Skip to content

Commit d780c09

Browse files
nicolas-grekasnicolas-grekas
committed
Merge branch '6.0' into 6.1
* 6.0: Enable CSRF in FORM by default
2 parents 98f70c1 + 12d8bfa commit d780c09

File tree

5 files changed

+108
-59
lines changed

5 files changed

+108
-59
lines changed

DependencyInjection/FrameworkExtension.php

Lines changed: 66 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -343,26 +343,6 @@ public function load(array $configs, ContainerBuilder $container)
343343
$this->registerRequestConfiguration($config['request'], $container, $loader);
344344
}
345345

346-
if ($this->isConfigEnabled($container, $config['form'])) {
347-
if (!class_exists(Form::class)) {
348-
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
349-
}
350-
351-
$this->formConfigEnabled = true;
352-
$this->registerFormConfiguration($config, $container, $loader);
353-
354-
if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'])) {
355-
$config['validation']['enabled'] = true;
356-
} else {
357-
$container->setParameter('validator.translation_domain', 'validators');
358-
359-
$container->removeDefinition('form.type_extension.form.validator');
360-
$container->removeDefinition('form.type_guesser.validator');
361-
}
362-
} else {
363-
$container->removeDefinition('console.command.form_debug');
364-
}
365-
366346
if ($this->isConfigEnabled($container, $config['assets'])) {
367347
if (!class_exists(\Symfony\Component\Asset\Package::class)) {
368348
throw new LogicException('Asset support cannot be enabled as the Asset component is not installed. Try running "composer require symfony/asset".');
@@ -371,39 +351,6 @@ public function load(array $configs, ContainerBuilder $container)
371351
$this->registerAssetsConfiguration($config['assets'], $container, $loader);
372352
}
373353

374-
if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
375-
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
376-
} else {
377-
$container->removeDefinition('console.command.messenger_consume_messages');
378-
$container->removeDefinition('console.command.messenger_debug');
379-
$container->removeDefinition('console.command.messenger_stop_workers');
380-
$container->removeDefinition('console.command.messenger_setup_transports');
381-
$container->removeDefinition('console.command.messenger_failed_messages_retry');
382-
$container->removeDefinition('console.command.messenger_failed_messages_show');
383-
$container->removeDefinition('console.command.messenger_failed_messages_remove');
384-
$container->removeDefinition('cache.messenger.restart_workers_signal');
385-
386-
if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
387-
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
388-
$container->getDefinition('messenger.transport.amqp.factory')
389-
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
390-
->addTag('messenger.transport_factory');
391-
} else {
392-
$container->removeDefinition('messenger.transport.amqp.factory');
393-
}
394-
}
395-
396-
if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
397-
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
398-
$container->getDefinition('messenger.transport.redis.factory')
399-
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
400-
->addTag('messenger.transport_factory');
401-
} else {
402-
$container->removeDefinition('messenger.transport.redis.factory');
403-
}
404-
}
405-
}
406-
407354
if ($this->httpClientConfigEnabled = $this->isConfigEnabled($container, $config['http_client'])) {
408355
$this->registerHttpClientConfiguration($config['http_client'], $container, $loader, $config['profiler']);
409356
}
@@ -412,18 +359,12 @@ public function load(array $configs, ContainerBuilder $container)
412359
$this->registerMailerConfiguration($config['mailer'], $container, $loader);
413360
}
414361

415-
if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
416-
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
417-
}
418-
419362
$propertyInfoEnabled = $this->isConfigEnabled($container, $config['property_info']);
420-
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);
421363
$this->registerHttpCacheConfiguration($config['http_cache'], $container, $config['http_method_override']);
422364
$this->registerEsiConfiguration($config['esi'], $container, $loader);
423365
$this->registerSsiConfiguration($config['ssi'], $container, $loader);
424366
$this->registerFragmentsConfiguration($config['fragments'], $container, $loader);
425367
$this->registerTranslatorConfiguration($config['translator'], $container, $loader, $config['default_locale'], $config['enabled_locales']);
426-
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);
427368
$this->registerWorkflowConfiguration($config['workflows'], $container, $loader);
428369
$this->registerDebugConfiguration($config['php_errors'], $container, $loader);
429370
$this->registerRouterConfiguration($config['router'], $container, $loader, $config['enabled_locales']);
@@ -498,6 +439,72 @@ public function load(array $configs, ContainerBuilder $container)
498439
}
499440
$this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
500441

