<?php /** * Created by PhpStorm. * User: Kessiler * Date: 14/12/2014 * Time: 14:58 */ $app = new Silex\Application(); /** SERVICES */ $app->register(new Silex\Provider\UrlGeneratorServiceProvider()); $app->register(new Silex\Provider\SessionServiceProvider()); $app->register(new Core\Service\ConfigServiceProvider(realpath(__DIR__) . "/../app/config/settings.json")); $app->register(new Silex\Provider\DoctrineServiceProvider(), array('db.options' => $app['config']['database'])); $app['debug'] = $app['config']['debugger']; $app->boot(); $app->register(new Silex\Provider\TwigServiceProvider(), array('twig.path' => realpath(__DIR__) . '/../templates/' . $app['config']['template'], 'twig.options' => array('cache' => $app['config']['cache'] ? realpath(__DIR__) . "/../app/cache" : false, 'strict_variables' => true))); /** ROUTING */ Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride(); require_once realpath(__DIR__) . "/routes.php"; return $app;
/** * Enables support for the _method request parameter to determine the intended HTTP method. * * Be warned that enabling this feature might lead to CSRF issues in your code. * Check that you are using CSRF tokens when required. * If the HTTP method parameter override is enabled, an html-form with method "POST" can be altered * and used to send a "PUT" or "DELETE" request via the _method request parameter. * If these methods are not protected against CSRF, this presents a possible vulnerability. * * The HTTP method can only be overridden when the real HTTP method is POST. */ public static function enableHttpMethodParameterOverride() { return Symfony\Component\HttpFoundation\Request::enableHttpMethodParameterOverride(); }