Here's an ugly hack I did to circumvent this until the bug is fixed...
class NewForm extends Form {
public function add(FieldInterface $field) {
if(parent::$defaultCsrfFieldName == $field->getName()) {
$new_field = new StaticHiddenField($field->getName());
$new_field->setData($field->getData());
$field = $new_field;
}
return parent::add($field);
}
}
class StaticHiddenField extends HiddenField {
public function __construct($key, array $options = array()) {
$options['property_path'] = null;
parent::__construct($key, $options);
}
public function updateFromObject(&$objectOrArray) {
}
}
// Mattias Fliesberg
On Nov 13, 12:15 pm, Antoine Hérault <[email protected]>
wrote:
> Hello,
>
> I rencently tried to manage my application forms throught services. It
> seemed
> to work until I tried to validate a form: I got the "The CSRF token is
> invalid"
> error. So I quick saw the _token field value was empty. After a while, I
> found
> where my problem came from: as the form is defined as a service, I set its
> data
> after its creation. However, the CSRF token field is added during creation
> after the data is set.
>
> The CSRF token field is added with a null property path. However, the null
> property path means that, during filling from an object or an array and the
> inverse operation, the concerned field does not match any property itself
> but
> its children may. So there is no way to "detach" any field from the data
> object
> and the CSRF token is an exemple of field for which this would be practical.
>
> My proposal is to add case in which the path is set to FALSE. In this case,
> the
> spread of data from an object would be broken.
>
> Best regards,
> Antoine
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
