Skip to content

Commit 7703515

Browse files
webmozartwebmozart
committed
[Intl] Improved FormTypeCsrfExtension to use the type class as default intention if the form name is empty
1 parent 250d2cf commit 7703515

File tree

2 files changed

+53
-3
lines changed

2 files changed

+53
-3
lines changed

Extension/Csrf/Type/FormTypeCsrfExtension.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ public function buildForm(FormBuilderInterface $builder, array $options)
7676
->addEventSubscriber(new CsrfValidationListener(
7777
$options['csrf_field_name'],
7878
$options['csrf_provider'],
79-
$options['intention'] ?: $builder->getName(),
79+
$options['intention'] ?: ($builder->getName() ?: get_class($builder->getType()->getInnerType())),
8080
$options['csrf_message'],
8181
$this->translator,
8282
$this->translationDomain
@@ -95,7 +95,8 @@ public function finishView(FormView $view, FormInterface $form, array $options)
9595
{
9696
if ($options['csrf_protection'] && !$view->parent && $options['compound']) {
9797
$factory = $form->getConfig()->getAttribute('csrf_factory');
98-
$data = $options['csrf_provider']->generateCsrfToken($options['intention'] ?: $form->getName());
98+
$intention = $options['intention'] ?: ($form->getName() ?: get_class($form->getConfig()->getType()->getInnerType()));
99+
$data = $options['csrf_provider']->generateCsrfToken($intention);
99100

100101
$csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
101102
'mapped' => false,

Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php

Lines changed: 50 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,24 @@ public function testGenerateCsrfTokenUsesFormNameAsIntentionByDefault()
158158
$this->assertEquals('token', $view['csrf']->vars['value']);
159159
}
160160

161+
public function testGenerateCsrfTokenUsesTypeClassAsIntentionIfEmptyFormName()
162+
{
163+
$this->csrfProvider->expects($this->once())
164+
->method('generateCsrfToken')
165+
->with('Symfony\Component\Form\Extension\Core\Type\FormType')
166+
->will($this->returnValue('token'));
167+
168+
$view = $this->factory
169+
->createNamed('', 'form', null, array(
170+
'csrf_field_name' => 'csrf',
171+
'csrf_provider' => $this->csrfProvider,
172+
'compound' => true,
173+
))
174+
->createView();
175+
176+
$this->assertEquals('token', $view['csrf']->vars['value']);
177+
}
178+
161179
public function provideBoolean()
162180
{
163181
return array(
@@ -201,7 +219,7 @@ public function testValidateTokenOnSubmitIfRootAndCompound($valid)
201219
/**
202220
* @dataProvider provideBoolean
203221
*/
204-
public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
222+
public function testValidateTokenOnSubmitIfRootAndCompoundUsesFormNameAsIntentionByDefault($valid)
205223
{
206224
$this->csrfProvider->expects($this->once())
207225
->method('isCsrfTokenValid')
@@ -229,6 +247,37 @@ public function testValidateTokenOnBindIfRootAndCompoundUsesFormNameAsIntentionB
229247
$this->assertSame($valid, $form->isValid());
230248
}
231249

250+
/**
251+
* @dataProvider provideBoolean
252+
*/
253+
public function testValidateTokenOnSubmitIfRootAndCompoundUsesTypeClassAsIntentionIfEmptyFormName($valid)
254+
{
255+
$this->csrfProvider->expects($this->once())
256+
->method('isCsrfTokenValid')
257+
->with('Symfony\Component\Form\Extension\Core\Type\FormType', 'token')
258+
->will($this->returnValue($valid));
259+
260+
$form = $this->factory
261+
->createNamedBuilder('', 'form', null, array(
262+
'csrf_field_name' => 'csrf',
263+
'csrf_provider' => $this->csrfProvider,
264+
'compound' => true,
265+
))
266+
->add('child', 'text')
267+
->getForm();
268+
269+
$form->submit(array(
270+
'child' => 'foobar',
271+
'csrf' => 'token',
272+
));
273+
274+
// Remove token from data
275+
$this->assertSame(array('child' => 'foobar'), $form->getData());
276+
277+
// Validate accordingly
278+
$this->assertSame($valid, $form->isValid());
279+
}
280+
232281
public function testFailIfRootAndCompoundAndTokenMissing()
233282
{
234283
$this->csrfProvider->expects($this->never())

0 commit comments

Comments
 (0)