From 0878c510d1f055e7fe13f7980999dbb224ac71b4 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Thu, 28 May 2015 12:41:39 +0200 Subject: [PATCH 1/6] 4668 document isCsrfTokenValid --- book/controller.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/book/controller.rst b/book/controller.rst index 7ec7bd4ae3a..12f8a3416da 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -803,6 +803,18 @@ Just like when creating a controller for a route, the order of the arguments of order of the arguments, Symfony will still pass the correct value to each variable. +Checking the Validity of a CSRF Token +------------------------------------- + +Sometimes you want to use CSRF protection in an action where you don't want to use a +Symfony form. + +If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: + + if ($this->isCsrfTokenValid('token_id', 'TOKEN')) { + // ... do something, like deleting an object + } + Final Thoughts -------------- From 91b3f99159508115e4a6c0b9e75bf455f2c866b9 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Thu, 28 May 2015 15:24:14 +0200 Subject: [PATCH 2/6] 4668 show non-shortcut alternative, use variable argument for submitted token --- book/controller.rst | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 12f8a3416da..898e7cd755a 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -811,10 +811,19 @@ Symfony form. If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: - if ($this->isCsrfTokenValid('token_id', 'TOKEN')) { + if ($this->isCsrfTokenValid('token_id', $submittedToken)) { // ... do something, like deleting an object } +.. versionadded:: 2.6 + The ``isCsrfTokenValid()`` shortcut method was added in Symfony 2.6. + +Previously you would use:: + + use Symfony\Component\Security\Csrf\CsrfToken; + + $this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN')); + Final Thoughts -------------- From b7d133f85d220b318e914212877a09cb3a0191d8 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sat, 30 May 2015 14:25:27 +0200 Subject: [PATCH 3/6] 4668 link method to API docs, use 'was introduced' instead of 'was added' --- book/controller.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/book/controller.rst b/book/controller.rst index 898e7cd755a..9e3eece3012 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()`` } .. versionadded:: 2.6 - The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you + The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you could use ``redirect()`` and ``generateUrl()`` together for this (see the example above). Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL:: @@ -809,14 +809,15 @@ Checking the Validity of a CSRF Token Sometimes you want to use CSRF protection in an action where you don't want to use a Symfony form. -If, for example, you're doing a DELETE action, you can use ``isCsrfTokenValid()``:: +If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +method to check the CSRF token:: if ($this->isCsrfTokenValid('token_id', $submittedToken)) { // ... do something, like deleting an object } .. versionadded:: 2.6 - The ``isCsrfTokenValid()`` shortcut method was added in Symfony 2.6. + The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. Previously you would use:: From 42c78fde8a65f1f89f5a2f60649dba258736bc4f Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Sun, 31 May 2015 10:26:51 +0200 Subject: [PATCH 4/6] 4668 move method reference to own line --- book/controller.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/book/controller.rst b/book/controller.rst index 9e3eece3012..0916dba6e61 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -809,7 +809,8 @@ Checking the Validity of a CSRF Token Sometimes you want to use CSRF protection in an action where you don't want to use a Symfony form. -If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` +If, for example, you're doing a DELETE action, you can use the +:method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` method to check the CSRF token:: if ($this->isCsrfTokenValid('token_id', $submittedToken)) { From 1d0aa8e2af33d51e8834d9cf628cc887ef41a05c Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Tue, 28 Jul 2015 20:14:45 +0200 Subject: [PATCH 5/6] 4668 rephrased two sentences --- book/controller.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/book/controller.rst b/book/controller.rst index 0916dba6e61..84a726eaaed 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -806,8 +806,8 @@ variable. Checking the Validity of a CSRF Token ------------------------------------- -Sometimes you want to use CSRF protection in an action where you don't want to use a -Symfony form. +Sometimes you want to use CSRF protection in an action where you don't want to use the +Symfony Form component. If, for example, you're doing a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid` @@ -820,7 +820,7 @@ method to check the CSRF token:: .. versionadded:: 2.6 The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. -Previously you would use:: +It is equivalent to executing the following code:: use Symfony\Component\Security\Csrf\CsrfToken; From e719d563f967a14c5f0d8d72b2e6b15114d726c6 Mon Sep 17 00:00:00 2001 From: Henry Snoek Date: Tue, 28 Jul 2015 21:32:34 +0200 Subject: [PATCH 6/6] 4668 change title --- book/controller.rst | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/book/controller.rst b/book/controller.rst index 84a726eaaed..18555aeb521 100644 --- a/book/controller.rst +++ b/book/controller.rst @@ -803,8 +803,8 @@ Just like when creating a controller for a route, the order of the arguments of order of the arguments, Symfony will still pass the correct value to each variable. -Checking the Validity of a CSRF Token -------------------------------------- +Validating a CSRF Token +----------------------- Sometimes you want to use CSRF protection in an action where you don't want to use the Symfony Form component. @@ -819,8 +819,7 @@ method to check the CSRF token:: .. versionadded:: 2.6 The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6. - -It is equivalent to executing the following code:: + It is equivalent to executing the following code:: use Symfony\Component\Security\Csrf\CsrfToken; pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy