That's a known regression introduced by the security patch. We work
actively to provide a fix for that problem, but that's not a simple
task. For now, you can revert to 1.2.5 and check that you have unset the
fields you want to remove in the admin form from the form class itself,
which prevents the security issue.
Thanks for your patience,
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
virtualize wrote:
> hi
>
> in my ContactForm.class.php -> configure() I have something like this:
>
> if (!$this->isNew())
> {
> // attach contact vitas
> foreach ($this->getObject()->getContactVitas() as $vita)
> {
> $vita_form = new ContactVitaForm($vita);
> $this->embedForm('vita_'.$vita->getId(), $vita_form);
> }
> $this->embedForm('vita', new ContactVitaForm());
> }
>
> in generate.yml I declare some basics fields and a patial
> where I handle the embedded form:
> form:
> display:
> "Basic data": [ title, email, skype, telephone, image ]
> "Curriculum vitae": [ _fieldset_contact_vita ]
>
> In the partial _fieldset_contact_vita I retrieve the embedded form
> by $form->getEmbeddedForms(), which returns nothing now that
> I upgraded to 1.2.6. Of course it worked well in 1.2.5
> It seems that the embedded forms get unset by the new security fix.
>
> Is there a way to prevent their removal without touching the core.
> Or could my way of embedding forms handled some other way?
>
> regards, chris
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
