handle disabled csrf protection in the PHP templating form helper

symfony · Jan 23, 2012 · 2a998e0 · 2a998e0
1 parent fbbea2f
commit 2a998e0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml b/src/Symfony/Bundle/FrameworkBundle/Resources/config/templating_php.xml
@@ -97,7 +97,7 @@
         <service id="templating.helper.form" class="%templating.helper.form.class%">
             <tag name="templating.helper" alias="form" />
             <argument type="service" id="templating.engine.php" />
-            <argument type="service" id="form.csrf_provider" />
+            <argument type="service" id="form.csrf_provider" on-invalid="null" />
             <argument>%templating.helper.form.resources%</argument>
         </service>
 

diff --git a/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php b/src/Symfony/Bundle/FrameworkBundle/Templating/Helper/FormHelper.php
@@ -47,7 +47,7 @@ class FormHelper extends Helper
      * @param CsrfProviderInterface $csrfProvider The CSRF provider
      * @param array                 $resources    An array of theme names
      */
-    public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider, array $resources)
+    public function __construct(EngineInterface $engine, CsrfProviderInterface $csrfProvider = null, array $resources = array())
     {
         $this->engine = $engine;
         $this->csrfProvider = $csrfProvider;
@@ -202,6 +202,10 @@ public function rest(FormView $view, array $variables = array())
      */
     public function csrfToken($intention)
     {
+        if (! $this->csrfProvider instanceof CsrfProviderInterface) {
+            throw new \BadMethodCallException('CSRF token can only be generated if the "form.csrf_provider" service is available');
+        }
+
         return $this->csrfProvider->generateCsrfToken($intention);
     }