$f = new FormTest(array(), array(), false);
$t->ok(!$f->isCSRFProtected(), '->isCSRFProtected() returns true if the form is CSRF protected');
Form::enableCSRFProtection('mygreatsecret');
$f = new FormTest();
$v = $f->getValidatorSchema();
$t->is($v[Form::getCSRFFieldName()]->getOption('token'), '*mygreatsecret*', '::enableCSRFProtection() can take a secret argument');
// ->enableLocalCSRFProtection() ->disableLocalCSRFProtection()
$t->diag('->enableLocalCSRFProtection() ->disableLocalCSRFProtection()');
$f = new TestForm3();
Form::disableCSRFProtection();
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form');
Form::enableCSRFProtection();
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even if the global CSRF protection is enabled');
$f = new TestForm3(array(), array(), 'foo');
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even a CSRF secret is provided in the constructor');
Form::disableCSRFProtection();
$f = new TestForm4();
$t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed null and global CSRF is disabled');
$f = new TestForm4(array(), array('csrf_secret' => '**localsecret**'));
$t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed a string global CSRF is disabled');
// ::getCSRFFieldName() ::setCSRFFieldName()
$t->diag('::getCSRFFieldName() ::setCSRFFieldName()');
Form::enableCSRFProtection();
Form::setCSRFFieldName('_token_');
$f = new FormTest();
$v = $f->getValidatorSchema();
$t->ok(isset($v['_token_']), '::setCSRFFieldName() changes the CSRF token field name');
$t->is(Form::getCSRFFieldName(), '_token_', '::getCSRFFieldName() returns the CSRF token field name');
// ->isMultipart()
$t->diag('->isMultipart()');
$f = new FormTest();
