4 * This file is part of the Symfony package.
6 * (c) Fabien Potencier <fabien@symfony.com>
8 * For the full copyright and license information, please view the LICENSE
9 * file that was distributed with this source code.
12 namespace Symfony\Component\Form\Extension\Csrf\Type
;
14 use Symfony\Component\Form\AbstractTypeExtension
;
15 use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface
;
16 use Symfony\Component\Form\Extension\Csrf\EventListener\CsrfValidationListener
;
17 use Symfony\Component\Form\FormBuilderInterface
;
18 use Symfony\Component\Form\FormView
;
19 use Symfony\Component\Form\FormInterface
;
20 use Symfony\Component\OptionsResolver\OptionsResolverInterface
;
21 use Symfony\Component\Translation\TranslatorInterface
;
24 * @author Bernhard Schussek <bschussek@gmail.com>
26 class FormTypeCsrfExtension
extends AbstractTypeExtension
29 * @var CsrfProviderInterface
31 private $defaultCsrfProvider;
36 private $defaultEnabled;
41 private $defaultFieldName;
44 * @var TranslatorInterface
51 private $translationDomain;
53 public function __construct(CsrfProviderInterface
$defaultCsrfProvider, $defaultEnabled = true, $defaultFieldName = '_token', TranslatorInterface
$translator = null, $translationDomain = null)
55 $this->defaultCsrfProvider
= $defaultCsrfProvider;
56 $this->defaultEnabled
= $defaultEnabled;
57 $this->defaultFieldName
= $defaultFieldName;
58 $this->translator
= $translator;
59 $this->translationDomain
= $translationDomain;
63 * Adds a CSRF field to the form when the CSRF protection is enabled.
65 * @param FormBuilderInterface $builder The form builder
66 * @param array $options The options
68 public function buildForm(FormBuilderInterface
$builder, array $options)
70 if (!$options['csrf_protection']) {
75 ->setAttribute('csrf_factory', $builder->getFormFactory())
76 ->addEventSubscriber(new CsrfValidationListener(
77 $options['csrf_field_name'],
78 $options['csrf_provider'],
79 $options['intention'],
80 $options['csrf_message'],
82 $this->translationDomain
88 * Adds a CSRF field to the root form view.
90 * @param FormView $view The form view
91 * @param FormInterface $form The form
92 * @param array $options The options
94 public function finishView(FormView
$view, FormInterface
$form, array $options)
96 if ($options['csrf_protection'] && !$view->parent
&& $options['compound']) {
97 $factory = $form->getConfig()->getAttribute('csrf_factory');
98 $data = $options['csrf_provider']->generateCsrfToken($options['intention']);
100 $csrfForm = $factory->createNamed($options['csrf_field_name'], 'hidden', $data, array(
104 $view->children
[$options['csrf_field_name']] = $csrfForm->createView($view);
111 public function setDefaultOptions(OptionsResolverInterface
$resolver)
113 $resolver->setDefaults(array(
114 'csrf_protection' => $this->defaultEnabled
,
115 'csrf_field_name' => $this->defaultFieldName
,
116 'csrf_provider' => $this->defaultCsrfProvider
,
117 'csrf_message' => 'The CSRF token is invalid. Please try to resubmit the form.',
118 'intention' => 'unknown',
125 public function getExtendedType()