tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-01 08:59:42 +02:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-11-01 02:19:17 +00:00 committed by Sam Minnee
parent d2b489b4ef
commit 294f99d767
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
forms/Form.php
View File

@ -1165,14 +1165,25 @@ class Form extends RequestHandler {
} }
/** /**
* Disable the requirement of a security token in the Form. This security protects * Disable the requirement of a security token on this form instance. This security protects
* against CSRF attacks, but you should disable this if you don't want to tie * against CSRF attacks, but you should disable this if you don't want to tie
* a form to a session - eg a search form. * a form to a session - eg a search form.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/ */
function disableSecurityToken() { function disableSecurityToken() {
$this->securityToken = new NullSecurityToken(); $this->securityToken = new NullSecurityToken();
} }
/**
* Enable {@link SecurityToken} protection for this form instance.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function enableSecurityToken() {
$this->securityToken = new SecurityToken();
}
/** /**
* Disable security tokens for every form. * Disable security tokens for every form.
* Note that this doesn't apply to {@link SecurityToken} * Note that this doesn't apply to {@link SecurityToken}

20
tests/forms/FormTest.php
View File

@ -305,6 +305,26 @@ class FormTest extends FunctionalTest {
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token'); $this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
} }
function testEnableSecurityToken() {
SecurityToken::disable();
$form = $this->getStubForm();
$this->assertFalse($form->getSecurityToken()->isEnabled());
$form->enableSecurityToken();
$this->assertTrue($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
function testDisableSecurityToken() {
SecurityToken::enable();
$form = $this->getStubForm();
$this->assertTrue($form->getSecurityToken()->isEnabled());
$form->disableSecurityToken();
$this->assertFalse($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
protected function getStubForm() { protected function getStubForm() {
return new Form( return new Form(
new Controller(), new Controller(),