Some thing is weird here.
I coonstruct a form, but I used
$this->widgetSchema->setNameFormat('users[%s]');
to have all the file name start with user[xxx]
Then I used
echo $form->renderHiddenFields();
now the form code is
<form method="post" action="/frontend_dev.php/quickSearch"> <input
type="hidden" name="users[_csrf_token]"
value="6b10e0caa22a8de5d458df4fb8e9d301" id="users__csrf_token" /><table
id="tbQuickSearch" border="0">
I think the csrftoken is already there
But when I use $request->checkCSRFProtection(); alwasy error thrown
_csrf_token [Required.]
I alrady set
$this->validatorSchema->setOption('allow_extra_fields', true);
$this->validatorSchema->setOption('filter_extra_fields', false);
I think the csrf-token already included.
When I change method ot post, I saw
users[_csrf_token]=xxxxx
Is this the reason?
On Wed, Feb 4, 2009 at 8:04 PM, Ant Cunningham <[email protected]
> wrote:
>
> Pass in the secret as the last argument of the form constructor. I
> believe if it is present it will generate the field in the widgetSchema.
>
> xhe wrote:
> > Just have a confused question.
> >
> > I have created a form, but how can I add csrf hidden field? The form
> > is not automatically generated, but manually generated. I checked the
> > code of propel auto-generated form, they always have a hidden csrf
> > token field, but my manually created form does not have that hidden
> > field.
> >
> > Can anyone tell me how to add that field into manually created form?
> >
> > Thanks
> > >
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
