Skip to content

[Twig] [FrameworkBundle] added CSRF token helper #3080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 22, 2012
Merged

[Twig] [FrameworkBundle] added CSRF token helper #3080

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e1aced8
[Twig] added {{ csrf_token() }} helper
kriswallsmith Jan 10, 2012
753c067
[FrameworkBundle] added $view['form']->csrfToken() helper
kriswallsmith Jan 10, 2012
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
[Twig] added {{ csrf_token() }} helper
  • Loading branch information
@kriswallsmith
kriswallsmith committed Jan 10, 2012
commit e1aced89fd0f036ee4fd448d17184c168f2c9ae0
34 changes: 33 additions & 1 deletion src/Symfony/Bridge/Twig/Extension/FormExtension.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
use Symfony\Bridge\Twig\TokenParser\FormThemeTokenParser;
use Symfony\Component\Form\FormView;
use Symfony\Component\Form\Exception\FormException;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Form\Util\FormUtil;

/**
Expand All @@ -24,15 +25,17 @@
*/
class FormExtension extends \Twig_Extension
{
protected $csrfProvider;
protected $resources;
protected $blocks;
protected $environment;
protected $themes;
protected $varStack;
protected $template;

public function __construct(array $resources = array())
public function __construct(CsrfProviderInterface $csrfProvider, array $resources = array())
{
$this->csrfProvider = $csrfProvider;
$this->themes = new \SplObjectStorage();
$this->varStack = array();
$this->blocks = new \SplObjectStorage();
Expand Down Expand Up @@ -81,6 +84,7 @@ public function getFunctions()
'form_label' => new \Twig_Function_Method($this, 'renderLabel', array('is_safe' => array('html'))),
'form_row' => new \Twig_Function_Method($this, 'renderRow', array('is_safe' => array('html'))),
'form_rest' => new \Twig_Function_Method($this, 'renderRest', array('is_safe' => array('html'))),
'csrf_token' => new \Twig_Function_Method($this, 'getCsrfToken'),
'_form_is_choice_group' => new \Twig_Function_Method($this, 'isChoiceGroup', array('is_safe' => array('html'))),
'_form_is_choice_selected' => new \Twig_Function_Method($this, 'isChoiceSelected', array('is_safe' => array('html'))),
);
Expand Down Expand Up @@ -269,6 +273,34 @@ protected function render(FormView $view, $section, array $variables = array())
));
}

/**
* Returns a CSRF token.
*
* Use this helper for CSRF protection without the overhead of creating a
* form.
*
* <code>
* <input type="hidden" name="token" value="{{ csrf_token('rm_user_' ~ user.id) }}">
* </code>
*
* Check the token in your action using the same intention.
*
* <code>
* $csrfProvider = $this->get('form.csrf_provider');
* if (!$csrfProvider->isCsrfTokenValid('rm_user_'.$user->getId(), $token)) {
* throw new \RuntimeException('CSRF attack detected.');
* }
* </code>
*
* @param string $intention The intention of the protected action
*
* @return string A CSRF token
*/
public function getCsrfToken($intention)
{
return $this->csrfProvider->generateCsrfToken($intention);
}

/**
* Returns the name of the extension.
*
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/TwigBundle/Resources/config/twig.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@

<service id="twig.extension.form" class="%twig.extension.form.class%" public="false">
<tag name="twig.extension" />
<argument type="service" id="form.csrf_provider" />
<argument>%twig.form.resources%</argument>
</service>

Expand Down
2 changes: 1 addition & 1 deletion tests/Symfony/Tests/Bridge/Twig/Extension/FormExtensionDivLayoutTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ protected function setUp()
__DIR__,
));

$this->extension = new FormExtension(array(
$this->extension = new FormExtension($this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
'form_div_layout.html.twig',
'custom_widgets.html.twig',
));
Expand Down
2 changes: 1 addition & 1 deletion tests/Symfony/Tests/Bridge/Twig/Extension/FormExtensionTableLayoutTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ protected function setUp()
__DIR__,
));

$this->extension = new FormExtension(array(
$this->extension = new FormExtension($this->getMock('Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface'), array(
'form_table_layout.html.twig',
'custom_widgets.html.twig',
));
Expand Down
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy