public function initialize() { parent::initialize(); if (!sfConfig::get('sf_cli') && false !== sfConfig::get('app_frontend_csrf_secret')) { sfForm::enableCSRFProtection(sfConfig::get('app_frontend_csrf_secret')); } }
/** * Listens for the context.load_factories event. By this time, all core * classes are loaded, and we can add any initialization which needs to * run after classes are loaded. * * @param sfEvent $event */ public function loadFactoriesListener(sfEvent $event) { // Create key cache for hs_hr_config values $ohrmConfigCache = new ohrmKeyValueCache('config', function () { $configService = new ConfigService(); return $configService->getAllValues(); }); sfContext::getInstance()->setOhrmConfigCache($ohrmConfigCache); // use csrf_secret from hs_hr_config (overrides value in settings.yml) $csrfSecret = $ohrmConfigCache->get('csrf_secret'); if (!empty($csrfSecret)) { sfForm::enableCSRFProtection($csrfSecret); } }
/** * @see sfProjectConfiguration */ public function initConfiguration() { $configCache = $this->getConfigCache(); // required core classes for the framework if (!sfConfig::get('sf_debug') && !sfConfig::get('sf_test') && !self::$coreLoaded) { $configCache->import('config/core_compile.yml', false); } sfAutoload::getInstance()->register(); // load base settings include $configCache->checkConfig('config/settings.yml'); if ($file = $configCache->checkConfig('config/app.yml', true)) { include $file; } if (false !== sfConfig::get('sf_csrf_secret')) { sfForm::enableCSRFProtection(sfConfig::get('sf_csrf_secret')); } sfWidget::setCharset(sfConfig::get('sf_charset')); sfValidatorBase::setCharset(sfConfig::get('sf_charset')); // force setting default timezone if not set if ($default_timezone = sfConfig::get('sf_default_timezone')) { date_default_timezone_set($default_timezone); } else { if (sfConfig::get('sf_force_default_timezone', true)) { date_default_timezone_set(@date_default_timezone_get()); } } // error settings ini_set('display_errors', $this->isDebug() ? 'on' : 'off'); error_reporting(sfConfig::get('sf_error_reporting')); // include all config.php from plugins $this->loadPluginConfig(); // Disabled by default in symfony 1.1 because it causes problems with Doctrine. // If you want to enable it in your application, just copy the spl_autoload_register() line // in your configuration class. if (0 && $this->isDebug()) { spl_autoload_register(array(sfAutoload::getInstance(), 'autoloadAgain')); } // compress output if (!self::$coreLoaded) { ob_start(sfConfig::get('sf_compressed') ? 'ob_gzhandler' : ''); } self::$coreLoaded = true; }
$t->diag('->enableLocalCSRFProtection() ->disableLocalCSRFProtection()'); $f = new TestForm3(); sfForm::disableCSRFProtection(); $t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form'); sfForm::enableCSRFProtection(); $t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even if the global CSRF protection is enabled'); $f = new TestForm3(array(), array(), 'foo'); $t->ok(!$f->isCSRFProtected(), '->disableLocalCSRFProtection() disabled CSRF protection for the current form, even a CSRF secret is provided in the constructor'); sfForm::disableCSRFProtection(); $f = new TestForm4(); $t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed null and global CSRF is disabled'); $f = new TestForm4(array(), array('csrf_secret' => '**localsecret**')); $t->ok($f->isCSRFProtected(), '->enableLocalCSRFProtection() enables CSRF protection when passed a string global CSRF is disabled'); // ::getCSRFFieldName() ::setCSRFFieldName() $t->diag('::getCSRFFieldName() ::setCSRFFieldName()'); sfForm::enableCSRFProtection(); sfForm::setCSRFFieldName('_token_'); $f = new FormTest(); $v = $f->getValidatorSchema(); $t->ok(isset($v['_token_']), '::setCSRFFieldName() changes the CSRF token field name'); $t->is(sfForm::getCSRFFieldName(), '_token_', '::getCSRFFieldName() returns the CSRF token field name'); // ->isMultipart() $t->diag('->isMultipart()'); $f = new FormTest(); $t->ok(!$f->isMultipart(), '->isMultipart() returns false if the form does not need a multipart form'); $f->setWidgetSchema(new sfWidgetFormSchema(array('image' => new sfWidgetFormInputFile()))); $t->ok($f->isMultipart(), '->isMultipart() returns true if the form needs a multipart form'); // ->setValidators() ->setValidatorSchema() ->getValidatorSchema() ->setValidator() ->getValidator() $t->diag('->setValidators() ->setValidatorSchema() ->getValidatorSchema() ->setValidator() ->getValidator()'); $f = new FormTest(); $validators = array('first_name' => new sfValidatorPass(), 'last_name' => new sfValidatorPass());
