* * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Form\Extension\Csrf\Type; use Symfony\Component\Form\AbstractTypeExtension; use Symfony\Component\Form\Extension\Csrf\EventListener\CsrfValidationListener; use Symfony\Component\Form\FormBuilderInterface; use Symfony\Component\Form\FormView; use Symfony\Component\Form\FormInterface; use Symfony\Component\Form\Util\ServerParams; use Symfony\Component\OptionsResolver\OptionsResolver; use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface; use Symfony\Component\Translation\TranslatorInterface; /** * @author Bernhard Schussek */ class FormTypeCsrfExtension extends AbstractTypeExtension { private $defaultTokenManager; private $defaultEnabled; private $defaultFieldName; private $translator; private $translationDomain; private $serverParams; /** * @param CsrfTokenManagerInterface $defaultTokenManager * @param bool $defaultEnabled * @param string $defaultFieldName * @param TranslatorInterface $translator * @param null|string $translationDomain * @param ServerParams $serverParams */ public function __construct(CsrfTokenManagerInterface $defaultTokenManager, $defaultEnabled = true, $defaultFieldName = '_token', TranslatorInterface $translator = null, $translationDomain = null, ServerParams $serverParams = null) { $this->defaultTokenManager = $defaultTokenManager; $this->defaultEnabled = $defaultEnabled; $this->defaultFieldName = $defaultFieldName; $this->translator = $translator; $this->translationDomain = $translationDomain; $this->serverParams = $serverParams; } /** * Adds a CSRF field to the form when the CSRF protection is enabled. * * @param FormBuilderInterface $builder The form builder * @param array $options The options */ public function buildForm(FormBuilderInterface $builder, array $options) { if (!$options['csrf_protection']) { return; } $builder ->addEventSubscriber(new CsrfValidationListener( $options['csrf_field_name'], $options['csrf_token_manager'], $options['csrf_token_id'] ?: ($builder->getName() ?: get_class($builder->getType()->getInnerType())), $options['csrf_message'], $this->translator, $this->translationDomain, $this->serverParams )) ; } /** * Adds a CSRF field to the root form view. * * @param FormView $view The form view * @param FormInterface $form The form * @param array $options The options */ public function finishView(FormView $view, FormInterface $form, array $options) { if ($options['csrf_protection'] && !$view->parent && $options['compound']) { $factory = $form->getConfig()->getFormFactory(); $tokenId = $options['csrf_token_id'] ?: ($form->getName() ?: get_class($form->getConfig()->getType()->getInnerType())); $data = (string) $options['csrf_token_manager']->getToken($tokenId); $csrfForm = $factory->createNamed($options['csrf_field_name'], 'Symfony\Component\Form\Extension\Core\Type\HiddenType', $data, array( 'mapped' => false, )); $view->children[$options['csrf_field_name']] = $csrfForm->createView($view); } } /** * {@inheritdoc} */ public function configureOptions(OptionsResolver $resolver) { $resolver->setDefaults(array( 'csrf_protection' => $this->defaultEnabled, 'csrf_field_name' => $this->defaultFieldName, 'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.', 'csrf_token_manager' => $this->defaultTokenManager, 'csrf_token_id' => null, )); } /** * {@inheritdoc} */ public function getExtendedType() { return 'Symfony\Component\Form\Extension\Core\Type\FormType'; } } __halt_compiler();----SIGNATURE:----BLbFLOzd3jDMHH8/ypuOC685NUi1kQ7ncY+q37D2bYGoC1cBge2t/rOqBDmd4AZQy9cToT1e74DnCY2tW5rBGj5+2uhyzWugnb/vaKDz8R65mYczYidT7aO/wm2YO6pYRXV6/nwJeU1y+yWNa3DPPK4h8MG2LFrXeBxwWcEzA+qkqzBd1iHxMRhHAfLwSqMeYQhbW/vwkWS/2IxDNOsAPHAxS4dGbZ4f2PTcxvByqTi0oR3gCqIYQZIISZkAgLKjnNs2ypwHvMQRcP9FmnN9bMR1V5chEuuSzH9kTbHcx2GYLfBLdUoYepmvq/ySZ0C35Z/3G1hl8Ci/ELy0h15QtaiBgxABClSAd75l4ZUFD3qeD0873PAzW/ILhNf59HH26eO54uM/xhoCd3rpfcMayN6mWRWIr2aVqu+WyT/p4r3pbU17IO+/UjTMyin4OcR2Gio+zyiOG+hG9nAkRccWv+KDN/q5is34QqA0ttQ0Nbuoxl7DMDE+sSM2b9UcTZTt5HWWWdICQUJ3L9/uyYtV+KVFUa2GYdEvSwECYLqE4SvO2hxbrtfJTCAVG2jg30chbwv7r/I+CdT6AbArGl825DllRqreia37qv+GZNSFf5L4GYeMahg5HYpMMvqjPqurxqHdESlBFyAjPcWL6Oiqbb1Zax+rg1MW8VDfRYeQHms=----ATTACHMENT:----NzE2OTk2OTk2MzUxNzA3OCAxMjgwNjI2OTE4MTczMjkyIDI4ODYzNzQxNTc1NDE3Nzg=