瀏覽代碼

[Form][FrameworkBundle][TwigBundle] Fixed: CSRF fields are not rendered for nested forms anymore

Bernhard Schussek 14 年之前
父節點
當前提交
990bef8afb

+ 8 - 0
src/Symfony/Bundle/FrameworkBundle/Resources/views/Form/csrf_widget.html.php

@@ -0,0 +1,8 @@
+<?php if (!$form->hasParent() || !$form->getParent()->hasParent()): ?>
+<input type="hidden"
+    <?php echo $view['form']->attributes() ?>
+    name="<?php echo $name ?>"
+    value="<?php echo $value ?>"
+    <?php if ($read_only): ?>disabled="disabled"<?php endif ?>
+/>
+<?php endif ?>

+ 7 - 0
src/Symfony/Bundle/TwigBundle/Resources/views/Form/div_layout.html.twig

@@ -74,6 +74,13 @@
     {{ block('field__widget') }}
 {% endblock hidden__widget %}
 
+{% block csrf__widget %}
+    {% if not form.hasParent or not form.getParent.hasParent %}
+        {% set type = type|default('hidden') %}
+        {{ block('field__widget') }}
+    {% endif %}
+{% endblock csrf__widget %}
+
 {% block hidden__row %}
     {{ form_widget(form) }}
 {% endblock hidden__row %}

+ 11 - 0
tests/Symfony/Tests/Component/Form/AbstractLayoutTest.php

@@ -426,6 +426,17 @@ abstract class AbstractLayoutTest extends \PHPUnit_Framework_TestCase
         );
     }
 
+    public function testCsrfWithNonRootParent()
+    {
+        $form = $this->factory->create('csrf', 'name');
+        $form->setParent($this->factory->create('form'));
+        $form->getParent()->setParent($this->factory->create('form'));
+
+        $html = $this->renderWidget($form->createView());
+
+        $this->assertEquals('', trim($html));
+    }
+
     public function testDateTime()
     {
         $form = $this->factory->create('datetime', 'name', array(