mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
d2b489b4ef
commit
294f99d767
@ -1165,14 +1165,25 @@ class Form extends RequestHandler {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disable the requirement of a security token in the Form. This security protects
|
* Disable the requirement of a security token on this form instance. This security protects
|
||||||
* against CSRF attacks, but you should disable this if you don't want to tie
|
* against CSRF attacks, but you should disable this if you don't want to tie
|
||||||
* a form to a session - eg a search form.
|
* a form to a session - eg a search form.
|
||||||
|
*
|
||||||
|
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
|
||||||
*/
|
*/
|
||||||
function disableSecurityToken() {
|
function disableSecurityToken() {
|
||||||
$this->securityToken = new NullSecurityToken();
|
$this->securityToken = new NullSecurityToken();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enable {@link SecurityToken} protection for this form instance.
|
||||||
|
*
|
||||||
|
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
|
||||||
|
*/
|
||||||
|
function enableSecurityToken() {
|
||||||
|
$this->securityToken = new SecurityToken();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disable security tokens for every form.
|
* Disable security tokens for every form.
|
||||||
* Note that this doesn't apply to {@link SecurityToken}
|
* Note that this doesn't apply to {@link SecurityToken}
|
||||||
|
@ -305,6 +305,26 @@ class FormTest extends FunctionalTest {
|
|||||||
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
|
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testEnableSecurityToken() {
|
||||||
|
SecurityToken::disable();
|
||||||
|
$form = $this->getStubForm();
|
||||||
|
$this->assertFalse($form->getSecurityToken()->isEnabled());
|
||||||
|
$form->enableSecurityToken();
|
||||||
|
$this->assertTrue($form->getSecurityToken()->isEnabled());
|
||||||
|
|
||||||
|
SecurityToken::disable(); // restore original
|
||||||
|
}
|
||||||
|
|
||||||
|
function testDisableSecurityToken() {
|
||||||
|
SecurityToken::enable();
|
||||||
|
$form = $this->getStubForm();
|
||||||
|
$this->assertTrue($form->getSecurityToken()->isEnabled());
|
||||||
|
$form->disableSecurityToken();
|
||||||
|
$this->assertFalse($form->getSecurityToken()->isEnabled());
|
||||||
|
|
||||||
|
SecurityToken::disable(); // restore original
|
||||||
|
}
|
||||||
|
|
||||||
protected function getStubForm() {
|
protected function getStubForm() {
|
||||||
return new Form(
|
return new Form(
|
||||||
new Controller(),
|
new Controller(),
|
||||||
|
Loading…
Reference in New Issue
Block a user