tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.3@113305 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-11-01 03:03:27 +00:00 committed by Sam Minnee
parent af92845ebb
commit 7aa32c089b
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
forms/Form.php
View File

@ -1064,14 +1064,25 @@ class Form extends RequestHandler {
}
/**
* Disable the requirement of a security token in the Form. This security protects
* Disable the requirement of a security token on this form instance. This security protects
* against CSRF attacks, but you should disable this if you don't want to tie
* a form to a session - eg a search form.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function disableSecurityToken() {
$this->securityToken = new NullSecurityToken();
}
/**
* Enable {@link SecurityToken} protection for this form instance.
*
* Check for token state with {@link getSecurityToken()} and {@link SecurityToken->isEnabled()}.
*/
function enableSecurityToken() {
$this->securityToken = new SecurityToken();
}
/**
* Disable security tokens for every form.
* Note that this doesn't apply to {@link SecurityToken}

20
tests/forms/FormTest.php
View File

@ -300,6 +300,26 @@ class FormTest extends FunctionalTest {
$this->assertEquals(200, $response->getStatusCode(), 'Submission suceeds with security token');
}
function testEnableSecurityToken() {
SecurityToken::disable();
$form = $this->getStubForm();
$this->assertFalse($form->getSecurityToken()->isEnabled());
$form->enableSecurityToken();
$this->assertTrue($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
function testDisableSecurityToken() {
SecurityToken::enable();
$form = $this->getStubForm();
$this->assertTrue($form->getSecurityToken()->isEnabled());
$form->disableSecurityToken();
$this->assertFalse($form->getSecurityToken()->isEnabled());
SecurityToken::disable(); // restore original
}
protected function getStubForm() {
return new Form(
new Controller(),