Permalink
Browse files

ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the…

… existing disableSecurityToken() (from r113284)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114531 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent 770281b commit 854e0e30b42f9ceb4b8396b6f15dfa7a425abb40 @sminnee sminnee committed Dec 5, 2010
Showing with 32 additions and 1 deletion.
  1. +12 −1 forms/Form.php
  2. +20 −0 tests/forms/FormTest.php
View
@@ -1165,15 +1165,26 @@ function disableDefaultAction() {
}
/**
- * Disable the requirement of a security token in the Form. This security protects
+ * Disable the requirement of a security token on this form instance. This security protects
* against CSRF attacks, but you should disable this if you don't want to tie
* a form to a session - eg a search form.
+ *
+ * Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function disableSecurityToken() {
$this->securityToken = new NullSecurityToken();
}
/**
+ * Enable {@link SecurityToken} protection for this form instance.
+ *
+ * Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
+ */
+ function enableSecurityToken() {
+ $this->securityToken = new SecurityToken();
+ }
+
+ /**
* Disable security tokens for every form.
* Note that this doesn't apply to {@link SecurityToken}
* instances outside of the Form class, nor applies
View
@@ -305,6 +305,26 @@ function testDisableSecurityTokenAcceptsSubmissionWithoutToken() {
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
}
+ function testEnableSecurityToken() {
+ SecurityToken::disable();
+ $form = $this->getStubForm();
+ $this->assertFalse($form->getSecurityToken()->isEnabled());
+ $form->enableSecurityToken();
+ $this->assertTrue($form->getSecurityToken()->isEnabled());
+
+ SecurityToken::disable(); // restore original
+ }
+
+ function testDisableSecurityToken() {
+ SecurityToken::enable();
+ $form = $this->getStubForm();
+ $this->assertTrue($form->getSecurityToken()->isEnabled());
+ $form->disableSecurityToken();
+ $this->assertFalse($form->getSecurityToken()->isEnabled());
+
+ SecurityToken::disable(); // restore original
+ }
+
protected function getStubForm() {
return new Form(
new Controller(),

0 comments on commit 854e0e3

Please sign in to comment.