public static function getToken() { $form = new BaseForm(); if ($form->isCSRFProtected()) { return $form->getCSRFToken(); } return ''; }
/** * Load a remote page using an HTTP request * @param array $configurations A set of key/value pairs that configure the * default Ajax request. Important frequency value makes the ajax call is executed * periodically * @param boolean $isInternal If this function is inner a javascript body * @return string jQuery syntax */ function jquery_ajax($configurations = null, $isInternal = false) { if (is_array($configurations) && sizeof($configurations) > 0) { $suffix = ''; $prefix = ''; if (isset($configurations['frequency'])) { $suffix = 'setInterval(function(){'; $prefix = '}, ' . (int) $configurations['frequency'] * 1000 . ')'; } if (isset($configurations['condition']) && trim($configurations['condition']) != '') { $prefix = isset($configurations['onFailureCondition']) ? sprintf('} else {%s} ', $configurations['onFailureCondition']) . $prefix : '}' . $prefix; $suffix .= sprintf("if(%s){ ", $configurations['condition']); } if (isset($configurations['confirmation']) && trim($configurations['confirmation']) != '') { $prefix = isset($configurations['onNoConfirmation']) ? sprintf('} else {%s} ', $configurations['onNoConfirmation']) . $prefix : '}' . $prefix; $suffix .= sprintf("if(confirm('%s')){ ", $configurations['confirmation']); } if (isset($configurations['csrf']) && $configurations['csrf']) { $sfForm = new BaseForm(); if ($sfForm->isCSRFProtected()) { $csrfArray = array($sfForm->getCSRFFieldName() => "'" . $sfForm->getCSRFToken() . "'"); $configurations['data'] = isset($configurations['data']) ? array_merge($configurations['data'], $csrfArray) : $csrfArray; } } if (isset($configurations['listener']) && is_array($configurations['listener'])) { $listener = $configurations['listener']; $selector = isset($listener['selector']) ? $listener['selector'] : 'document'; $event = isset($listener['event']) ? $listener['event'] : 'ready'; $ajaxTemplate = ui_ajax_pattern($configurations); if ($isInternal) { return $suffix . jquery_support($selector, $event, like_function($suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix)); } else { return add_jquery_support($selector, $event, like_function($suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix)); } } else { $ajaxTemplate = ui_ajax_pattern($configurations); return $suffix . jquery_support(null, 'ajax', $ajaxTemplate) . $prefix; } } }
public function checkCSRFProtection() { $form = new BaseForm(); $form->bind($form->isCSRFProtected() ? array($form->getCSRFFieldName() => $this->getParameter($form->getCSRFFieldName())) : array()); if (!$form->isValid()) { throw $form->getErrorSchema(); } }
<li><?php echo link_to(__('Restore'), 'sfSimpleBlogPostAdmin/restoreVersion?id='.$version->getId().'&version='.$version->getVersion(), array('confirm' => __('Are your sure?'), 'method' => 'put')) ?></li> <li><?php echo link_to(__('Delete'), 'sfSimpleBlogPostAdmin/deleteVersion?id='.$version->getId().'&version='.$version->getVersion(), array('confirm' => __('Are your sure?'), 'method' => 'delete')) ?></li> </ul> </td> </tr> </tbody> <?php endforeach; ?> <tfoot> <tr> <th colspan="5"> </th> </tr> </tfoot> </table> </fieldset> <?php if (count($versions) > 0): ?> <?php $form = new BaseForm(); if ($form->isCSRFProtected()): ?> <input type="hidden" name="<?php echo $form->getCSRFFieldName() ?>" value="<?php echo $form->getCSRFToken() ?>" /> <?php endif; ?> <input type="submit" value="Delete Versions" /> <?php endif; ?> </form> </div> <script type="text/javascript"> /* <![CDATA[ */ function checkAll() { var boxes = document.getElementsByTagName('input'); for(var index = 0; index < boxes.length; index++) { box = boxes[index]; if (box.type == 'checkbox' && box.className == 'sf_admin_batch_checkbox') box.checked = document.getElementById('sf_admin_list_batch_checkbox').checked } return true; } /* ]]> */ </script>
function _method_javascript_function($method) { $function = "var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'post'; f.action = this.href;"; if ('post' != strtolower($method)) { $function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "; $function .= sprintf("m.setAttribute('name', 'sf_method'); m.setAttribute('value', '%s'); f.appendChild(m);", strtolower($method)); } // CSRF protection $form = new BaseForm(); if ($form->isCSRFProtected()) { $function .= "var m = document.createElement('input'); m.setAttribute('type', 'hidden'); "; $function .= sprintf("m.setAttribute('name', '%s'); m.setAttribute('value', '%s'); f.appendChild(m);", $form->getCSRFFieldName(), $form->getCSRFToken()); } $function .= "f.submit();"; return $function; }
<option value="batchDelete"><?php echo __('Delete', array(), 'sf_admin'); ?> </option> <?php } ?> <?php $form = new BaseForm(); ?> <?php if ($form->isCSRFProtected()) { ?> <input type="hidden" name="<?php echo $form->getCSRFFieldName(); ?> " value="<?php echo $form->getCSRFToken(); ?> " /> <?php } ?> <input type="submit" value="<?php echo __('go', array(), 'sf_admin'); ?>
/** * Get CSRF token * * @return string|false CSRF token string */ public function getCsrfToken() { if (is_null($this->csrfToken)) { $this->csrfToken = $this->csrfField = false; $form = new BaseForm(); if ($form->isCSRFProtected()) { $this->csrfToken = $form->getCSRFToken(); $this->csrfField = $form->getCSRFFieldName(); } } return $this->csrfToken; }