diff options
Diffstat (limited to 'vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php')
-rw-r--r-- | vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php | 115 |
1 files changed, 115 insertions, 0 deletions
diff --git a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php new file mode 100644 index 00000000..547e9d75 --- /dev/null +++ b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php | |||
@@ -0,0 +1,115 @@ | |||
1 | <?php | ||
2 | |||
3 | /* | ||
4 | * This file is part of the Symfony package. | ||
5 | * | ||
6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
7 | * | ||
8 | * For the full copyright and license information, please view the LICENSE | ||
9 | * file that was distributed with this source code. | ||
10 | */ | ||
11 | |||
12 | namespace Symfony\Component\Form\Extension\Csrf\EventListener; | ||
13 | |||
14 | use Symfony\Component\EventDispatcher\EventSubscriberInterface; | ||
15 | use Symfony\Component\Form\FormEvents; | ||
16 | use Symfony\Component\Form\FormError; | ||
17 | use Symfony\Component\Form\FormEvent; | ||
18 | use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; | ||
19 | use Symfony\Component\Translation\TranslatorInterface; | ||
20 | |||
21 | /** | ||
22 | * @author Bernhard Schussek <bschussek@gmail.com> | ||
23 | */ | ||
24 | class CsrfValidationListener implements EventSubscriberInterface | ||
25 | { | ||
26 | /** | ||
27 | * The name of the CSRF field | ||
28 | * @var string | ||
29 | */ | ||
30 | private $fieldName; | ||
31 | |||
32 | /** | ||
33 | * The provider for generating and validating CSRF tokens | ||
34 | * @var CsrfProviderInterface | ||
35 | */ | ||
36 | private $csrfProvider; | ||
37 | |||
38 | /** | ||
39 | * A text mentioning the intention of the CSRF token | ||
40 | * | ||
41 | * Validation of the token will only succeed if it was generated in the | ||
42 | * same session and with the same intention. | ||
43 | * | ||
44 | * @var string | ||
45 | */ | ||
46 | private $intention; | ||
47 | |||
48 | /** | ||
49 | * The message displayed in case of an error. | ||
50 | * @var string | ||
51 | */ | ||
52 | private $errorMessage; | ||
53 | |||
54 | /** | ||
55 | * @var TranslatorInterface | ||
56 | */ | ||
57 | private $translator; | ||
58 | |||
59 | /** | ||
60 | * @var null|string | ||
61 | */ | ||
62 | private $translationDomain; | ||
63 | |||
64 | public static function getSubscribedEvents() | ||
65 | { | ||
66 | return array( | ||
67 | FormEvents::PRE_SUBMIT => 'preSubmit', | ||
68 | ); | ||
69 | } | ||
70 | |||
71 | public function __construct($fieldName, CsrfProviderInterface $csrfProvider, $intention, $errorMessage, TranslatorInterface $translator = null, $translationDomain = null) | ||
72 | { | ||
73 | $this->fieldName = $fieldName; | ||
74 | $this->csrfProvider = $csrfProvider; | ||
75 | $this->intention = $intention; | ||
76 | $this->errorMessage = $errorMessage; | ||
77 | $this->translator = $translator; | ||
78 | $this->translationDomain = $translationDomain; | ||
79 | } | ||
80 | |||
81 | public function preSubmit(FormEvent $event) | ||
82 | { | ||
83 | $form = $event->getForm(); | ||
84 | $data = $event->getData(); | ||
85 | |||
86 | if ($form->isRoot() && $form->getConfig()->getOption('compound')) { | ||
87 | if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { | ||
88 | $errorMessage = $this->errorMessage; | ||
89 | |||
90 | if (null !== $this->translator) { | ||
91 | $errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain); | ||
92 | } | ||
93 | |||
94 | $form->addError(new FormError($errorMessage)); | ||
95 | } | ||
96 | |||
97 | if (is_array($data)) { | ||
98 | unset($data[$this->fieldName]); | ||
99 | } | ||
100 | } | ||
101 | |||
102 | $event->setData($data); | ||
103 | } | ||
104 | |||
105 | /** | ||
106 | * Alias of {@link preSubmit()}. | ||
107 | * | ||
108 | * @deprecated Deprecated since version 2.3, to be removed in 3.0. Use | ||
109 | * {@link preSubmit()} instead. | ||
110 | */ | ||
111 | public function preBind(FormEvent $event) | ||
112 | { | ||
113 | $this->preSubmit($event); | ||
114 | } | ||
115 | } | ||