/**
* @see sfWebRequest
*/
public function checkCSRFProtection()
{
try {
parent::checkCSRFProtection();
} catch (sfValidatorErrorSchema $e) {
// retry checking for using sfForm (just for BC)
$form = new sfForm();
$form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array());
if (!$form->isValid()) {
throw $form->getErrorSchema();
}
}
}
public function executeSave($request)
{
$member = Doctrine::getTable('Member')->find($request->getParameter('member_id', 0));
$this->forward404Unless($member);
$form = new sfForm();
$token = $request->getParameter($form->getCSRFFieldName());
$this->forward404Unless($member->getConfig('paint_token') === $token);
$member->setConfig('paint_is_valid', true);
$member->setConfig('paint_rawdata', base64_encode(RawSPainter::getPostRawData()));
$url = $member->getConfig('paint_url');
exit('URL:' . $url);
}
public function checkCSRFProtection()
{
$form = new sfForm();
$form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array());
if (!$form->isValid()) {
throw $form->getErrorSchema();
}
}
echo __('Delete profile entry');
?>
</h2>
<p><?php
echo __('Do you want to delete this anyway?');
?>
</p>
<p><?php
echo __('※All the member\'s data in this entry will be lost.');
?>
</p>
<form action="<?php
echo url_for('profile/delete?id=' . $profile->getId());
?>
" method="post">
<?php
$formCSRF = new sfForm();
?>
<input type="hidden" name="<?php
echo $formCSRF->getCSRFFieldName();
?>
" value="<?php
echo $formCSRF->getCSRFToken();
?>
" />
<input type="submit" value="<?php
echo __('Delete');
?>
" />
</form>
function button_link_to($title, $action, $target = "_self")
{
$form = new sfForm();
return sprintf('<form action="%s" method="post" target="%s">' . '<input type="hidden" name="%s" value="%s" />' . '<input type="submit" value="%s" />' . '</form>', url_for($action), $target, $form->getCSRFFieldName(), $form->getCSRFToken(), __($title));
}
/**
* for now, CSRF field are removed from functionnal test generation
* until there is a way to get this value easily
*
* @param <type> $vars
*/
public function fixCSRF(&$vars)
{
$name = sfForm::getCSRFFieldName();
if (isset($vars[$name])) {
unset($vars[$name]);
}
foreach ($vars as $name => $var) {
if (is_array($var)) {
$vars[$name] = $this->fixCSRF($var);
}
}
return $vars;
}
function _method_javascript_function($method)
{
$function = "var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'post'; f.action = this.href;";
if ('post' != strtolower($method)) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', 'sf_method'); m.setAttribute('value', '%s'); f.appendChild(m);", strtolower($method));
}
// CSRF protection
$form = new sfForm();
if ($form->isCSRFProtected()) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', '%s'); m.setAttribute('value', '%s'); f.appendChild(m);", $form->getCSRFFieldName(), $form->getCSRFToken());
}
$function .= "f.submit();";
return $function;
}
/**
* Returns the javascript needed for a remote function.
* Takes the same arguments as 'link_to_remote()'.
*
* Example:
* <select id="options" onchange="<?php echo remote_function(array('update' => 'options', 'url' => '@update_options')) ?>">
* <option value="0">Hello</option>
* <option value="1">World</option>
* </select>
*/
function jq_remote_function($options)
{
// Defining elements to update
if (isset($options['update']) && is_array($options['update'])) {
// On success, update the element with returned data
if (isset($options['update']['success'])) {
$update_success = "#" . $options['update']['success'];
}
// On failure, execute a client-side function
if (isset($options['update']['failure'])) {
$update_failure = $options['update']['failure'];
}
} else {
if (isset($options['update'])) {
$update_success = "#" . $options['update'];
}
}
// Update method
$updateMethod = _update_method(isset($options['position']) ? $options['position'] : '');
// Callbacks
if (isset($options['loading'])) {
$callback_loading = $options['loading'];
}
if (isset($options['complete'])) {
$callback_complete = $options['complete'];
}
if (isset($options['success'])) {
$callback_success = $options['success'];
}
$execute = 'false';
if (isset($options['script']) && $options['script'] == '1') {
$execute = 'true';
}
// Data Type
if (isset($options['dataType'])) {
$dataType = $options['dataType'];
} elseif ($execute) {
$dataType = 'html';
} else {
$dataType = 'text';
}
// POST or GET ?
