[Form] added the possibility to configure the CSRF field name and the disabling of the CSRF feature altogether

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php

@@ -159,9 +159,11 @@ class FrameworkExtension extends Extension
      */
     private function registerCsrfProtectionConfiguration(array $config, ContainerBuilder $container)
     {
-        // FIXME: those are not used
-        $container->setParameter('form.csrf_protection.field_name', $config['field_name']);
-        $container->setParameter('form.csrf_protection.enabled', $config['enabled']);
+        $container
+            ->getDefinition('form.type_extension.csrf')
+            ->replaceArgument(0, $config['enabled'])
+            ->replaceArgument(1, $config['field_name'])
+        ;
     }
 
     /**

src/Symfony/Bundle/FrameworkBundle/Resources/config/form.xml

@@ -159,6 +159,8 @@
         </service>
         <service id="form.type_extension.csrf" class="Symfony\Component\Form\Extension\Csrf\Type\FormTypeCsrfExtension">
             <tag name="form.type_extension" alias="form" />
+            <argument /> <!-- enabled -->
+            <argument /> <!-- field_name -->
         </service>
     </services>
 </container>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php

@@ -24,8 +24,10 @@ abstract class FrameworkExtensionTest extends TestCase
     {
         $container = $this->createContainerFromFile('full');
 
-        $this->assertTrue($container->getParameter('form.csrf_protection.enabled'));
-        $this->assertEquals('_csrf', $container->getParameter('form.csrf_protection.field_name'));
+        $def = $container->getDefinition('form.type_extension.csrf');
+
+        $this->assertTrue($def->getArgument(0));
+        $this->assertEquals('_csrf', $def->getArgument(1));
         $this->assertEquals('s3cr3t', $container->getParameterBag()->resolveValue($container->findDefinition('form.csrf_provider')->getArgument(1)));
     }
 

src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php

@@ -16,6 +16,15 @@ use Symfony\Component\Form\FormBuilder;
 
 class FormTypeCsrfExtension extends AbstractTypeExtension
 {
+    private $enabled;
+    private $fieldName;
+
+    public function __construct($enabled = true, $fieldName = '_token')
+    {
+        $this->enabled = $enabled;
+        $this->fieldName = $fieldName;
+    }
+
     public function buildForm(FormBuilder $builder, array $options)
     {
         if ($options['csrf_protection']) {
@@ -32,10 +41,10 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
     public function getDefaultOptions(array $options)
     {
         return array(
-            'csrf_protection' => true,
-            'csrf_field_name' => '_token',
-            'csrf_provider' => null,
-            'csrf_page_id' => get_class($this),
+            'csrf_protection' => $this->enabled,
+            'csrf_field_name' => $this->fieldName,
+            'csrf_provider'   => null,
+            'csrf_page_id'    => get_class($this),
         );
     }
 
@@ -43,4 +52,4 @@ class FormTypeCsrfExtension extends AbstractTypeExtension
     {
         return 'form';
     }
-}
+}