/**
* @see sfWebRequest
*/
public function checkCSRFProtection()
{
try {
parent::checkCSRFProtection();
} catch (sfValidatorErrorSchema $e) {
// retry checking for using sfForm (just for BC)
$form = new sfForm();
$form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array());
if (!$form->isValid()) {
throw $form->getErrorSchema();
}
}
}
public function checkCSRFProtection()
{
$form = new sfForm();
$form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array());
if (!$form->isValid()) {
throw $form->getErrorSchema();
}
}
function _method_javascript_function($method)
{
$function = "var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'post'; f.action = this.href;";
if ('post' != strtolower($method)) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', 'sf_method'); m.setAttribute('value', '%s'); f.appendChild(m);", strtolower($method));
}
// CSRF protection
$form = new sfForm();
if ($form->isCSRFProtected()) {
$function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); ";
$function .= sprintf("m.setAttribute('name', '%s'); m.setAttribute('value', '%s'); f.appendChild(m);", $form->getCSRFFieldName(), $form->getCSRFToken());
}
$function .= "f.submit();";
return $function;
}
/**
* Returns the javascript needed for a remote function.
* Takes the same arguments as 'link_to_remote()'.
*
* Example:
* <select id="options" onchange="<?php echo remote_function(array('update' => 'options', 'url' => '@update_options')) ?>">
* <option value="0">Hello</option>
* <option value="1">World</option>
* </select>
*/
function jq_remote_function($options)
{
// Defining elements to update
if (isset($options['update']) && is_array($options['update'])) {
// On success, update the element with returned data
if (isset($options['update']['success'])) {
$update_success = "#" . $options['update']['success'];
}
// On failure, execute a client-side function
if (isset($options['update']['failure'])) {
$update_failure = $options['update']['failure'];
}
} else {
if (isset($options['update'])) {
$update_success = "#" . $options['update'];
}
}
// Update method
$updateMethod = _update_method(isset($options['position']) ? $options['position'] : '');
// Callbacks
if (isset($options['loading'])) {
$callback_loading = $options['loading'];
}
if (isset($options['complete'])) {
$callback_complete = $options['complete'];
}
if (isset($options['success'])) {
$callback_success = $options['success'];
}
$execute = 'false';
if (isset($options['script']) && $options['script'] == '1') {
$execute = 'true';
}
// Data Type
if (isset($options['dataType'])) {
$dataType = $options['dataType'];
} elseif ($execute) {
$dataType = 'html';
} else {
$dataType = 'text';
}
// POST or GET ?
$method = 'POST';
if (isset($options['method']) && strtoupper($options['method']) == 'GET') {
$method = $options['method'];
}
// async or sync, async is default
if (isset($options['type']) && $options['type'] == 'synchronous') {
$type = 'false';
}
// Is it a form submitting
if (isset($options['form'])) {
$formData = 'jQuery(this).serialize()';
} elseif (isset($options['submit'])) {
$formData = '{\'#' . $options['submit'] . '\'}.serialize()';
} elseif (isset($options['with'])) {
$formData = $options['with'];
} elseif (isset($options['csrf']) && $options['csrf'] == '1') {
$form = new sfForm();
if ($form->isCSRFProtected()) {
$formData = '{' . $form->getCSRFFieldName() . ': \'' . $form->getCSRFToken() . '\'}';
}
}
// build the function
$function = "jQuery.ajax({";
$function .= 'type:\'' . $method . '\'';
$function .= ',dataType:\'' . $dataType . '\'';
if (isset($type)) {
$function .= ',async:' . $type;
}
if (isset($formData)) {
$function .= ',data:' . $formData;
}
if (isset($update_success) and !isset($callback_success)) {
$function .= ',success:function(data, textStatus){jQuery(\'' . $update_success . '\').' . $updateMethod . '(data);}';
}
if (isset($update_failure)) {
$function .= ',error:function(XMLHttpRequest, textStatus, errorThrown){' . $update_failure . '}';
}
if (isset($callback_loading)) {
$function .= ',beforeSend:function(XMLHttpRequest){' . $callback_loading . '}';
}
if (isset($callback_complete)) {
$function .= ',complete:function(XMLHttpRequest, textStatus){' . $callback_complete . '}';
}
if (isset($callback_success)) {
$function .= ',success:function(data, textStatus){' . $callback_success . '}';
}
$function .= ',url:\'' . url_for($options['url']) . '\'';
$function .= '})';
if (isset($options['before'])) {
$function = $options['before'] . '; ' . $function;
}
if (isset($options['after'])) {
$function = $function . '; ' . $options['after'];
}
if (isset($options['condition'])) {
$function = 'if (' . $options['condition'] . ') { ' . $function . '; }';
}
if (isset($options['confirm'])) {
$function = "if (confirm('" . escape_javascript($options['confirm']) . "')) { {$function}; }";
if (isset($options['cancel'])) {
$function = $function . ' else { ' . $options['cancel'] . ' }';
}
}
return $function;
}
<select name="batch_action">
<option value="">[?php echo __('Choose an action', array(), 'sf_admin') ?]</option>
<?php
foreach ((array) $listActions as $action => $params) {
?>
<?php
echo $this->addCredentialCondition('<option value="' . $action . '">[?php echo __(\'' . $params['label'] . '\', array(), \'sf_admin\') ?]</option>', $params);
?>
<?php
}
?>
</select>
<?php
$form = new sfForm();
if ($form->isCSRFProtected()) {
?>
<input type="hidden" name="<?php
echo $form->getCSRFFieldName();
?>
" value="<?php
echo $form->getCSRFToken();
?>
" />
<?php
}
?>
<input type="submit" value="[?php echo __('go', array(), 'sf_admin') ?]" />
</div>
<?php
}
function _get_json_data_token()
{
// CSRF protection
$form = new sfForm();
if ($form->isCSRFProtected()) {
$token = sprintf("', %s: '%s", $form->getCSRFFieldName(), $form->getCSRFToken());
return $token;
} else {
return '';
}
}