$method = 'POST';
if (isset($options['method']) && strtoupper($options['method']) == 'GET') {
$method = $options['method'];
}
// async or sync, async is default
if (isset($options['type']) && $options['type'] == 'synchronous') {
$type = 'false';
}
// Is it a form submitting
if (isset($options['form'])) {
$formData = 'jQuery(this).serialize()';
} elseif (isset($options['submit'])) {
$formData = '{\'#' . $options['submit'] . '\'}.serialize()';
} elseif (isset($options['with'])) {
$formData = $options['with'];
} elseif (isset($options['csrf']) && $options['csrf'] == '1') {
$form = new sfForm();
if ($form->isCSRFProtected()) {
$formData = '{' . $form->getCSRFFieldName() . ': \'' . $form->getCSRFToken() . '\'}';
}
}
// build the function
$function = "jQuery.ajax({";
$function .= 'type:\'' . $method . '\'';
$function .= ',dataType:\'' . $dataType . '\'';
if (isset($type)) {
$function .= ',async:' . $type;
}
if (isset($formData)) {
$function .= ',data:' . $formData;
}
if (isset($update_success) and !isset($callback_success)) {
$function .= ',success:function(data, textStatus){jQuery(\'' . $update_success . '\').' . $updateMethod . '(data);}';
}
if (isset($update_failure)) {
$function .= ',error:function(XMLHttpRequest, textStatus, errorThrown){' . $update_failure . '}';
}
if (isset($callback_loading)) {
$function .= ',beforeSend:function(XMLHttpRequest){' . $callback_loading . '}';
}
if (isset($callback_complete)) {
$function .= ',complete:function(XMLHttpRequest, textStatus){' . $callback_complete . '}';
}
if (isset($callback_success)) {
$function .= ',success:function(data, textStatus){' . $callback_success . '}';
}
$function .= ',url:\'' . url_for($options['url']) . '\'';
$function .= '})';
if (isset($options['before'])) {
$function = $options['before'] . '; ' . $function;
}
if (isset($options['after'])) {
$function = $function . '; ' . $options['after'];
}
if (isset($options['condition'])) {
$function = 'if (' . $options['condition'] . ') { ' . $function . '; }';
}
if (isset($options['confirm'])) {
$function = "if (confirm('" . escape_javascript($options['confirm']) . "')) { {$function}; }";
if (isset($options['cancel'])) {
$function = $function . ' else { ' . $options['cancel'] . ' }';
}
}
return $function;
}
$article->addCSRFProtection(null);
$author->embedForm('company', $company);
$article->embedForm('author', $author);
$v = $article->getValidatorSchema();
$w = $article->getWidgetSchema();
$d = $article->getDefaults();
$f = $article->getEmbeddedForms();
$w->setNameFormat('article[%s]');
$t->ok($v['author'] instanceof sfValidatorPass, '->embedForm() set validator pass');
// ignore parents in comparison
$w['author']['first_name']->setParent(null);
$author_widget_schema['first_name']->setParent(null);
$t->ok($w['author']['first_name'] == $author_widget_schema['first_name'], '->embedForm() embeds the widget schema');
$t->is($d['author']['first_name'], 'Fabien', '->embedForm() merges default values from the embedded form');
$t->is($w['author'][sfForm::getCSRFFieldName()], null, '->embedForm() removes the CSRF token for the embedded form');
$t->ok(!isset($f['author'][sfForm::getCSRFFieldName()]), '->embedForm() removes the CSRF token for the embedded form');
$t->is($w['author']->generateName('first_name'), 'article[author][first_name]', '->embedForm() changes the name format to reflect the embedding');
$t->is($w['author']['company']->generateName('name'), 'article[author][company][name]', '->embedForm() changes the name format to reflect the embedding');
// tests for ticket #56
$t->ok($author->getValidator('company') == $company_validator_schema, '->getValidator() gets a validator schema for an embedded form');
try {
$author->setValidator('company', new sfValidatorPass());
$t->fail('"sfForm" Trying to set a validator for an embedded form field throws a LogicException');
} catch (LogicException $e) {
$t->pass('"sfForm" Trying to set a validator for an embedded form field throws a LogicException');
}
// tests for ticket #4754
$f1 = new TestForm1();
$f2 = new TestForm2();
$f1->embedForm('f2', $f2);
$t->is($f1['f2']['c']->render(), '<textarea rows="4" cols="30" name="f2[c]" id="f2_c"></textarea>', '->embedForm() generates a correct id in embedded form fields');
/**
* Calls a request to a uri.
