tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-28 23:49:26 +02:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-11-01 02:19:17 +00:00 committed by Sam Minnee
parent d2b489b4ef
commit 294f99d767
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
forms/Form.php
View File

@ -1165,14 +1165,25 @@ class Form extends RequestHandler {
}
/**
* Disable the requirement of a security token in the Form. This security protects
* Disable the requirement of a security token on this form instance. This security protects
* against CSRF attacks, but you should disable this if you don't want to tie
* a form to a session - eg a search form.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function disableSecurityToken() {
$this->securityToken = new NullSecurityToken();
}
/**
* Enable {@link SecurityToken} protection for this form instance.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function enableSecurityToken() {
$this->securityToken = new SecurityToken();
}
/**
* Disable security tokens for every form.
* Note that this doesn't apply to {@link SecurityToken}

20
tests/forms/FormTest.php
View File

@ -305,6 +305,26 @@ class FormTest extends FunctionalTest {
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
}
function testEnableSecurityToken() {
SecurityToken::disable();
$form = $this->getStubForm();
$this->assertFalse($form->getSecurityToken()->isEnabled());
$form->enableSecurityToken();
$this->assertTrue($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
function testDisableSecurityToken() {
SecurityToken::enable();
$form = $this->getStubForm();
$this->assertTrue($form->getSecurityToken()->isEnabled());
$form->disableSecurityToken();
$this->assertFalse($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
protected function getStubForm() {
return new Form(
new Controller(),