blob: 547e9d756c38bb6cf6c6ed5a2c4219ab52b54e37 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Form\Extension\Csrf\EventListener;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\Form\FormEvents;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\FormEvent;
use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\Translation\TranslatorInterface;
/**
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class CsrfValidationListener implements EventSubscriberInterface
{
/**
* The name of the CSRF field
* @var string
*/
private $fieldName;
/**
* The provider for generating and validating CSRF tokens
* @var CsrfProviderInterface
*/
private $csrfProvider;
/**
* A text mentioning the intention of the CSRF token
*
* Validation of the token will only succeed if it was generated in the
* same session and with the same intention.
*
* @var string
*/
private $intention;
/**
* The message displayed in case of an error.
* @var string
*/
private $errorMessage;
/**
* @var TranslatorInterface
*/
private $translator;
/**
* @var null|string
*/
private $translationDomain;
public static function getSubscribedEvents()
{
return array(
FormEvents::PRE_SUBMIT => 'preSubmit',
);
}
public function __construct($fieldName, CsrfProviderInterface $csrfProvider, $intention, $errorMessage, TranslatorInterface $translator = null, $translationDomain = null)
{
$this->fieldName = $fieldName;
$this->csrfProvider = $csrfProvider;
$this->intention = $intention;
$this->errorMessage = $errorMessage;
$this->translator = $translator;
$this->translationDomain = $translationDomain;
}
public function preSubmit(FormEvent $event)
{
$form = $event->getForm();
$data = $event->getData();
if ($form->isRoot() && $form->getConfig()->getOption('compound')) {
if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
$errorMessage = $this->errorMessage;
if (null !== $this->translator) {
$errorMessage = $this->translator->trans($errorMessage, array(), $this->translationDomain);
}
$form->addError(new FormError($errorMessage));
}
if (is_array($data)) {
unset($data[$this->fieldName]);
}
}
$event->setData($data);
}
/**
* Alias of {@link preSubmit()}.
*
* @deprecated Deprecated since version 2.3, to be removed in 3.0. Use
* {@link preSubmit()} instead.
*/
public function preBind(FormEvent $event)
{
$this->preSubmit($event);
}
}
|
