From dae28115f5b9395e7a28c0ee125c4f755efeeb9a Mon Sep 17 00:00:00 2001 From: Nicolas Grekas Date: Sun, 24 May 2015 12:32:57 -0700 Subject: [PATCH 1/4] Fix missing note about debug.dump_destination --- components/var_dumper/introduction.rst | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/components/var_dumper/introduction.rst b/components/var_dumper/introduction.rst index 05eff3e8849..086695c471c 100644 --- a/components/var_dumper/introduction.rst +++ b/components/var_dumper/introduction.rst @@ -104,6 +104,11 @@ original value. You can configure the limits in terms of: * maximum number of items to dump, * maximum string length before truncation. +Since dumping into the toolbar is not always possible - e.g. when working on a +JSON API - you can have an alternate output destination for dumps. This is +configurable with the ``debug.dump_destination`` option, that you can typically +set to ``php://stderr``. + .. configuration-block:: .. code-block:: yaml @@ -111,6 +116,7 @@ original value. You can configure the limits in terms of: debug: max_items: 250 max_string_length: -1 + dump_destination: ~ .. code-block:: xml @@ -119,9 +125,17 @@ original value. You can configure the limits in terms of: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://symfony.com/schema/dic/debug http://symfony.com/schema/dic/debug/debug-1.0.xsd"> - + + .. code-block:: php + + $container->loadFromExtension('debug', array( + 'max_items' => 250, + 'max_string_length' => -1, + 'dump_destination' => null, + )); + Dump Examples and Output ------------------------ From 11383f8ad5be5abed7fe006110a57a8b518809ca Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Thu, 28 May 2015 12:41:39 +0200 Subject: [PATCH 2/4] 4668 document isCsrfTokenValid --- book/controller.rst | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 7ec7bd4ae3a..18555aeb521 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()`` } .. versionadded:: 2.6 - The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you + The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you could use ``redirect()`` and ``generateUrl()`` together for this (see the example above). Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL:: @@ -803,6 +803,28 @@ Just like when creating a controller for a route, the order of the arguments of order of the arguments, Symfony will still pass the correct value to each variable. +Validating a CSRF Token +----------------------- + +Sometimes you want to use CSRF protection in an action where you don't want to use the +Symfony Form component. + +If, for example, you're doing a DELETE action, you can use the +:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +method to check the CSRF token:: + + if ($this->isCsrfTokenValid('token_id', $submittedToken)) { + // ... do something, like deleting an object + } + +.. versionadded:: 2.6 + The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. + It is equivalent to executing the following code:: + + use Symfony\Component\Security\Csrf\CsrfToken; + + $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); + Final Thoughts -------------- From f67c353b576d5b1e65d72b36db939b85f1833913 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Wed, 29 Jul 2015 13:53:52 +0200 Subject: [PATCH 3/4] [#5572] Fix syntax --- book/controller.rst | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/book/controller.rst b/book/controller.rst index 18555aeb521..8b1f2dc7a47 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -806,11 +806,9 @@ variable. Validating a CSRF Token ----------------------- -Sometimes you want to use CSRF protection in an action where you don't want to use the -Symfony Form component. - -If, for example, you're doing a DELETE action, you can use the -:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +Sometimes, you want to use CSRF protection in an action where you don't want to +use the Symfony Form component. If, for example, you're doing a DELETE action, +you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` method to check the CSRF token:: if ($this->isCsrfTokenValid('token_id', $submittedToken)) { @@ -821,9 +819,10 @@ method to check the CSRF token:: The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. It is equivalent to executing the following code:: - use Symfony\Component\Security\Csrf\CsrfToken; + use Symfony\Component\Security\Csrf\CsrfToken; - $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); + $this->get('security.csrf.token_manager') + ->isTokenValid(new CsrfToken('token_id', 'TOKEN')); Final Thoughts -------------- From ab19cfba7b24a660ea4239369ae4242ef2ee1496 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Tue, 20 Oct 2015 13:37:39 +0200 Subject: [PATCH 4/4] fix code block syntax --- book/controller.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 811364e8ecd..0ec4a592693 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -825,7 +825,9 @@ method to check the CSRF token:: .. versionadded:: 2.6 The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. - It is equivalent to executing the following code:: + It is equivalent to executing the following code: + + .. code-block:: php use Symfony\Component\Security\Csrf\CsrfToken;