCsrfTokenValid')
150147
->with('%INTENTION%', 'token')
151148
->will($this->returnValue($valid));
152149

153150
$form = $this->factory
154-
->createBuilder('form', null, array(
151+
->create('form', null, array(
155152
'csrf_field_name' => 'csrf',
156153
'csrf_provider' => $this->csrfProvider,
157-
'intention' => '%INTENTION%'
158-
))
159-
->add($this->factory->createNamedBuilder('form', 'child'))
160-
->getForm();
154+
'intention' => '%INTENTION%',
155+
'primitive' => false,
156+
));
161157

162158
$form->bind(array(
163159
'child' => 'foobar',
@@ -171,19 +167,18 @@ public function testValidateTokenOnBindIfRootAndChildren($valid)
171167
$this->assertSame($valid, $form->isValid());
172168
}
173169

174-
public function testFailIfRootAndChildrenAndTokenMissing()
170+
public function testFailIfRootAndNotPrimitiveAndTokenMissing()
175171
{
176172
$this->csrfProvider->expects($this->never())
177173
->method('isCsrfTokenValid');
178174

179175
$form = $this->factory
180-
->createBuilder('form', null, array(
176+
->create('form', null, array(
181177
'csrf_field_name' => 'csrf',
182178
'csrf_provider' => $this->csrfProvider,
183-
'intention' => '%INTENTION%'
184-
))
185-
->add($this->factory->createNamedBuilder('form', 'child'))
186-
->getForm();
179+
'intention' => '%INTENTION%',
180+
'primitive' => false,
181+
));
187182

188183
$form->bind(array(
189184
'child' => 'foobar',
@@ -197,7 +192,7 @@ public function testFailIfRootAndChildrenAndTokenMissing()
197192
$this->assertFalse($form->isValid());
198193
}
199194

200-
public function testDontValidateTokenIfChildrenButNoRoot()
195+
public function testDontValidateTokenIfNotPrimitiveButNoRoot()
201196
{
202197
$this->csrfProvider->expects($this->never())
203198
->method('isCsrfTokenValid');
@@ -208,9 +203,9 @@ public function testDontValidateTokenIfChildrenButNoRoot()
208203
->createNamedBuilder('form', 'form', null, array(
209204
'csrf_field_name' => 'csrf',
210205
'csrf_provider' => $this->csrfProvider,
211-
'intention' => '%INTENTION%'
206+
'intention' => '%INTENTION%',
207+
'primitive' => false,
212208
))
213-
->add($this->factory->createNamedBuilder('form', 'child'))
214209
)
215210
->getForm()
216211
->get('form');
@@ -221,18 +216,18 @@ public function testDontValidateTokenIfChildrenButNoRoot()
221216
));
222217
}
223218

224-
public function testDontValidateTokenIfRootButNoChildren()
219+
public function testDontValidateTokenIfRootButPrimitive()
225220
{
226221
$this->csrfProvider->expects($this->never())
227222
->method('isCsrfTokenValid');
228223

229224
$form = $this->factory
230-
->createBuilder('form', null, array(
225+
->create('form', null, array(
231226
'csrf_field_name' => 'csrf',
232227
'csrf_provider' => $this->csrfProvider,
233-
'intention' => '%INTENTION%'
234-
))
235-
->getForm();
228+
'intention' => '%INTENTION%',
229+
'primitive' => true,
230+
));
236231

237232
$form->bind(array(
238233
'csrf' => 'token',

0 commit comments

Comments
 (0)
0