moved static Form configuration to a new class (avoid loading 7 class…

…es just to enable CSRF -- even when no form is present in the page)

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

@@ -3,7 +3,7 @@
 namespace Symfony\Bundle\FrameworkBundle;
 
 use Symfony\Component\HttpKernel\Bundle\Bundle;
-use Symfony\Component\Form\Form;
+use Symfony\Component\Form\FormConfiguration;
 
 /*
  * This file is part of the Symfony framework.
@@ -29,10 +29,9 @@ public function boot()
         if ($this->container->has('error_handler')) {
             $this->container->get('error_handler');
         }
-
         if ($this->container->hasParameter('csrf_secret')) {
-            Form::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
-            Form::enableDefaultCsrfProtection();
+            FormConfiguration::setDefaultCsrfSecret($this->container->getParameter('csrf_secret'));
+            FormConfiguration::enableDefaultCsrfProtection();
         }
     }
 }

src/Symfony/Component/Form/Form.php

@@ -29,11 +29,6 @@
  */
 class Form extends FieldGroup
 {
-    protected static $defaultCsrfSecret = null;
-    protected static $defaultCsrfProtection = false;
-    protected static $defaultCsrfFieldName = '_token';
-    protected static $defaultLocale = null;
-
     protected $validator = null;
     protected $validationGroups = null;
 
@@ -54,12 +49,12 @@ public function __construct($name, $data, ValidatorInterface $validator, array $
 
         $this->setData($data);
 
-        if (self::$defaultCsrfProtection !== false) {
+        if (FormConfiguration::isDefaultCsrfProtectionEnabled()) {
             $this->enableCsrfProtection();
         }
 
-        if (self::$defaultLocale !== null) {
-            $this->setLocale(self::$defaultLocale);
+        if (FormConfiguration::getDefaultLocale() !== null) {
+            $this->setLocale(FormConfiguration::getDefaultLocale());
         }
 
         parent::__construct($name, $options);
@@ -85,26 +80,6 @@ public function getValidationGroups()
         return $this->validationGroups;
     }
 
-    /**
-     * Sets the default locale for newly created forms.
-     *
-     * @param string $defaultLocale
-     */
-    static public function setDefaultLocale($defaultLocale)
-    {
-        self::$defaultLocale = $defaultLocale;
-    }
-
-    /**
-     * Returns the default locale for newly created forms.
-     *
-     * @return string
-     */
-    static public function getDefaultLocale()
-    {
-        return self::$defaultLocale;
-    }
-
     /**
      * Binds the form with values and files.
      *
@@ -198,12 +173,12 @@ public function enableCsrfProtection($csrfFieldName = null, $csrfSecret = null)
     {
         if (!$this->isCsrfProtected()) {
             if ($csrfFieldName === null) {
-                $csrfFieldName = self::$defaultCsrfFieldName;
+                $csrfFieldName = FormConfiguration::getDefaultCsrfFieldName();
             }
 
             if ($csrfSecret === null) {
-                if (self::$defaultCsrfSecret !== null) {
-                    $csrfSecret = self::$defaultCsrfSecret;
+                if (FormConfiguration::getDefaultCsrfSecret() !== null) {
+                    $csrfSecret = FormConfiguration::getDefaultCsrfSecret();
                 } else {
                     $csrfSecret = md5(__FILE__.php_uname());
                 }
@@ -267,62 +242,6 @@ public function isCsrfTokenValid()
         }
     }
 
-    /**
-     * Enables CSRF protection for all new forms
-     */
-    static public function enableDefaultCsrfProtection()
-    {
-        self::$defaultCsrfProtection = true;
-    }
-
-    /**
-     * Disables Csrf protection for all forms.
-     */
-    static public function disableDefaultCsrfProtection()
-    {
-        self::$defaultCsrfProtection = false;
-    }
-
-    /**
-     * Sets the CSRF field name used in all new CSRF protected forms
-     *
-     * @param string $name The CSRF field name
-     */
-    static public function setDefaultCsrfFieldName($name)
-    {
-        self::$defaultCsrfFieldName = $name;
-    }
-
-    /**
-     * Returns the default CSRF field name
-     *
-     * @return string The CSRF field name
-     */
-    static public function getDefaultCsrfFieldName()
-    {
-        return self::$defaultCsrfFieldName;
-    }
-
-    /**
-     * Sets the CSRF secret used in all new CSRF protected forms
-     *
-     * @param string $secret
-     */
-    static public function setDefaultCsrfSecret($secret)
-    {
-        self::$defaultCsrfSecret = $secret;
-    }
-
-    /**
-     * Returns the default CSRF secret
-     *
-     * @return string
-     */
-    static public function getDefaultCsrfSecret()
-    {
-        return self::$defaultCsrfSecret;
-    }
-
     /**
      * Returns whether the maximum POST size was reached in this request.
      *

