CsrfProtection: ignores setValue(), is not erased by Form::setValues() [Closes #39][Closes #40]

Author: dg

src/Forms/Controls/CsrfProtection.php

@@ -42,6 +42,25 @@ protected function attached($parent)
 	}
 
 
+	/**
+	 * @return self
+	 */
+	public function setValue($value)
+	{
+		return $this;
+	}
+
+
+	/**
+	 * Loads HTTP data.
+	 * @return void
+	 */
+	public function loadHttpData()
+	{
+		$this->value = $this->getHttpData(Nette\Forms\Form::DATA_TEXT);
+	}
+
+
 	/**
 	 * @return string
 	 */

tests/Forms/Controls.CsrfProtection.phpt

@@ -27,13 +27,13 @@ Assert::match('<input type="hidden" name="_token_" value="%S%">', (string) $inpu
 $input->setValue(NULL);
 Assert::false(CsrfProtection::validateCsrf($input));
 
-$input->setValue('12345678901234567890123456789012345678');
+call_user_func(array($input, 'Nette\Forms\Controls\BaseControl::setValue'), '12345678901234567890123456789012345678');
 Assert::false(CsrfProtection::validateCsrf($input));
 
 $value = $input->getControl()->value;
-$input->setValue($value);
+call_user_func(array($input, 'Nette\Forms\Controls\BaseControl::setValue'), $value);
 Assert::true(CsrfProtection::validateCsrf($input));
 
 session_regenerate_id();
-$input->setValue($value);
+call_user_func(array($input, 'Nette\Forms\Controls\BaseControl::setValue'), $value);
 Assert::false(CsrfProtection::validateCsrf($input));