public function initialize()
{
parent::initialize();
if (!sfConfig::get('sf_cli') && false !== sfConfig::get('app_frontend_csrf_secret')) {
sfForm::enableCSRFProtection(sfConfig::get('app_frontend_csrf_secret'));
}
}
/**
* Listens for the context.load_factories event. By this time, all core
* classes are loaded, and we can add any initialization which needs to
* run after classes are loaded.
*
* @param sfEvent $event
*/
public function loadFactoriesListener(sfEvent $event)
{
// Create key cache for hs_hr_config values
$ohrmConfigCache = new ohrmKeyValueCache('config', function () {
$configService = new ConfigService();
return $configService->getAllValues();
});
sfContext::getInstance()->setOhrmConfigCache($ohrmConfigCache);
// use csrf_secret from hs_hr_config (overrides value in settings.yml)
$csrfSecret = $ohrmConfigCache->get('csrf_secret');
if (!empty($csrfSecret)) {
sfForm::enableCSRFProtection($csrfSecret);
}
}
/**
* @see sfProjectConfiguration
*/
public function initConfiguration()
{
$configCache = $this->getConfigCache();
// required core classes for the framework
if (!sfConfig::get('sf_debug') && !sfConfig::get('sf_test') && !self::$coreLoaded) {
$configCache->import('config/core_compile.yml', false);
}
sfAutoload::getInstance()->register();
// load base settings
include $configCache->checkConfig('config/settings.yml');
if ($file = $configCache->checkConfig('config/app.yml', true)) {
include $file;
}
if (false !== sfConfig::get('sf_csrf_secret')) {
sfForm::enableCSRFProtection(sfConfig::get('sf_csrf_secret'));
}
sfWidget::setCharset(sfConfig::get('sf_charset'));
sfValidatorBase::setCharset(sfConfig::get('sf_charset'));
// force setting default timezone if not set
if ($default_timezone = sfConfig::get('sf_default_timezone')) {
date_default_timezone_set($default_timezone);
} else {
if (sfConfig::get('sf_force_default_timezone', true)) {
date_default_timezone_set(@date_default_timezone_get());
}
}
// error settings
ini_set('display_errors', $this->isDebug() ? 'on' : 'off');
error_reporting(sfConfig::get('sf_error_reporting'));
// include all config.php from plugins
$this->loadPluginConfig();
// Disabled by default in symfony 1.1 because it causes problems with Doctrine.
// If you want to enable it in your application, just copy the spl_autoload_register() line
// in your configuration class.
if (0 && $this->isDebug()) {
spl_autoload_register(array(sfAutoload::getInstance(), 'autoloadAgain'));
}
// compress output
if (!self::$coreLoaded) {
ob_start(sfConfig::get('sf_compressed') ? 'ob_gzhandler' : '');
}
self::$coreLoaded = true;
}
$t->diag('->enableLocalCSRFProtection() ->disableLocalCSRFProtection()');
$f = new TestForm3();
sfForm::disableCSRFProtection();
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form');
sfForm::enableCSRFProtection();
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even if the global CSRF protection is enabled');
$f = new TestForm3(array(), array(), 'foo');
$t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even a CSRF secret is provided in the constructor');
sfForm::disableCSRFProtection();
$f = new TestForm4();
$t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed null and global CSRF is disabled');
$f = new TestForm4(array(), array('csrf_secret' => '**localsecret**'));
$t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed a string global CSRF is disabled');
// ::getCSRFFieldName() ::setCSRFFieldName()
$t->diag('::getCSRFFieldName() ::setCSRFFieldName()');
sfForm::enableCSRFProtection();
sfForm::setCSRFFieldName('_token_');
$f = new FormTest();
$v = $f->getValidatorSchema();
$t->ok(isset($v['_token_']), '::setCSRFFieldName() changes the CSRF token field name');
$t->is(sfForm::getCSRFFieldName(), '_token_', '::getCSRFFieldName() returns the CSRF token field name');
// ->isMultipart()
$t->diag('->isMultipart()');
$f = new FormTest();
$t->ok(!$f->isMultipart(), '->isMultipart() returns false if the form does not need a multipart form');
$f->setWidgetSchema(new sfWidgetFormSchema(array('image' => new sfWidgetFormInputFile())));
$t->ok($f->isMultipart(), '->isMultipart() returns true if the form needs a multipart form');
// ->setValidators() ->setValidatorSchema() ->getValidatorSchema() ->setValidator() ->getValidator()
$t->diag('->setValidators() ->setValidatorSchema() ->getValidatorSchema() ->setValidator() ->getValidator()');
$f = new FormTest();
$validators = array('first_name' => new sfValidatorPass(), 'last_name' => new sfValidatorPass());
$w->setNameFormat('foo[%s]');
$t->is($f->getName(), 'foo', '->getName() returns the name under which user data can be retrieved');
// ::enableCSRFProtection() ::disableCSRFProtection() ->isCSRFProtected()
$t->diag('::enableCSRFProtection() ::disableCSRFProtection()');
sfForm::enableCSRFProtection();
$f1 = new FormTest();
$t->ok($f1->isCSRFProtected(), '::enableCSRFProtection() enabled CSRF protection for all future forms');
sfForm::disableCSRFProtection();
$f2 = new FormTest();
$t->ok(!$f2->isCSRFProtected(), '::disableCSRFProtection() disables CSRF protection for all future forms');
$t->ok($f1->isCSRFProtected(), '::enableCSRFProtection() enabled CSRF protection for all future forms');
sfForm::enableCSRFProtection();
$t->ok(!$f2->isCSRFProtected(), '::disableCSRFProtection() disables CSRF protection for all future forms');
$f = new FormTest(array(), array(), false);
$t->ok(!$f->isCSRFProtected(), '->isCSRFProtected() returns true if the form is CSRF protected');
sfForm::enableCSRFProtection('mygreatsecret');
$f = new FormTest();
$v = $f->getValidatorSchema();
$t->is($v[sfForm::getCSRFFieldName()]->getOption('token'), '*mygreatsecret*', '::enableCSRFProtection() can take a secret argument');
// ::getCSRFFieldName() ::setCSRFFieldName()
$t->diag('::getCSRFFieldName() ::setCSRFFieldName()');
sfForm::setCSRFFieldName('_token_');
$f = new FormTest();
$v = $f->getValidatorSchema();
$t->ok(isset($v['_token_']), '::setCSRFFieldName() changes the CSRF token field name');
$t->is(sfForm::getCSRFFieldName(), '_token_', '::getCSRFFieldName() returns the CSRF token field name');
// ->isMultipart()
$t->diag('->isMultipart()');
$f = new FormTest();
$t->ok(!$f->isMultipart(), '->isMultipart() returns false if the form does not need a multipart form');
$f->setWidgetSchema(new sfWidgetFormSchema(array('image' => new sfWidgetFormInputFile())));
/**
* Various initializations.
