Hello, I rencently tried to manage my application forms throught services. It seemed to work until I tried to validate a form: I got the "The CSRF token is invalid" error. So I quick saw the _token field value was empty. After a while, I found where my problem came from: as the form is defined as a service, I set its data after its creation. However, the CSRF token field is added during creation after the data is set.
The CSRF token field is added with a null property path. However, the null property path means that, during filling from an object or an array and the inverse operation, the concerned field does not match any property itself but its children may. So there is no way to "detach" any field from the data object and the CSRF token is an exemple of field for which this would be practical. My proposal is to add case in which the path is set to FALSE. In this case, the spread of data from an object would be broken. Best regards, Antoine -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
