8000 [Form] Merged FieldType into FormType by webmozart · Pull Request #3923 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Form] Merged FieldType into FormType #3923

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 18, 2012
Merged

[Form] Merged FieldType into FormType #3923

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2a49449
[Form] Simplified CSRF mechanism and removed "csrf" type
webmozart Apr 13, 2012
bfa7ef2
[Form] Removed obsolete exceptions
webmozart Apr 13, 2012
fcb2227
[Form] Deprecated FieldType, which has been merged into FormType
webmozart Apr 13, 2012
6e4ed9e
[Form] Fixed regression: bind(null) was not converted to an empty str…
webmozart Apr 17, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
[Form] Simplified CSRF mechanism and removed "csrf" type 
CSRF fields are now only added when the view is built. For this reason we already know if
the form is the root form and avoid to create unnecessary CSRF fields for nested fields.
  • Loading branch information
@webmozart
webmozart committed Apr 17, 2012
commit 2a49449862ab74fbd80126384daa1957abaf2e0c
1 change: 1 addition & 0 deletions CHANGELOG-2.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,6 +269,7 @@ To get the diff between two versions, go to https://github.com/symfony/symfony/c
don't receive an options array anymore.
* Deprecated FormValidatorInterface and substituted its implementations
by event subscribers
* simplified CSRF protection and removed the csrf type

### HttpFoundation

Expand Down
5 changes: 1 addition & 4 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/form_csrf.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,9 @@
<argument>%kernel.secret%</argument>
</service>

<service id="form.type.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\CsrfType">
<tag name="form.type" alias="csrf" />
<argument type="service" id="form.csrf_provider" />
</service>
<service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
<tag name="form.type_extension" alias="form" />
<argument type="service" id="form.csrf_provider" />
<argument>%form.type_extension.csrf.enabled%</argument>
<argument>%form.type_extension.csrf.field_name%</argument>
</service>
Expand Down
4 changes: 2 additions & 2 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,9 @@ public function testCsrfProtection()
$def = $container->getDefinition('form.type_extension.csrf');

$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
$this->assertEquals('%form.type_extension.csrf.enabled%', $def->getArgument(0));
$this->assertEquals('%form.type_extension.csrf.enabled%', $def->getArgument(1));
$this->assertEquals('_csrf', $container->getParameter('form.type_extension.csrf.field_name'));
$this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(1));
$this->assertEquals('%form.type_extension.csrf.field_name%', $def->getArgument(2));
$this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
}

Expand Down
16 changes: 1 addition & 15 deletions src/Symfony/Component/Form/Extension/Csrf/CsrfExtension.php
View file
Open in desktop
8000
Original file line number Diff line number Diff line change
Expand Up @@ -32,27 +32,13 @@ public function __construct(CsrfProviderInterface $csrfProvider)
$this->csrfProvider = $csrfProvider;
}

/**
* {@inheritDoc}
*/
protected function loadTypes()
{
return array(
new Type\CsrfType($this->csrfProvider),
);
}

/**
* {@inheritDoc}
*/
protected function loadTypeExtensions()
{
return array(
new Type\ChoiceTypeCsrfExtension(),
new Type\DateTypeCsrfExtension(),
new Type\FormTypeCsrfExtension(),
new Type\RepeatedTypeCsrfExtension(),
new Type\TimeTypeCsrfExtension(),
new Type\FormTypeCsrfExtension($this->csrfProvider),
);
}
}
26 changes: 17 additions & 9 deletions src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
View file
Open in desktop
6D47
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,20 @@
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Form\FormEvents;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\Event\DataEvent;
use Symfony\Component\Form\Event\FilterDataEvent;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;

/**
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class CsrfValidationListener implements EventSubscriberInterface
{
/**
* The name of the CSRF field
* @var string
*/
private $fieldName;

/**
* The provider for generating and validating CSRF tokens
* @var CsrfProviderInterface
Expand All @@ -45,24 +51,26 @@ static public function getSubscribedEvents()
);
}

public function __construct(CsrfProviderInterface $csrfProvider, $intention)
public function __construct($fieldName, CsrfProviderInterface $csrfProvider, $intention)
{
$this->fieldName = $fieldName;
$this->csrfProvider = $csrfProvider;
$this->intention = $intention;
}

public function onBindClientData(DataEvent $event)
public function onBindClientData(FilterDataEvent $event)
{
$form = $event->getForm();
$data = $event->getData();

if ((!$form->hasParent() || $form->getParent()->isRoot())
&& !$this->csrfProvider->isCsrfTokenValid($this->intention, $data)) {
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
if ($form->isRoot() && $form->hasChildren() && isset($data[$this->fieldName])) {
if (!$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
$form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form'));
}

// If the session timed out, the token is invalid now.
// Regenerate the token so that a resubmission is possible.
$event->setData($this->csrfProvider->generateCsrfToken($this->intention));
unset($data[$this->fieldName]);
}

$event->setData($data);
}
}
66 changes: 0 additions & 66 deletions src/Symfony/Component/Form/Extension/Csrf/EventListener/EnsureCsrfFieldListener.php
View file
Open in desktop

This file was deleted.

27 changes: 0 additions & 27 deletions src/Symfony/Component/Form/Extension/Csrf/Type/ChoiceTypeCsrfExtension.php
View file
Open in desktop

This file was deleted.

83 changes: 0 additions & 83 deletions src/Symfony/Component/Form/Extension/Csrf/Type/CsrfType.php
View file
Open in desk 7F0D top

This file was deleted.

27 changes: 0 additions & 27 deletions src/Symfony/Component/Form/Extension/Csrf/Type/DateTypeCsrfExtension.php
View file
Open in desktop

This file was deleted.

Loading
0