*
* @param string $uri The URI to fetch
* @param string $method The request method
* @param array $parameters The Request parameters
* @param bool $changeStack Change the browser history stack?
*
* @return sfBrowserBase
*/
public function call($uri, $method = 'get', $parameters = array(), $changeStack = true)
{
// check that the previous call() hasn't returned an uncatched exception
$this->checkCurrentExceptionIsEmpty();
$uri = $this->fixUri($uri);
// add uri to the stack
if ($changeStack) {
$this->stack = array_slice($this->stack, 0, $this->stackPosition + 1);
$this->stack[] = array('uri' => $uri, 'method' => $method, 'parameters' => $parameters);
$this->stackPosition = count($this->stack) - 1;
}
list($path, $queryString) = false !== ($pos = strpos($uri, '?')) ? array(substr($uri, 0, $pos), substr($uri, $pos + 1)) : array($uri, '');
$queryString = html_entity_decode($queryString);
// remove anchor
$path = preg_replace('/#.*/', '', $path);
// removes all fields from previous request
$this->fields = array();
// prepare the request object
$_SERVER = $this->defaultServerArray;
$_SERVER['HTTP_HOST'] = $this->hostname;
$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_HOST'];
$_SERVER['SERVER_PORT'] = 80;
$_SERVER['HTTP_USER_AGENT'] = 'PHP5/CLI';
$_SERVER['REMOTE_ADDR'] = $this->remote;
$_SERVER['REQUEST_METHOD'] = strtoupper($method);
$_SERVER['PATH_INFO'] = $path;
$_SERVER['REQUEST_URI'] = '/uploadFiles.php' . $uri;
$_SERVER['SCRIPT_NAME'] = '/uploadFiles.php';
$_SERVER['SCRIPT_FILENAME'] = '/uploadFiles.php';
$_SERVER['QUERY_STRING'] = $queryString;
if ($this->stackPosition >= 1) {
$_SERVER['HTTP_REFERER'] = sprintf('http%s://%s%s', isset($this->defaultServerArray['HTTPS']) ? 's' : '', $this->hostname, $this->stack[$this->stackPosition - 1]['uri']);
}
foreach ($this->vars as $key => $value) {
$_SERVER[strtoupper($key)] = $value;
}
foreach ($this->headers as $header => $value) {
$_SERVER['HTTP_' . strtoupper(str_replace('-', '_', $header))] = $value;
}
$this->headers = array();
// request parameters
$_GET = $_POST = array();
if (in_array(strtoupper($method), array('POST', 'DELETE', 'PUT'))) {
if (isset($parameters['_with_csrf']) && $parameters['_with_csrf']) {
unset($parameters['_with_csrf']);
$form = new sfForm();
$parameters[$form->getCSRFFieldName()] = $form->getCSRFToken();
}
$_POST = $parameters;
}
if (strtoupper($method) == 'GET') {
$_GET = $parameters;
}
// handle input type="file" fields
$_FILES = array();
if (count($this->files)) {
$_FILES = $this->files;
}
$this->files = array();
parse_str($queryString, $qs);
if (is_array($qs)) {
$_GET = array_merge($qs, $_GET);
}
// expire cookies
$cookies = $this->cookieJar;
foreach ($cookies as $name => $cookie) {
if ($cookie['expire'] && $cookie['expire'] < time()) {
unset($this->cookieJar[$name]);
}
}
// restore cookies
$_COOKIE = array();
foreach ($this->cookieJar as $name => $cookie) {
$_COOKIE[$name] = $cookie['value'];
}
$this->doCall();
$response = $this->getResponse();
// save cookies
foreach ($response->getCookies() as $name => $cookie) {
// FIXME: deal with path, secure, ...
