Registering the silex form extension last to ensure user specified ex…

…tensions can modify the behavior of the CSRF and Validator extensions. Fixes silexphp#1358
fabpot · May 18, 2016 · c21798c · c21798c
1 parent 1bbf31d
commit c21798c
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 1 deletion.
diff --git a/src/Silex/Provider/FormServiceProvider.php b/src/Silex/Provider/FormServiceProvider.php
@@ -69,7 +69,6 @@ public function register(Container $app)
 
         $app['form.extensions'] = function ($app) {
             $extensions = array(
-                $app['form.extension.silex'],
                 new HttpFoundationExtension(),
             );
 
@@ -80,6 +79,7 @@ public function register(Container $app)
             if (isset($app['validator'])) {
                 $extensions[] = new FormValidatorExtension($app['validator']);
             }
+            $extensions[] = $app['form.extension.silex'];
 
             return $extensions;
         };

diff --git a/tests/Silex/Tests/Provider/FormServiceProviderTest.php b/tests/Silex/Tests/Provider/FormServiceProviderTest.php
@@ -284,6 +284,24 @@ public function testFormCsrf()
 
         $this->assertTrue(isset($form->createView()['_token']));
     }
+
+    public function testUserExtensionCanConfigureDefaultExtensions()
+    {
+        $app = new Application();
+        $app->register(new FormServiceProvider());
+        $app->register(new SessionServiceProvider());
+        $app->register(new CsrfServiceProvider());
+        $app['session.test'] = true;
+
+        $app->extend('form.type.extensions', function ($extensions) {
+            $extensions[] = new FormServiceProviderTest\DisableCsrfExtension();
+
+            return $extensions;
+        });
+        $form = $app['form.factory']->createBuilder('Symfony\Component\Form\Extension\Core\Type\FormType', array())->getForm();
+
+        $this->assertFalse($form->getConfig()->getOption('csrf_protection'));
+    }
 }
 
 if (!class_exists('Symfony\Component\Form\Deprecated\FormEvents')) {

diff --git a/tests/Silex/Tests/Provider/FormServiceProviderTest/DisableCsrfExtension.php b/tests/Silex/Tests/Provider/FormServiceProviderTest/DisableCsrfExtension.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Silex\Tests\Provider\FormServiceProviderTest;
+
+use Symfony\Component\Form\AbstractTypeExtension;
+use Symfony\Component\Form\Extension\Core\Type\FormType;
+use Symfony\Component\OptionsResolver\OptionsResolver;
+
+class DisableCsrfExtension extends AbstractTypeExtension
+{
+    public function configureOptions(OptionsResolver $resolver)
+    {
+        $resolver->setDefaults(array(
+            'csrf_protection' => false,
+        ));
+    }
+
+    public function getExtendedType()
+    {
+        return FormType::class;
+    }
+}