442+
// form depends on csrf being registered
443+
if ($this->isConfigEnabled($container, $config['form'])) {
444+
if (!class_exists(Form::class)) {
445+
throw new LogicException('Form support cannot be enabled as the Form component is not installed. Try running "composer require symfony/form".');
446+
}
447+
448+
$this->formConfigEnabled = true;
449+
$this->registerFormConfiguration($config, $container, $loader);
450+
451+
if (ContainerBuilder::willBeAvailable('symfony/validator', Validation::class, ['symfony/framework-bundle', 'symfony/form'])) {
452+
$config['validation']['enabled'] = true;
453+
} else {
454+
$container->setParameter('validator.translation_domain', 'validators');
455+
456+
$container->removeDefinition('form.type_extension.form.validator');
457+
$container->removeDefinition('form.type_guesser.validator');
458+
}
459+
} else {
460+
$container->removeDefinition('console.command.form_debug');
461+
}
462+
463+
// validation depends on form, annotations being registered
464+
$this->registerValidationConfiguration($config['validation'], $container, $loader, $propertyInfoEnabled);
465+
466+
// messenger depends on validation being registered
467+
if ($this->messengerConfigEnabled = $this->isConfigEnabled($container, $config['messenger'])) {
468+
$this->registerMessengerConfiguration($config['messenger'], $container, $loader, $config['validation']);
469+
} else {
470+
$container->removeDefinition('console.command.messenger_consume_messages');
471+
$container->removeDefinition('console.command.messenger_debug');
472+
$container->removeDefinition('console.command.messenger_stop_workers');
473+
$container->removeDefinition('console.command.messenger_setup_transports');
474+
$container->removeDefinition('console.command.messenger_failed_messages_retry');
475+
$container->removeDefinition('console.command.messenger_failed_messages_show');
476+
$container->removeDefinition('console.command.messenger_failed_messages_remove');
477+
$container->removeDefinition('cache.messenger.restart_workers_signal');
478+
479+
if ($container->hasDefinition('messenger.transport.amqp.factory') && !class_exists(AmqpTransportFactory::class)) {
480+
if (class_exists(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)) {
481+
$container->getDefinition('messenger.transport.amqp.factory')
482+
->setClass(\Symfony\Component\Messenger\Transport\AmqpExt\AmqpTransportFactory::class)
483+
->addTag('messenger.transport_factory');
484+
} else {
485+
$container->removeDefinition('messenger.transport.amqp.factory');
486+
}
487+
}
488+
489+
if ($container->hasDefinition('messenger.transport.redis.factory') && !class_exists(RedisTransportFactory::class)) {
490+
if (class_exists(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)) {
491+
$container->getDefinition('messenger.transport.redis.factory')
492+
->setClass(\Symfony\Component\Messenger\Transport\RedisExt\RedisTransportFactory::class)
493+
->addTag('messenger.transport_factory');
494+
} else {
495+
$container->removeDefinition('messenger.transport.redis.factory');
496+
}
497+
}
498+
}
499+
500+
// notifier depends on messenger, mailer being registered
501+
if ($this->notifierConfigEnabled = $this->isConfigEnabled($container, $config['notifier'])) {
502+
$this->registerNotifierConfiguration($config['notifier'], $container, $loader);
503+
}
504+
505+
// profiler depends on form, validation, translation, messenger, mailer, http-client, notifier being registered
506+
$this->registerProfilerConfiguration($config['profiler'], $container, $loader);
507+
501508
$this->addAnnotatedClassesToCompile([
502509
'**\\Controller\\',
503510
'**\\Entity\\',

Tests/DependencyInjection/Fixtures/php/form_default_csrf.php

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
<?php
2+
3+
$container->loadFromExtension('framework', [
4+
'form' => [
5+
'legacy_error_messages' => false,
6+
],
7+
'session' => [
8+
'storage_factory_id' => 'session.storage.factory.native',
9+
'handler_id' => null,
10+
],
11+
]);

Tests/DependencyInjection/Fixtures/xml/form_default_csrf.xml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
<?xml version="1.0" ?>
2+
3+
<container xmlns="http://symfony.com/schema/dic/services"
4+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5+
xmlns:framework="http://symfony.com/schema/dic/symfony"
6+
xsi:schemaLocation="http://symfony.com/schema/dic/services https://symfony.com/schema/dic/services/services-1.0.xsd
7+
http://symfony.com/schema/dic/symfony https://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
8+
9+
<framework:config>
10+
<framework:form enabled="true" legacy-error-messages="false" />
11+
<framework:session storage-factory-id="session.storage.factory.native" handler-id="null"/>
12+
</framework:config>
13+
</container>

Tests/DependencyInjection/Fixtures/yml/form_default_csrf.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
framework:
2+
form:
3+
legacy_error_messages: false
4+
session:
5+
storage_factory_id: session.storage.factory.native
6+
handler_id: null

Tests/DependencyInjection/FrameworkExtensionTest.php

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -153,6 +153,18 @@ public function testCsrfProtectionForFormsEnablesCsrfProtectionAutomatically()
153153
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
154154
}
155155

156+
public function testFormsCsrfIsEnabledByDefault()
157+
{
158+
if (class_exists(FullStack::class)) {
159+
$this->markTestSkipped('testing with the FullStack prevents verifying default values');
160+
}
161+
$container = $this->createContainerFromFile('form_default_csrf');
162+
163+
$this->assertTrue($container->hasDefinition('security.csrf.token_manager'));
164+
$this->assertTrue($container->hasParameter('form.type_extension.csrf.enabled'));
165+
$this->assertTrue($container->getParameter('form.type_extension.csrf.enabled'));
166+
}
167+
156168
public function testHttpMethodOverride()
157169
{
158170
$container = $this->createContainerFromFile('full');

0 commit comments

Comments
 (0)