*/
public function initConfiguration()
{
$configCache = $this->getConfigCache();
// in debug mode, start global timer
if ($this->isDebug() && !sfConfig::get('sf_cli') && !sfWebDebugPanelTimer::isStarted()) {
sfWebDebugPanelTimer::startTime();
}
// required core classes for the framework
if (!$this->isDebug() && !sfConfig::get('sf_test') && !sfConfig::get('sf_cli') && !self::$coreLoaded) {
$configCache->import('config/core_compile.yml', false);
}
// autoloader(s)
$this->dispatcher->connect('autoload.filter_config', array($this, 'filterAutoloadConfig'));
sfAutoload::getInstance()->register();
if ($this->isDebug()) {
sfAutoloadAgain::getInstance()->register();
}
// load base settings
include $configCache->checkConfig('config/settings.yml');
if ($file = $configCache->checkConfig('config/app.yml', true)) {
include $file;
}
if (!sfConfig::get('sf_cli') && false !== sfConfig::get('sf_csrf_secret')) {
sfForm::enableCSRFProtection(sfConfig::get('sf_csrf_secret'));
}
sfWidget::setCharset(sfConfig::get('sf_charset'));
sfValidatorBase::setCharset(sfConfig::get('sf_charset'));
// force setting default timezone if not set
if ($default_timezone = sfConfig::get('sf_default_timezone')) {
date_default_timezone_set($default_timezone);
} else {
if (sfConfig::get('sf_force_default_timezone', true)) {
date_default_timezone_set(@date_default_timezone_get());
}
}
// error settings
ini_set('display_errors', $this->isDebug() ? 'on' : 'off');
error_reporting(sfConfig::get('sf_error_reporting'));
// initialize plugin configuration objects
$this->initializePlugins();
// compress output
if (!self::$coreLoaded && sfConfig::get('sf_compressed')) {
ob_start('ob_gzhandler');
}
self::$coreLoaded = true;
}
new sfFormLanguage($user);
$t->fail('__construct() throws a RuntimeException if you don\'t pass a "languages" option');
} catch (RuntimeException $e) {
$t->pass('__construct() throws a RuntimeException if you don\'t pass a "languages" option');
}
$form = new sfFormLanguage($user, array('languages' => array('en', 'fr')));
$t->is($form->getDefault('language'), 'en', '__construct() sets the default language value to the user language');
$w = $form->getWidgetSchema();
$t->is($w['language']->getOption('languages'), array('en', 'fr'), '__construct() uses the "languages" option for the select form widget');
$v = $form->getValidatorSchema();
$t->is($v['language']->getOption('languages'), array('en', 'fr'), '__construct() uses the "languages" option for the validator');
// ->process()
$t->diag('->process()');
// with CSRF disabled
$t->diag('with CSRF disabled');
sfForm::disableCSRFProtection();
$form = new sfFormLanguage($user, array('languages' => array('en', 'fr')));
$request->setParameter('language', 'fr');
$t->is($form->process($request), true, '->process() returns true if the form is valid');
$t->is($user->getCulture(), 'fr', '->process() changes the user culture');
$request->setParameter('language', 'es');
$t->is($form->process($request), false, '->process() returns true if the form is not valid');
$t->is($form['language']->getError()->getCode(), 'invalid', '->process() throws an error if the language is not in the languages option');
sfToolkit::clearDirectory($sessionPath);
// with CSRF enabled
$t->diag('with CSRF enabled');
sfForm::enableCSRFProtection('secret');
$form = new sfFormLanguage($user, array('languages' => array('en', 'fr')));
$request->setParameter('language', 'fr');
$request->setParameter('_csrf_token', $form->getCSRFToken('secret'));
$t->is($form->process($request), true, '->process() returns true if the form is valid');
