public function isValid(Form $form) { if ($form->has('token')) { $values = $form->getValues(); $values['token'] = 'modified by csrf scanner'; $form->setValues($values); $this->client->submit($form); $status = $this->client->getResponse()->getStatus(); if (403 == $status) { return true; } $this->message = "403 response expected, but got a {$status}"; } else { $this->message = "No 'token' input field found"; } return false; }
/** * Returns an array of values for the field with the passed name. Usually * the array consists of a single value. Used by proceedSeeInField * * @param Form $form * @param string $fieldName * @return array */ private function getFormFieldValues(Form $form, $fieldName) { $strField = $this->getSubmissionFormFieldName($fieldName); $values = []; if ($form->has($strField)) { $fields = $form->get($strField); // $form->get returns an array for fields with names ending in [] if (!is_array($fields)) { $fields = [$fields]; } foreach ($fields as $field) { if (!$field->hasValue()) { continue; } // $field->getValue may return an array (multi-select for example) or a string value $values = array_merge($values, (array) $field->getValue()); } } return $values; }
public function isValid(Form $form) { return $form->has('token'); }