From d58dfe08b9a2eebdcc13c3b5f687fc8082d55ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20J=C4=99drzejewski?= Date: Wed, 18 Apr 2012 23:12:35 +0200 Subject: [PATCH 1/2] disable csrf-protection when creating prototype. --- .../Component/Form/Extension/Core/Type/CollectionType.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php b/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php index 483b56a6751f..2a6f820e1722 100644 --- a/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php +++ b/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php @@ -27,7 +27,8 @@ public function buildForm(FormBuilder $builder, array $options) { if ($options['allow_add'] && $options['prototype']) { $prototype = $builder->create($options['prototype_name'], $options['type'], array_replace(array( - 'label' => $options['prototype_name'] . 'label__', + 'label' => $options['prototype_name'] . 'label__', + 'csrf_protection' => false ), $options['options'])); $builder->setAttribute('prototype', $prototype->getForm()); } From a85741903e48cb3d0b10e70f22e8e4b6d68bca76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20J=C4=99drzejewski?= Date: Wed, 18 Apr 2012 23:21:03 +0200 Subject: [PATCH 2/2] remove the csrf field from field with parent. --- .../Form/Extension/Core/Type/CollectionType.php | 3 +-- .../Csrf/Type/FormTypeCsrfExtension.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php b/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php index 2a6f820e1722..483b56a6751f 100644 --- a/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php +++ b/src/Symfony/Component/Form/Extension/Core/Type/CollectionType.php @@ -27,8 +27,7 @@ public function buildForm(FormBuilder $builder, array $options) { if ($options['allow_add'] && $options['prototype']) { $prototype = $builder->create($options['prototype_name'], $options['type'], array_replace(array( - 'label' => $options['prototype_name'] . 'label__', - 'csrf_protection' => false + 'label' => $options['prototype_name'] . 'label__', ), $options['options'])); $builder->setAttribute('prototype', $prototype->getForm()); } diff --git a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php index c8687d4af474..01835a33d56a 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php +++ b/src/Symfony/Component/Form/Extension/Csrf/Type/FormTypeCsrfExtension.php @@ -79,6 +79,23 @@ public function buildView(FormView $view, FormInterface $form) } } + /** + * Removes CSRF field from the form view if it's not root + * + * @param FormView $view The form view + * @param FormInterface $form The form + */ + public function buildViewBottomUp(FormView $view, FormInterface $form) + { + if ($view->hasParent() && $form->hasAttribute('csrf_field_name')) { + $name = $form->getAttribute('csrf_field_name'); + + if (isset($view[$name])) { + unset($view[$name]); + } + } + } + /** * {@inheritDoc} */