mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113284 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
parent
d2b489b4ef
commit
294f99d767
@ -1165,14 +1165,25 @@ class Form extends RequestHandler {
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable the requirement of a security token in the Form. This security protects
|
||||
* Disable the requirement of a security token on this form instance. This security protects
|
||||
* against CSRF attacks, but you should disable this if you don't want to tie
|
||||
* a form to a session - eg a search form.
|
||||
*
|
||||
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
|
||||
*/
|
||||
function disableSecurityToken() {
|
||||
$this->securityToken = new NullSecurityToken();
|
||||
}
|
||||
|
||||
/**
|
||||
* Enable {@link SecurityToken} protection for this form instance.
|
||||
*
|
||||
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
|
||||
*/
|
||||
function enableSecurityToken() {
|
||||
$this->securityToken = new SecurityToken();
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable security tokens for every form.
|
||||
* Note that this doesn't apply to {@link SecurityToken}
|
||||
|
@ -305,6 +305,26 @@ class FormTest extends FunctionalTest {
|
||||
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
|
||||
}
|
||||
|
||||
function testEnableSecurityToken() {
|
||||
SecurityToken::disable();
|
||||
$form = $this->getStubForm();
|
||||
$this->assertFalse($form->getSecurityToken()->isEnabled());
|
||||
$form->enableSecurityToken();
|
||||
$this->assertTrue($form->getSecurityToken()->isEnabled());
|
||||
|
||||
SecurityToken::disable(); // restore original
|
||||
}
|
||||
|
||||
function testDisableSecurityToken() {
|
||||
SecurityToken::enable();
|
||||
$form = $this->getStubForm();
|
||||
$this->assertTrue($form->getSecurityToken()->isEnabled());
|
||||
$form->disableSecurityToken();
|
||||
$this->assertFalse($form->getSecurityToken()->isEnabled());
|
||||
|
||||
SecurityToken::disable(); // restore original
|
||||
}
|
||||
|
||||
protected function getStubForm() {
|
||||
return new Form(
|
||||
new Controller(),
|
||||
|
Loading…
Reference in New Issue
Block a user