$w->setNameFormat('foo[%s]'); $t->is($f->getName(), 'foo', '->getName() returns the name under which user data can be retrieved'); // ::enableCSRFProtection() ::disableCSRFProtection() ->isCSRFProtected() $t->diag('::enableCSRFProtection() ::disableCSRFProtection()'); sfForm::enableCSRFProtection(); $f1 = new FormTest(); $t->ok($f1->isCSRFProtected(), '::enableCSRFProtection() enabled CSRF protection for all future forms'); sfForm::disableCSRFProtection(); $f2 = new FormTest(); $t->ok(!$f2->isCSRFProtected(), '::disableCSRFProtection() disables CSRF protection for all future forms'); $t->ok($f1->isCSRFProtected(), '::enableCSRFProtection() enabled CSRF protection for all future forms'); sfForm::enableCSRFProtection(); $t->ok(!$f2->isCSRFProtected(), '::disableCSRFProtection() disables CSRF protection for all future forms'); $f = new FormTest(array(), array(), false); $t->ok(!$f->isCSRFProtected(), '->isCSRFProtected() returns true if the form is CSRF protected'); sfForm::enableCSRFProtection('mygreatsecret'); $f = new FormTest(); $v = $f->getValidatorSchema(); $t->is($v[sfForm::getCSRFFieldName()]->getOption('token'), '*mygreatsecret*', '::enableCSRFProtection() can take a secret argument'); // ::getCSRFFieldName() ::setCSRFFieldName() $t->diag('::getCSRFFieldName() ::setCSRFFieldName()'); sfForm::setCSRFFieldName('_token_'); $f = new FormTest(); $v = $f->getValidatorSchema(); $t->ok(isset($v['_token_']), '::setCSRFFieldName() changes the CSRF token field name'); $t->is(sfForm::getCSRFFieldName(), '_token_', '::getCSRFFieldName() returns the CSRF token field name'); // ->isMultipart() $t->diag('->isMultipart()'); $f = new FormTest(); $t->ok(!$f->isMultipart(), '->isMultipart() returns false if the form does not need a multipart form'); $f->setWidgetSchema(new sfWidgetFormSchema(array('image' => new sfWidgetFormInputFile())));
/** * Various initializations. */ public function initConfiguration() { $configCache = $this->getConfigCache(); // in debug mode, start global timer if ($this->isDebug() && !sfConfig::get('sf_cli') && !sfWebDebugPanelTimer::isStarted()) { sfWebDebugPanelTimer::startTime(); } // required core classes for the framework if (!$this->isDebug() && !sfConfig::get('sf_test') && !sfConfig::get('sf_cli') && !self::$coreLoaded) { $configCache->import('config/core_compile.yml', false); } // autoloader(s) $this->dispatcher->connect('autoload.filter_config', array($this, 'filterAutoloadConfig')); sfAutoload::getInstance()->register(); if ($this->isDebug()) { sfAutoloadAgain::getInstance()->register(); } // load base settings include $configCache->checkConfig('config/settings.yml'); if ($file = $configCache->checkConfig('config/app.yml', true)) { include $file; } if (!sfConfig::get('sf_cli') && false !== sfConfig::get('sf_csrf_secret')) { sfForm::enableCSRFProtection(sfConfig::get('sf_csrf_secret')); } sfWidget::setCharset(sfConfig::get('sf_charset')); sfValidatorBase::setCharset(sfConfig::get('sf_charset')); // force setting default timezone if not set if ($default_timezone = sfConfig::get('sf_default_timezone')) { date_default_timezone_set($default_timezone); } else { if (sfConfig::get('sf_force_default_timezone', true)) { date_default_timezone_set(@date_default_timezone_get()); } } // error settings ini_set('display_errors', $this->isDebug() ? 'on' : 'off'); error_reporting(sfConfig::get('sf_error_reporting')); // initialize plugin configuration objects $this->initializePlugins(); // compress output if (!self::$coreLoaded && sfConfig::get('sf_compressed')) { ob_start('ob_gzhandler'); } self::$coreLoaded = true; }
new sfFormLanguage($user); $t->fail('__construct() throws a RuntimeException if you don\'t pass a "languages" option'); } catch (RuntimeException $e) { $t->pass('__construct() throws a RuntimeException if you don\'t pass a "languages" option'); } $form = new sfFormLanguage($user, array('languages' => array('en', 'fr'))); $t->is($form->getDefault('language'), 'en', '__construct() sets the default language value to the user language'); $w = $form->getWidgetSchema(); $t->is($w['language']->getOption('languages'), array('en', 'fr'), '__construct() uses the "languages" option for the select form widget'); $v = $form->getValidatorSchema(); $t->is($v['language']->getOption('languages'), array('en', 'fr'), '__construct() uses the "languages" option for the validator'); // ->process() $t->diag('->process()'); // with CSRF disabled $t->diag('with CSRF disabled'); sfForm::disableCSRFProtection(); $form = new sfFormLanguage($user, array('languages' => array('en', 'fr'))); $request->setParameter('language', 'fr'); $t->is($form->process($request), true, '->process() returns true if the form is valid'); $t->is($user->getCulture(), 'fr', '->process() changes the user culture'); $request->setParameter('language', 'es'); $t->is($form->process($request), false, '->process() returns true if the form is not valid'); $t->is($form['language']->getError()->getCode(), 'invalid', '->process() throws an error if the language is not in the languages option'); sfToolkit::clearDirectory($sessionPath); // with CSRF enabled $t->diag('with CSRF enabled'); sfForm::enableCSRFProtection('secret'); $form = new sfFormLanguage($user, array('languages' => array('en', 'fr'))); $request->setParameter('language', 'fr'); $request->setParameter('_csrf_token', $form->getCSRFToken('secret')); $t->is($form->process($request), true, '->process() returns true if the form is valid');