vendor/symfony/form/Extension/Csrf/EventListener/CsrfValidationListener.php line 65

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Form\Extension\Csrf\EventListener;
  14. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  15. use Symfony\Component\Form\FormError;
  16. use Symfony\Component\Form\FormEvent;
  17. use Symfony\Component\Form\FormEvents;
  18. use Symfony\Component\Form\Util\ServerParams;
  19. use Symfony\Component\Security\Csrf\CsrfToken;
  20. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  21. use Symfony\Contracts\Translation\TranslatorInterface;
  23. /**
  24.  * @author Bernhard Schussek <bschussek@gmail.com>
  25.  */
  26. class CsrfValidationListener implements EventSubscriberInterface
  27. {
  28.     private $fieldName;
  29.     private $tokenManager;
  30.     private $tokenId;
  31.     private $errorMessage;
  32.     private $translator;
  33.     private $translationDomain;
  34.     private $serverParams;
  36.     public static function getSubscribedEvents()
  37.     {
  38.         return [
  39.             FormEvents::PRE_SUBMIT => 'preSubmit',
  40.         ];
  41.     }
  43.     public function __construct(string $fieldNameCsrfTokenManagerInterface $tokenManagerstring $tokenIdstring $errorMessageTranslatorInterface $translator nullstring $translationDomain nullServerParams $serverParams null)
  44.     {
  45.         $this->fieldName $fieldName;
  46.         $this->tokenManager $tokenManager;
  47.         $this->tokenId $tokenId;
  48.         $this->errorMessage $errorMessage;
  49.         $this->translator $translator;
  50.         $this->translationDomain $translationDomain;
  51.         $this->serverParams $serverParams ?? new ServerParams();
  52.     }
  54.     public function preSubmit(FormEvent $event)
  55.     {
  56.         $form $event->getForm();
  57.         $postRequestSizeExceeded 'POST' === $form->getConfig()->getMethod() && $this->serverParams->hasPostMaxSizeBeenExceeded();
  59.         if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
  60.             $data $event->getData();
  62.             $csrfValue \is_string($data[$this->fieldName] ?? null) ? $data[$this->fieldName] : null;
  63.             $csrfToken = new CsrfToken($this->tokenId$csrfValue);
  65.             if (null === $csrfValue || !$this->tokenManager->isTokenValid($csrfToken)) {
  66.                 $errorMessage $this->errorMessage;
  68.                 if (null !== $this->translator) {
  69.                     $errorMessage $this->translator->trans($errorMessage, [], $this->translationDomain);
  70.                 }
  72.                 $form->addError(new FormError($errorMessage$errorMessage, [], null$csrfToken));
  73.             }
  75.             if (\is_array($data)) {
  76.                 unset($data[$this->fieldName]);
  77.                 $event->setData($data);
  78.             }
  79.         }
  80.     }
  81. }