$this->cookieJar[$name] = $cookie;
}
// support for the ETag header
if ($etag = $response->getHttpHeader('Etag')) {
$this->vars['HTTP_IF_NONE_MATCH'] = $etag;
} else {
unset($this->vars['HTTP_IF_NONE_MATCH']);
}
// support for the last modified header
if ($lastModified = $response->getHttpHeader('Last-Modified')) {
$this->vars['HTTP_IF_MODIFIED_SINCE'] = $lastModified;
} else {
unset($this->vars['HTTP_IF_MODIFIED_SINCE']);
}
// for HTML/XML content, create a DOM and sfDomCssSelector objects for the response content
$this->dom = null;
$this->domCssSelector = null;
if (preg_match('/(x|ht)ml/i', $response->getContentType(), $matches)) {
$this->dom = new DomDocument('1.0', $response->getCharset());
$this->dom->validateOnParse = true;
if ('x' == $matches[1]) {
@$this->dom->loadXML($response->getContent());
} else {
@$this->dom->loadHTML($response->getContent());
}
$this->domCssSelector = new sfDomCssSelector($this->dom);
}
return $this;
}
protected function prepareDataForForm(sfForm $form, $arguments = array(), $options = array())
{
$data = array('user_id' => $form->getObject()->getUserId(), 'name' => $arguments['name'], 'vehicles_list' => $this->parseVehicles($arguments['vehicles']), 'date_range' => array('from' => isset($options['date_from']) ? $options['date_from'] : null, 'to' => isset($options['date_to']) ? $options['date_to'] : null), 'kilometers_range' => array('from' => isset($options['kilometers_from']) ? $options['kilometers_from'] : null, 'to' => isset($options['kilometers_to']) ? $options['kilometers_to'] : null), $form->getCSRFFieldName() => $form->getCSRFToken());
return $data;
}
/**
* Executes blacklistDelete action
*
* @param sfRequest $request A request object
*/
public function executeBlacklistDelete(sfWebRequest $request)
{
$this->blacklist = Doctrine::getTable('Blacklist')->find($request->getParameter('id'));
$this->forward404Unless($this->blacklist);
$this->form = new sfForm();
if ($request->isMethod(sfWebRequest::POST)) {
$field = sfForm::getCSRFFieldName();
$this->form->bind(array($field => $request->getParameter($field)));
if ($this->form->isValid()) {
$this->blacklist->delete();
$this->redirect('member/blacklist');
}
}
return sfView::SUCCESS;
}
?>
</th>
<td>
<?php
echo $createFolderForm['parent_folder'];
?>
<br />
</td>
</tr> </table>
<input type="submit" name="create" value="<?php
echo __('Create', null, 'sfAsset');
?>
"/>
</div>
<?php
if (isset($createFolderForm[sfForm::getCSRFFieldName()])) {
echo $createFolderForm['_csrf_token'];
}
?>
</form>
<?php
if (!$folder->getNode()->isRoot()) {
?>
<form action="<?php
echo url_for('sfAsset/renameFolder?id=' . $folder->getId());
?>
" method="POST">
<label for="new_directory">
<?php
function _get_json_data_token()
{
// CSRF protection
$form = new sfForm();
if ($form->isCSRFProtected()) {
$token = sprintf("', %s: '%s", $form->getCSRFFieldName(), $form->getCSRFToken());
return $token;
} else {
return '';
}
}
color:#0000FF;
font-size:20px;
font-weight:bold;
margin:10px;
padding:10px;
text-align:center;
" id="plugin_user">
<span id="plugin_user_count"><?php
echo $package->countUsers();
?>
</span><br /><span>users</span>
<p style="margin-top: 10px; text-align: center; font-size: 9px; color: #000;">
<?php
if ($package->isAllowed($sf_user->getRawValue()->getMember(), 'countUser')) {
$form = new sfForm();
$_ajax_parameter = '"' . sfForm::getCSRFFieldName() . '=' . $form->getDefault(sfForm::getCSRFFieldName()) . '"';
echo link_to_remote(__('I don\'t use this plugin'), array('url' => '@package_use?name=' . $package->name, 'complete' => 'updateUser(request)', '404' => 'alert("' . __('CSRF attack detected.') . '")', 'with' => $_ajax_parameter), array('id' => 'package_unuse_link', 'style' => 'display:' . ($package->isUser($sf_user->getMemberId()) ? 'inline' : 'none')));
