Skip to content

Commit 9a705fa

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '5.4' into 6.0
* 5.4: Enable CSRF in FORM by default
2 parents b040c79 + a7478cf commit 9a705fa

File tree

5 files changed

+108
-59
lines changed

5 files changed

+108
-59
lines changed

DependencyInjection/FrameworkExtension.php

Lines changed: 66 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -334,26 +334,6 @@ public function load(array $configs, ContainerBuilder $container)
334334
$this->registerRequestConfiguration($config['request'], $container, $loader);
335335
}
336336

337-
if ($this->isConfigEnabled($container, $config['form'])) {
338-
if (!class_exists(Form::class)) {
339-
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
340-
}
341-
342-
$this->formConfigEnabled = true;
343-
$this->registerFormConfiguration($config, $container, $loader);
344-
345-
if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'])) {
346-
$config['validation']['enabled'] = true;
347-
} else {
348-
$container->setParameter('validator.translation_domain', 'validators');
349-
350-
$container->removeDefinition('form.type_extension.form.validator');
351-
$container->removeDefinition('form.type_guesser.validator');
352-
}
353-
} else {
354-
$container->removeDefinition('console.command.form_debug');
355-
}
356-
357337
if ($this->isConfigEnabled($container, $config['assets'])) {
358338
if (!class_exists(\Symfony\Component\Asset\Package::class)) {
359339
throw new LogicException('Asset support cannot be enabled as the Asset component is not installed. Try running "composer require symfony/asset".');
@@ -362,39 +342,6 @@ public function load(array $configs, ContainerBuilder $container)
362342
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
363343
}
364344

365-
if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
366-
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
367-
} else {
368-
$container->removeDefinition('console.command.messenger_consume_messages');
369-
$container->removeDefinition('console.command.messenger_debug');
370-
$container->removeDefinition('console.command.messenger_stop_workers');
371-
$container->removeDefinition('console.command.messenger_setup_transports');
372-
$container->removeDefinition('console.command.messenger_failed_messages_retry');
373-
$container->removeDefinition('console.command.messenger_failed_messages_show');
374-
$container->removeDefinition('console.command.messenger_failed_messages_remove');
375-
$container->removeDefinition('cache.messenger.restart_workers_signal');
376-
377-
if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
378-
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
379-
$container->getDefinition('messenger.transport.amqp.factory')
380-
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
381-
->addTag('messenger.transport_factory');
382-
} else {
383-
$container->removeDefinition('messenger.transport.amqp.factory');
384-
}
385-
}
386-
387-
if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
388-
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
389-
$container->getDefinition('messenger.transport.redis.factory')
390-
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
391-
->addTag('messenger.transport_factory');
392-
} else {
393-
$container->removeDefinition('messenger.transport.redis.factory');
394-
}
395-
}
396-
}
397-
398345
if ($this->httpClientConfigEnabled = $this->isConfigEnabled($container, $config['http_client'])) {
399346
$this->registerHttpClientConfiguration($config['http_client'], $container, $loader, $config['profiler']);
400347
}
@@ -403,18 +350,12 @@ public function load(array $configs, ContainerBuilder $container)
403350
$this->registerMailerConfiguration($config['mailer'], $container, $loader);
404351
}
405352

406-
if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
407-
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
408-
}
409-
410353
$propertyInfoEnabled = $this->isConfigEnabled($container, $config['property_info']);
411-
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);
412354
$this->registerHttpCacheConfiguration($config['http_cache'], $container, $config['http_method_override']);
413355
$this->registerEsiConfiguration($config['esi'], $container, $loader);
414356
$this->registerSsiConfiguration($config['ssi'], $container, $loader);
415357
$this->registerFragmentsConfiguration($config['fragments'], $container, $loader);
416358
$this->registerTranslatorConfiguration($config['translator'], $container, $loader, $config['default_locale'], $config['enabled_locales']);
417-
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);
418359
$this->registerWorkflowConfiguration($config['workflows'], $container, $loader);
419360
$this->registerDebugConfiguration($config['php_errors'], $container, $loader);
420361
$this->registerRouterConfiguration($config['router'], $container, $loader, $config['enabled_locales']);
@@ -489,6 +430,72 @@ public function load(array $configs, ContainerBuilder $container)
489430
}
490431
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
491432

