merged branch Tobion/formexception (PR #5337)

Commits ------- eb2eba1 [Form] don't allow users to force exceptions by submitting unexpected data Discussion ---------- [Form] don't allow users to force exceptions by submitting unexpected data fix #5334 This makes it more fault-tolerant by simply ignoring wrong stuff from hackers. @bschussek: I didn't find any other UnexpectedTypeExceptions that could be invoked by simply submitting unexpected data. But I'm not 100% sure that there aren't any indirectly invokeable, e.g. in some listeners. --------------------------------------------------------------------------- by stof at 2012-08-24T22:34:52Z a test is missing for this. --------------------------------------------------------------------------- by Tobion at 2012-08-24T23:02:26Z @stof true, I will add one --------------------------------------------------------------------------- by Tobion at 2012-08-25T13:51:23Z Added test. --------------------------------------------------------------------------- by bschussek at 2012-08-29T11:07:37Z :+1: Could you please squash the commits? --------------------------------------------------------------------------- by Tobion at 2012-08-29T13:43:52Z Done.
symfony · Aug 29, 2012 · 1ab0aa2 · 1ab0aa2
2 parents a8c34c1 + 9eac88e
commit 1ab0aa2
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 5 deletions.
diff --git a/Form.php b/Form.php
@@ -13,7 +13,6 @@
 
 use Symfony\Component\Form\Exception\FormException;
 use Symfony\Component\Form\Exception\AlreadyBoundException;
-use Symfony\Component\Form\Exception\UnexpectedTypeException;
 use Symfony\Component\Form\Exception\TransformationFailedException;
 use Symfony\Component\Form\Util\FormUtil;
 use Symfony\Component\Form\Util\PropertyPath;
@@ -533,10 +532,6 @@ public function bind($submittedData)
         // (think of empty collection forms)
         if ($this->config->getCompound()) {
             if (!is_array($submittedData)) {
-                if (!FormUtil::isEmpty($submittedData)) {
-                    throw new UnexpectedTypeException($submittedData, 'array');
-                }
-
                 $submittedData = array();
             }
 

diff --git a/Tests/SimpleFormTest.php b/Tests/SimpleFormTest.php
@@ -779,6 +779,25 @@ public function testSetDataCannotInvokeItself()
         $form->setData('foo');
     }
 
+    public function testBindingWrongDataIsIgnored()
+    {
+        $test = $this;
+
+        $child = $this->getBuilder('child', $this->dispatcher);
+        $child->addEventListener(FormEvents::PRE_BIND, function (FormEvent $event) use ($test) {
+            // child form doesn't receive the wrong data that is bound on parent
+            $test->assertNull($event->getData());
+        });
+
+        $parent = $this->getBuilder('parent', new EventDispatcher())
+            ->setCompound(true)
+            ->setDataMapper($this->getDataMapper())
+            ->add($child)
+            ->getForm();
+
+        $parent->bind('not-an-array');
+    }
+
     protected function createForm()
     {
         return $this->getBuilder()->getForm();