Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Form] Move CSRF options from types to the CSRF extension
- Loading branch information
Showing
11 changed files
with
140 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Form/Extension/Csrf/Type/ChoiceTypeCsrfExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Form\Extension\Csrf\Type; | ||
|
||
use Symfony\Component\Form\AbstractTypeExtension; | ||
|
||
class ChoiceTypeCsrfExtension extends AbstractTypeExtension | ||
{ | ||
public function getDefaultOptions(array $options) | ||
{ | ||
return array('csrf_protection' => false); | ||
} | ||
|
||
public function getExtendedType() | ||
{ | ||
return 'choice'; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Form/Extension/Csrf/Type/DateTypeCsrfExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Form\Extension\Csrf\Type; | ||
|
||
use Symfony\Component\Form\AbstractTypeExtension; | ||
|
||
class DateTypeCsrfExtension extends AbstractTypeExtension | ||
{ | ||
public function getDefaultOptions(array $options) | ||
{ | ||
return array('csrf_protection' => false); | ||
} | ||
|
||
public function getExtendedType() | ||
{ | ||
return 'date'; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Form/Extension/Csrf/Type/FileTypeCsrfExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Form\Extension\Csrf\Type; | ||
|
||
use Symfony\Component\Form\AbstractTypeExtension; | ||
|
||
class FileTypeCsrfExtension extends AbstractTypeExtension | ||
{ | ||
public function getDefaultOptions(array $options) | ||
{ | ||
return array('csrf_protection' => false); | ||
} | ||
|
||
public function getExtendedType() | ||
{ | ||
return 'file'; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Form/Extension/Csrf/Type/RepeatedTypeCsrfExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Form\Extension\Csrf\Type; | ||
|
||
use Symfony\Component\Form\AbstractTypeExtension; | ||
|
||
class RepeatedTypeCsrfExtension extends AbstractTypeExtension | ||
{ | ||
public function getDefaultOptions(array $options) | ||
{ | ||
return array('csrf_protection' => false); | ||
} | ||
|
||
public function getExtendedType() | ||
{ | ||
return 'repeated'; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
src/Symfony/Component/Form/Extension/Csrf/Type/TimeTypeCsrfExtension.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Form\Extension\Csrf\Type; | ||
|
||
use Symfony\Component\Form\AbstractTypeExtension; | ||
|
||
class TimeTypeCsrfExtension extends AbstractTypeExtension | ||
{ | ||
public function getDefaultOptions(array $options) | ||
{ | ||
return array('csrf_protection' => false); | ||
} | ||
|
||
public function getExtendedType() | ||
{ | ||
return 'time'; | ||
} | ||
} |
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The FormTypeExtension removes the CSRF field from any non-root view -- doesn't that make all these extensions moot?
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I cant see the benefit of having all theese classes instead of the default option on the types them selves, seems a bit overkill. And i think what Kris wrote is correct.
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kriswallsmith the condition is
if ((!$form->hasParent() || $form->getParent()->isRoot())
so it can be true for children - I think I have tested without these extensions and it failed but I will double check tomorrow.@henrikbjorn that is the way Form is architectured and should be used. (And the default types can be used without the csrf extension in which case the option could be misleading)
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kris, forget about the condition thing, the second part is still right...
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I start remembering now, I first dropped the
csrf_protection
(should be the config you are talking about) and:ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The extensions just add options that could be on the types them selves. Basically you are just moving a single option to its own class i cant see the benefit in this.
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The base types do not support CSRF, CSRF is supported by loading the CSRF extension.
This means that this option has no effect if the CSRF extension is not loaded. That's why this option has been added to the type extensions provided by the CSRF extension. So that when you load the CSRF extension, you get the CSRF protection and the types get extended with the CSRF related option.
It would work by leaving the option in the base types but it is definitely not the right way - if we keep the option in the base types then may be we should also make CSRF the default and no more an extension.
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about then having a fieldtypeextension that have it being false and a formtypeextension where it is true instead of replicating a bunch of classes that does the same thing.
ba31b5a
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you disable CSRF on a form then ?
There are probably better solutions than what I have proposed, you should submit a PR when you have a working one.