Skip to content

Commit

Permalink
Fix EZP-20289 Symfony CSRF protection not integrated with legacy
Browse files Browse the repository at this point in the history 
This is the Symfony side of things injecting csrf settings if csrf is enabled
into api added in ezsystems/ezpublish-legacy#552
  • Loading branch information
@andrerom
andrerom committed Jan 29, 2013
1 parent e8b3f05 commit 514ad07
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 1 deletion.
17 changes: 16 additions & 1 deletion LegacyMapper/Configuration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
use eZ\Publish\Core\MVC\ConfigResolverInterface;
use eZ\Publish\Core\MVC\Symfony\Cache\GatewayCachePurger;
use ezpEvent;
use ezxFormToken;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;

Expand All @@ -32,15 +33,21 @@ class Configuration implements EventSubscriberInterface
*/
private $gatewayCachePurger;

/**
* @var \Symfony\Component\DependencyInjection\ContainerInterface
*/
private $container;

/**
* @var array
*/
private $options;

public function __construct( ConfigResolverInterface $configResolver, GatewayCachePurger $gatewayCachePurger, array $options = array() )
public function __construct( ConfigResolverInterface $configResolver, GatewayCachePurger $gatewayCachePurger, ContainerInterface $container, array $options = array() )
{
$this->configResolver = $configResolver;
$this->gatewayCachePurger = $gatewayCachePurger;
$this->container = $container;
$this->options = $options;
}

Expand Down Expand Up @@ -90,6 +97,14 @@ public function onBuildKernel( PreBuildKernelEvent $event )
$settings + (array)$event->getParameters()->get( "injected-settings" )
);

// Inject csrf protection settings to make sure legacy & symfony stack work together
if ( $this->container->hasParameter( 'form.type_extension.csrf.enabled' ) &&
$this->container->getParameter( 'form.type_extension.csrf.enabled' ) )
{
ezxFormToken::setSecret( $this->container->getParameter( 'kernel.secret' ) );
ezxFormToken::setFormField( $this->container->getParameter( 'form.type_extension.csrf.field_name' ) );
}

// Register content/cache event listener
ezpEvent::getInstance()->attach( 'content/cache', array( $this->gatewayCachePurger, 'purge' ) );
ezpEvent::getInstance()->attach( 'content/cache/all', array( $this->gatewayCachePurger, 'purgeAll' ) );
Expand Down
1 change: 1 addition & 0 deletions Resources/config/services.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ services:
arguments:
- @ezpublish.config.resolver.core
- @ezpublish.http_cache.purger
- @service_container
- %ezpublish_legacy.configuration_mapper.options%
tags:
- { name: kernel.event_subscriber }
Expand Down

0 comments on commit 514ad07

Please sign in to comment.