echo link_to_remote(__('I use this plugin'), array('url' => '@package_use?name=' . $package->name, 'complete' => 'updateUser(request)', '404' => 'alert("' . __('CSRF attack detected.') . '")', 'with' => $_ajax_parameter), array('id' => 'package_use_link', 'style' => 'display:' . (!$package->isUser($sf_user->getMemberId()) ? 'inline' : 'none')));
} else {
echo __('Please login to vote for this plugin');
}
?>
</p>
</div>
<?php
echo javascript_tag('
function updateUser(ajax)
{
var json = ajax.responseJSON;
Element.update("plugin_user_count", json[0]);
// ->embedFormForEach()
$t->diag('->embedFormForEach()');
$article->embedFormForEach('authors', $author, 2, null, null, array('id_format' => '%s_id'), array('class' => 'embedded'));
$v = $article->getValidatorSchema();
$w = $article->getWidgetSchema();
$d = $article->getDefaults();
$w->setNameFormat('article[%s]');
for ($i = 0; $i < 2; $i++) {
$t->ok($v['authors'][$i]['first_name'] == $author_validator_schema['first_name'], '->embedFormForEach() embeds the validator schema');
// ignore the parents in comparison
$w['authors'][$i]['first_name']->setParent(null);
$author_widget_schema['first_name']->setParent(null);
$t->ok($w['authors'][$i]['first_name'] == $author_widget_schema['first_name'], '->embedFormForEach() embeds the widget schema');
$t->is($d['authors'][$i]['first_name'], 'Fabien', '->embedFormForEach() merges default values from the embedded forms');
$t->is($v['authors'][$i][sfForm::getCSRFFieldName()], null, '->embedFormForEach() removes the CSRF token for the embedded forms');
$t->is($w['authors'][$i][sfForm::getCSRFFieldName()], null, '->embedFormForEach() removes the CSRF token for the embedded forms');
}
$t->is($w['authors'][0]->generateName('first_name'), 'article[authors][0][first_name]', '->embedFormForEach() changes the name format to reflect the embedding');
// bind too many values for embedded forms
$t->diag('bind too many values for embedded forms');
$list = new FormTest();
$list->setWidgets(array('title' => new sfWidgetFormInputText()));
$list->setValidators(array('title' => new sfValidatorString()));
$list->embedFormForEach('items', clone $list, 2);
$list->bind(array('title' => 'list title', 'items' => array(array('title' => 'item 1'), array('title' => 'item 2'), array('title' => 'extra item'))));
$t->isa_ok($list['items'][0]->getError(), 'sfValidatorErrorSchema', '"sfFormFieldSchema" is given an error schema when an extra embedded form is bound');
// does this trigger a fatal error?
$list['items']->render();
$t->pass('"sfFormFieldSchema" renders when an extra embedded form is bound');
// ->getEmbeddedForms()
$t->diag('->getEmbeddedForms()');
<table>
<tr>
<?php
$form = new sfForm();
$csrfToken = '&' . $form->getCSRFFieldName() . '=' . $form->getCSRFToken();
for ($i = 0; $i < 3; $i++) {
?>
<td>
<?php
if (isset($options['images'][$i])) {
$image = $options['images'][$i];
echo op_image_tag_sf_image($image->getFile(), array('size' => '180x180'));
?>
<br />
<?php
if (isset($options['form'])) {
?>
[
<?php
echo link_to(__('Delete'), 'member/deleteImage?member_image_id=' . $image->getId() . $csrfToken);
?>
|
<?php
if ($image->getIsPrimary()) {
echo __('Main Photo');
} else {
echo link_to(__('Main Photo'), 'member/changeMainImage?member_image_id=' . $image->getId() . $csrfToken);
}
?>
]
<?php
<?php
$form = new sfForm();
$redirectUrl = url_for('community/addAllMember?id=' . $community->getId()) . '?continue=1' . '&' . urlencode($form->getCSRFFieldName()) . '=' . urlencode($form->getCSRFToken());
$sf_response->addHttpMeta('Refresh', '0;URL=' . $redirectUrl);
?>
<?php
slot('submenu');
include_partial('submenu');
end_slot();
?>
<?php
slot('title', __('Make all members join in this %community%'));
?>
<p>
<?php
echo __('Processing... (Remaining %num% records)', array('%num%' => $remaining));
?>
</p>