433+
// form depends on csrf being registered
434+
if ($this->isConfigEnabled($container, $config['form'])) {
435+
if (!class_exists(Form::class)) {
436+
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
437+
}
438+
439+
$this->formConfigEnabled = true;
440+
$this->registerFormConfiguration($config, $container, $loader);
441+
442+
if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'])) {
443+
$config['validation']['enabled'] = true;
444+
} else {
445+
$container->setParameter('validator.translation_domain', 'validators');
446+
447+
$container->removeDefinition('form.type_extension.form.validator');
448+
$container->removeDefinition('form.type_guesser.validator');
449+
}
450+
} else {
451+
$container->removeDefinition('console.command.form_debug');
452+
}
453+
454+
// validation depends on form, annotations being registered
455+
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);
456+
457+
// messenger depends on validation being registered
458+
if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
459+
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
460+
} else {
461+
$container->removeDefinition('console.command.messenger_consume_messages');
462+
$container->removeDefinition('console.command.messenger_debug');
463+
$container->removeDefinition('console.command.messenger_stop_workers');
464+
$container->removeDefinition('console.command.messenger_setup_transports');
465+
$container->removeDefinition('console.command.messenger_failed_messages_retry');
466+
$container->removeDefinition('console.command.messenger_failed_messages_show');
467+
$container->removeDefinition('console.command.messenger_failed_messages_remove');
468+
$container->removeDefinition('cache.messenger.restart_workers_signal');
469+
470+
if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
471+
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
472+
$container->getDefinition('messenger.transport.amqp.factory')
473+
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
474+
->addTag('messenger.transport_factory');
475+
} else {
476+
$container->removeDefinition('messenger.transport.amqp.factory');
477+
}
478+
}
479+
480+
if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
481+
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
482+
$container->getDefinition('messenger.transport.redis.factory')
483+
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
484+
->addTag('messenger.transport_factory');
485+
} else {
486+
$container->removeDefinition('messenger.transport.redis.factory');
487+
}
488+
}
489+
}
490+
491+
// notifier depends on messenger, mailer being registered
492+
if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
493+
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
494+
}
495+
496+
// profiler depends on form, validation, translation, messenger, mailer, http-client, notifier being registered
497+
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);
498+
492499
$this->addAnnotatedClassesToCompile([
493500
'**\\Controller\\',
494501
'**\\Entity\\',

Tests/DependencyInjection/Fixtures/php/form_default_csrf.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?php
2+
3+
$container->loadFromExtension('framework', [
4+
'form' => [
5+
'legacy_error_messages' => false,
6+
],
7+
'session' => [
8+
'storage_factory_id' => 'session.storage.factory.native',
9+
'handler_id' => null,
10+
],
11+
]);

Tests/DependencyInjection/Fixtures/xml/form_default_csrf.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?xml version="1.0" ?>
2+
3+
<container xmlns="http://symfony.com/schema/dic/services"
4+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5+
xmlns:framework="http://symfony.com/schema/dic/symfony"
6+
xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
7+
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
8+
9+
<framework:config>
10+
<framework:form enabled="true" legacy-error-messages="false" />
11+
<framework:session storage-factory-id="session.storage.factory.native" handler-id="null"/>
12+
</framework:config>
13+
</container>

Tests/DependencyInjection/Fixtures/yml/form_default_csrf.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
framework:
2+
form:
3+
legacy_error_messages: false
4+
session:
5+
storage_factory_id: session.storage.factory.native
6+
handler_id: null

Tests/DependencyInjection/FrameworkExtensionTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,18 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
153153
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
154154
}
155155

156+
public function testFormsCsrfIsEnabledByDefault()
157+
{
158+
if (class_exists(FullStack::class)) {
159+
$this->markTestSkipped('testing with the FullStack prevents verifying default values');
160+
}
161+
$container = $this->createContainerFromFile('form_default_csrf');
162+
163+
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
164+
$this->assertTrue($container->hasParameter('form.type_extension.csrf.enabled'));
165+
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
166+
}
167+
156168
public function testHttpMethodOverride()
157169
{
158170
$container = $this->createContainerFromFile('full');

0 commit comments

Comments
 (0)