I found clearing the cache in the development environment did the trick for me without the hack.
On Nov 19, 11:56 pm, inty <[email protected]> wrote: > Here's an ugly hack I did to circumvent this until the bug is fixed... > > class NewForm extends Form { > public function add(FieldInterface $field) { > if(parent::$defaultCsrfFieldName == $field->getName()) { > $new_field = new StaticHiddenField($field->getName()); > $new_field->setData($field->getData()); > $field = $new_field; > } > return parent::add($field); > } > > } > > class StaticHiddenField extends HiddenField { > public function __construct($key, array $options = array()) { > $options['property_path'] = null; > parent::__construct($key, $options); > } > > public function updateFromObject(&$objectOrArray) { > } > > } > > // Mattias Fliesberg > > On Nov 13, 12:15 pm, Antoine Hérault <[email protected]> > wrote: > > > > > > > > > Hello, > > > I rencently tried to manage my application forms throught services. It > > seemed > > to work until I tried to validate a form: I got the "The CSRF token is > > invalid" > > error. So I quick saw the _token field value was empty. After a while, I > > found > > where my problem came from: as the form is defined as a service, I set its > > data > > after its creation. However, the CSRF token field is added during creation > > after the data is set. > > > The CSRF token field is added with a null property path. However, the null > > property path means that, during filling from an object or an array and the > > inverse operation, the concerned field does not match any property itself > > but > > its children may. So there is no way to "detach" any field from the data > > object > > and the CSRF token is an exemple of field for which this would be practical. > > > My proposal is to add case in which the path is set to FALSE. In this case, > > the > > spread of data from an object would be broken. > > > Best regards, > > Antoine -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
