Merge branch '2.4'

fabpot · fabpot · commit fa1e9946090b · 2013-12-03T15:52:29.000+01:00
* 2.4:
  updated Composer suggested packages
  updated VERSION for 2.2.11
  update CONTRIBUTORS for 2.2.11
  updated CHANGELOG for 2.2.11
  Fixed typo in phpdoc
  Default form.csrf_protection.enabled to csrf_protection.enabled
  Handled the scenario when no entity manager is passed with closure query builder.
  Enabled csrf_protection by default if form.csrf_protection is enabled
  [HttpKernel] made a small optimization to Bundle initialization
  minor optimalization at bundle initialization
  [EventDispatcher] tweaked README
  removed observer pattern, in favour of mediator
  [DoctrineBridge] normalized class names in the ORM type guesser
  Fix `extract` method to avoid recalculating count() for each iteration.
  [Debug] ensured that a fatal PHP error is actually fatal after being handled by our error handler
  use the correct class name to retrieve mapped class' metadata and repository
  [WebProfilerBundle] Fixed js escaping in time.html.twig
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -120,8 +120,12 @@ private function addFormSection(ArrayNodeDefinition $rootNode)
                     ->canBeEnabled()
                     ->children()
                         ->arrayNode('csrf_protection')
-                            ->canBeDisabled()
+                            ->treatFalseLike(array('enabled' => false))
+                            ->treatTrueLike(array('enabled' => true))
+                            ->treatNullLike(array('enabled' => true))
+                            ->addDefaultsIfNotSet()
                             ->children()
+                                ->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
                                 ->scalarNode('field_name')->defaultNull()->end()
                             ->end()
                         ->end()
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -93,14 +93,18 @@ public function load(array $configs, ContainerBuilder $container)
 
         $loader->load('security.xml');
 
-        $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
-
         if ($this->isConfigEnabled($container, $config['form'])) {
             $this->formConfigEnabled = true;
             $this->registerFormConfiguration($config, $container, $loader);
             $config['validation']['enabled'] = true;
+
+            if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
+                $config['csrf_protection']['enabled'] = true;
+            }
         }
 
+        $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
+
         if (isset($config['templating'])) {
             $this->registerTemplatingConfiguration($config['templating'], $config['ide'], $container, $loader);
         }
@@ -158,11 +162,11 @@ public function load(array $configs, ContainerBuilder $container)
     private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
     {
         $loader->load('form.xml');
-        if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
-            if (!$this->isConfigEnabled($container, $config['csrf_protection'])) {
-                throw new \LogicException('CSRF protection needs to be enabled in order to use CSRF protection for forms.');
-            }
+        if (null === $config['form']['csrf_protection']['enabled']) {
+            $config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
+        }
 
+        if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
             $loader->load('form_csrf.xml');
 
             $container->setParameter('form.type_extension.csrf.enabled', true);
diff --git a/Tests/DependencyInjection/ConfigurationTest.php b/Tests/DependencyInjection/ConfigurationTest.php
@@ -96,7 +96,7 @@ protected static function getBundleDefaultConfig()
             'form'                => array(
                 'enabled' => false,
                 'csrf_protection' => array(
-                    'enabled' => true,
+                    'enabled' => null, // defaults to csrf_protection.enabled
                     'field_name' => null,
                 ),
             ),
diff --git a/Tests/DependencyInjection/Fixtures/php/csrf.php b/Tests/DependencyInjection/Fixtures/php/csrf.php
@@ -1,8 +1,14 @@
 <?php
 
 $container->loadFromExtension('framework', array(
+    'csrf_protection' => array(
+        'enabled' => false,
+    ),
     'form' => array(
         'enabled' => true,
+        'csrf_protection' => array(
+            'enabled' => true,
+        ),
     ),
     'session' => array(
         'handler_id' => null,
diff --git a/Tests/DependencyInjection/Fixtures/xml/csrf.xml b/Tests/DependencyInjection/Fixtures/xml/csrf.xml
@@ -7,7 +7,12 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form />
+        <framework:csrf-protection enabled="false" />
+
+        <framework:form>
+            <framework:csrf-protection />
+        </framework:form>
+
         <framework:session />
     </framework:config>
 </container>
diff --git a/Tests/DependencyInjection/Fixtures/yml/csrf.yml b/Tests/DependencyInjection/Fixtures/yml/csrf.yml
@@ -1,6 +1,8 @@
 framework:
+    csrf_protection: false
     secret: s3cr3t
-    form: ~
+    form:
+        csrf_protection: true
     session: ~
     # CSRF is disabled by default
     # csrf_protection: ~
diff --git a/Tests/DependencyInjection/FrameworkExtensionTest.php b/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -41,13 +41,11 @@ public function testCsrfProtectionNeedsSessionToBeEnabled()
         $this->createContainerFromFile('csrf_needs_session');
     }
 
-    /**
-     * @expectedException \LogicException
-     * @expectedExceptionMessage CSRF protection needs to be enabled in order to use CSRF protection for forms.
-     */
-    public function testCsrfProtectionForFormsNeedCsrfProtectionToBeEnabled()
+    public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
     {
-        $this->createContainerFromFile('csrf');
+        $container = $this->createContainerFromFile('csrf');
+
+        $this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
     }
 
     public function testSecureRandomIsAvailableIfCsrfIsDisabled()

Original file line number	Diff line number	Diff line change
`@@ -41,13 +41,11 @@ public function testCsrfProtectionNeedsSessionToBeEnabled()`
`41`	`41`	`$this->createContainerFromFile('csrf_needs_session');`
`42`	`42`	`}`
`43`	`43`
`44`		`- /**`
`45`		`- * @expectedException \LogicException`
`46`		`- * @expectedExceptionMessage CSRF protection needs to be enabled in order to use CSRF protection for forms.`
`47`		`- */`
`48`		`- public function testCsrfProtectionForFormsNeedCsrfProtectionToBeEnabled()`
	`44`	`+ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()`
`49`	`45`	`{`
`50`		`- $this->createContainerFromFile('csrf');`
	`46`	`+ $container = $this->createContainerFromFile('csrf');`
	`47`	`+`
	`48`	`+ $this->assertTrue($container->hasDefinition('security.csrf.token_manager'));`
`51`	`49`	`}`
`52`	`50`
`53`	`51`	`public function testSecureRandomIsAvailableIfCsrfIsDisabled()`