Add flags to configure use of cookies.

Adds 2 new flags to the CMS:

- DisableCsrfSecurityToken
- DisableAuthenicatedFinishAction

DisableAuthenicatedFinishAction disables the session check on the finish completed action as this normally validates the user correctly posted a form. This page is normally just basic content so requiring a session cookie is sometimes a hassle.

DisableCsrfSecurityToken allows security token to not be added to the form. Normally acceptable as forms don't usually alter the state of the database.

code/model/UserDefinedForm.php

@@ -26,7 +26,9 @@ class UserDefinedForm extends Page {
 		"ShowClearButton" => "Boolean",
 		'DisableSaveSubmissions' => 'Boolean',
 		'EnableLiveValidation' => 'Boolean',
-		'HideFieldLabels' => 'Boolean'
+		'HideFieldLabels' => 'Boolean',
+		'DisableAuthenicatedFinishAction' => 'Boolean',
+		'DisableCsrfSecurityToken' => 'Boolean'
 	);
 	
 	/**
@@ -380,7 +382,9 @@ SQL;
 			new TextField("ClearButtonText", _t('UserDefinedForm.TEXTONCLEAR', 'Text on clear button:'), $clear),
 			new CheckboxField("ShowClearButton", _t('UserDefinedForm.SHOWCLEARFORM', 'Show Clear Form Button'), $this->ShowClearButton),
 			new CheckboxField("EnableLiveValidation", _t('UserDefinedForm.ENABLELIVEVALIDATION', 'Enable live validation')),
-			new CheckboxField("HideFieldLabels", _t('UserDefinedForm.HIDEFIELDLABELS', 'Hide field labels'))
+			new CheckboxField("HideFieldLabels", _t('UserDefinedForm.HIDEFIELDLABELS', 'Hide field labels')),
+			new CheckboxField('DisableCsrfSecurityToken', _t('UserDefinedForm.DISABLECSRFSECURITYTOKEN', 'Disable CSRF Token')),
+			new CheckboxField('DisableAuthenicatedFinishAction', _t('UserDefinedForm.DISABLEAUTHENICATEDFINISHACTION', 'Disable Authenication on finish action'))
 		);
 		
 		$this->extend('updateFormOptions', $options);
@@ -515,6 +519,10 @@ class UserDefinedForm_Controller extends Page_Controller {
 		
 		$this->extend('updateForm', $form);
 
+		if($this->DisableCsrfSecurityToken) {
+			$form->disableSecurityToken();
+		}
+		
 		return $form;
 	}
 	
@@ -1039,7 +1047,9 @@ JS
 		$referrer = (isset($data['Referrer'])) ? '?referrer=' . urlencode($data['Referrer']) : "";
 
 
-		// set a session variable from the security ID to stop people accessing the finished method directly
+		// set a session variable from the security ID to stop people accessing 
+		// the finished method directly.
+		if(!$this->DisableAuthenicatedFinishAction) {
 			if (isset($data['SecurityID'])) {
 				Session::set('FormProcessed',$data['SecurityID']);
 			} else {
@@ -1052,6 +1062,7 @@ JS
 					Session::set('FormProcessedNum',$randNum);
 				}
 			}
+		}
 		
 		if(!$this->DisableSaveSubmissions) {
 			Session::set('userformssubmission'. $this->ID, $submittedForm->ID);
@@ -1075,7 +1086,9 @@ JS
 
 		$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
 		
+		if(!$this->DisableAuthenicatedFinishAction) {
 			$formProcessed = Session::get('FormProcessed');
+
 			if (!isset($formProcessed)) {
 				return $this->redirect($this->Link() . $referrer);
 			} else {
@@ -1089,8 +1102,9 @@ JS
 					}
 				}
 			}
-		// remove the session variable as we do not want it to be re-used
+
 			Session::clear('FormProcessed');
+		}
 
 		return $this->customise(array(
 			'Content' => $this->customise(array(