Gah, it was right there in the docs.
Just in case someone else needs it:
$template_vars = array(
...
'{csrf.name}' =>
$form->getWidgetSchema()->generateName($form->getCSRFFieldName()),
'{csrf.value}' => $form->getCSRFToken(),
...
)
That did the trick..
Luis.
On Wed, Mar 24, 2010 at 12:52 PM, Luis Alberto Zarrabeitia
<[email protected]> wrote:
> Hello.
>
> I'm trying to create a custom widget [1]. This "widget" is actually a
> mini-form with his own submit button, which posts to its own
> controller method. I configure it in the form::configure as:
>
> 'app_icon' => new
> WidgetFormInputAjaxUpload(array('post_url' =>
> url_for('apps/upload').'?id='.$this->getObject()->getId()))
>
> Now, I need the "widget" to know the csrf token, so that I can
> validate it in the upload action. But, I don't know how to get to the
> csrf token when I'm building the form, to set it on the widget. How
> can I obtain it?
>
> (In essence, I need to be able to pass the "app[_csrs_token]" and the
> token value to some methods during the form::configure, but I don't
> know how to access either the 'app[_csrs_token]' string, nor the token
> itself. If I just hardcode those strings in the widget, it works.)
>
> Regards,
>
> Luis.
>
> [1] the widget is based on the AJAUpload solution presented in
> http://valums.com/ajax-upload/. The idea is to be able to change an
> icon without having to submit the whole form, so that the user can
> upload and see previews of his upload before sending the whole form.
>
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
To unsubscribe from this group, send email to
symfony-users+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.
