vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php

   1 <?php
   2
   3 /*
   4  * This file is part of the Symfony package.
   5  *
   6  * (c) Fabien Potencier <fabien@symfony.com>
   7  *
   8  * For the full copyright and license information, please view the LICENSE
   9  * file that was distributed with this source code.
  10  */
  11
  12 namespace Symfony\Component\Form\Extension\Csrf\EventListener;
  13
  14 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15 use Symfony\Component\Form\FormEvents;
  16 use Symfony\Component\Form\FormError;
  17 use Symfony\Component\Form\FormEvent;
  18 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
  19 use Symfony\Component\Translation\TranslatorInterface;
  20
  21 /**
  22  * @author Bernhard Schussek <bschussek@gmail.com>
  23  */
  24 class CsrfValidationListener implements EventSubscriberInterface
  25 {
  26     /**
  27      * The name of the CSRF field
  28      * @var string
  29      */
  30     private $fieldName;
  31
  32     /**
  33      * The provider for generating and validating CSRF tokens
  34      * @var CsrfProviderInterface
  35      */
  36     private $csrfProvider;
  37
  38     /**
  39      * A text mentioning the intention of the CSRF token
  40      *
  41      * Validation of the token will only succeed if it was generated in the
  42      * same session and with the same intention.
  43      *
  44      * @var string
  45      */
  46     private $intention;
  47
  48     /**
  49      * The message displayed in case of an error.
  50      * @var string
  51      */
  52     private $errorMessage;
  53
  54     /**
  55      * @var TranslatorInterface
  56      */
  57     private $translator;
  58
  59     /**
  60      * @var null|string
  61      */
  62     private $translationDomain;
  63
  64     public static function getSubscribedEvents()
  65     {
  66         return array(
  67             FormEvents::PRE_SUBMIT => 'preSubmit',
  68         );
  69     }
  70
  71     public function __construct($fieldName, CsrfProviderInterface $csrfProvider, $intention, $errorMessage, TranslatorInterface $translator = null, $translationDomain = null)
  72     {
  73         $this->fieldName = $fieldName;
  74         $this->csrfProvider = $csrfProvider;
  75         $this->intention = $intention;
  76         $this->errorMessage = $errorMessage;
  77         $this->translator = $translator;
  78         $this->translationDomain = $translationDomain;
  79     }
  80
  81     public function preSubmit(FormEvent $event)
  82     {
  83         $form = $event->getForm();
  84         $data = $event->getData();
  85
  86         if ($form->isRoot() && $form->getConfig()->getOption('compound')) {
  87             if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
  88                 $errorMessage = $this->errorMessage;
  89
  90                 if (null !== $this->translator) {
  91                     $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
  92                 }
  93
  94                 $form->addError(new FormError($errorMessage));
  95             }
  96
  97             if (is_array($data)) {
  98                 unset($data[$this->fieldName]);
  99             }
 100         }
 101
 102         $event->setData($data);
 103     }
 104
 105     /**
 106      * Alias of {@link preSubmit()}.
 107      *
 108      * @deprecated Deprecated since version 2.3, to be removed in 3.0. Use
 109      *             {@link preSubmit()} instead.
 110      */
 111     public function preBind(FormEvent $event)
 112     {
 113         $this->preSubmit($event);
 114     }
 115 }