src/Symfony/Component/Form/FormConfiguration.php

@@ -0,0 +1,110 @@
+<?php
+
+namespace Symfony\Component\Form;
+
+/*
+ * This file is part of the Symfony framework.
+ *
+ * (c) Fabien Potencier <fabien.potencier@symfony-project.com>
+ *
+ * This source file is subject to the MIT license that is bundled
+ * with this source code in the file LICENSE.
+ */
+
+/**
+ * FormConfiguration holds the default configuration for forms (CSRF, locale, ...).
+ *
+ * @author Fabien Potencier <fabien.potencier@symfony-project.com>
+ */
+class FormConfiguration
+{
+    protected static $defaultCsrfSecret = null;
+    protected static $defaultCsrfProtection = false;
+    protected static $defaultCsrfFieldName = '_token';
+
+    protected static $defaultLocale = null;
+
+    /**
+     * Sets the default locale for newly created forms.
+     *
+     * @param string $defaultLocale
+     */
+    static public function setDefaultLocale($defaultLocale)
+    {
+        self::$defaultLocale = $defaultLocale;
+    }
+
+    /**
+     * Returns the default locale for newly created forms.
+     *
+     * @return string
+     */
+    static public function getDefaultLocale()
+    {
+        return self::$defaultLocale;
+    }
+
+    /**
+     * Enables CSRF protection for all new forms
+     */
+    static public function enableDefaultCsrfProtection()
+    {
+        self::$defaultCsrfProtection = true;
+    }
+
+    /**
+     * Checks if Csrf protection for all forms is enabled.
+     */
+    static public function isDefaultCsrfProtectionEnabled()
+    {
+        return self::$defaultCsrfProtection;
+    }
+
+    /**
+     * Disables Csrf protection for all forms.
+     */
+    static public function disableDefaultCsrfProtection()
+    {
+        self::$defaultCsrfProtection = false;
+    }
+
+    /**
+     * Sets the CSRF field name used in all new CSRF protected forms
+     *
+     * @param string $name The CSRF field name
+     */
+    static public function setDefaultCsrfFieldName($name)
+    {
+        self::$defaultCsrfFieldName = $name;
+    }
+
+    /**
+     * Returns the default CSRF field name
+     *
+     * @return string The CSRF field name
+     */
+    static public function getDefaultCsrfFieldName()
+    {
+        return self::$defaultCsrfFieldName;
+    }
+
+    /**
+     * Sets the CSRF secret used in all new CSRF protected forms
+     *
+     * @param string $secret
+     */
+    static public function setDefaultCsrfSecret($secret)
+    {
+        self::$defaultCsrfSecret = $secret;
+    }
+
+    /**
+     * Returns the default CSRF secret
+     *
+     * @return string
+     */
+    static public function getDefaultCsrfSecret()
+    {
+        return self::$defaultCsrfSecret;
+    }
+}

tests/Symfony/Tests/Component/Form/FormTest.php

@@ -6,6 +6,7 @@
 require_once __DIR__ . '/Fixtures/TestField.php';
 
 use Symfony\Component\Form\Form;
+use Symfony\Component\Form\FormConfiguration;
 use Symfony\Component\Form\Field;
 use Symfony\Component\Form\HiddenField;
 use Symfony\Component\Form\FieldGroup;
@@ -58,8 +59,8 @@ public static function setUpBeforeClass()
 
     protected function setUp()
     {
-        Form::disableDefaultCsrfProtection();
-        Form::setDefaultCsrfSecret(null);
+        FormConfiguration::disableDefaultCsrfProtection();
+        FormConfiguration::setDefaultCsrfSecret(null);
         $this->validator = $this->createMockValidator();
         $this->form = new Form('author', new Author(), $this->validator);
     }
@@ -96,7 +97,7 @@ public function testNoCsrfProtectionByDefault()
 
     public function testDefaultCsrfProtectionCanBeEnabled()
     {
-        Form::enableDefaultCsrfProtection();
+        FormConfiguration::enableDefaultCsrfProtection();
         $form = new Form('author', new Author(), $this->validator);
 
         $this->assertTrue($form->isCsrfProtected());
@@ -112,7 +113,7 @@ public function testGeneratedCsrfSecretByDefault()
 
     public function testDefaultCsrfSecretCanBeSet()
     {
-        Form::setDefaultCsrfSecret('foobar');
+        FormConfiguration::setDefaultCsrfSecret('foobar');
         $form = new Form('author', new Author(), $this->validator);
         $form->enableCsrfProtection();
 
@@ -121,7 +122,7 @@ public function testDefaultCsrfSecretCanBeSet()
 
     public function testDefaultCsrfFieldNameCanBeSet()
     {
-        Form::setDefaultCsrfFieldName('foobar');
+        FormConfiguration::setDefaultCsrfFieldName('foobar');
         $form = new Form('author', new Author(), $this->validator);
         $form->enableCsrfProtection();
 
@@ -172,7 +173,7 @@ public function testIsCsrfTokenValidFails()
 
     public function testDefaultLocaleCanBeSet()
     {
-        Form::setDefaultLocale('de-DE-1996');
+        FormConfiguration::setDefaultLocale('de-DE-1996');
         $form = new Form('author', new Author(), $this->validator);
 
         $field = $this->getMock('Symfony\Component\Form\Field', array(), array(), '', false, false);