Symfony2 - Empty CSRF token

Symfony2 - Empty CSRF token - php

I deployed a Symfony2 app, but all the forms have empty csrf tokens. This html comes from firebug. As you can see, the tag is properly rendered, but no value is assigned.
<input type="hidden" value="" name="category[_token]" id="category__token">
In my controller:
$form = $this->createForm(new CategoryForm(), new Category());
$form->handleRequest($request);
if ($form->isValid()) {
(...)
}
In the template, the form is inside of a bootstrap 3 modal.
{{ form_start(form) }}
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">×</span><span class="sr-only">Close</span></button>
<h4 class="modal-title" id="myModalLabel">Voeg een tariefplan toe</h4>
</div>
<div class="modal-body">
<div class="form-group">
{{ form_label(form.name) }}
{{ form_widget(form.name) }}
</div>
<div class="form-group">
{{ form_label(form.parent) }}
{{ form_widget(form.parent, {'attr':{ 'class': 'form-control' }}) }}
</div>
<div class="form-group">
{{ form_label(form.sizes) }}
{{ form_widget(form.sizes, {'attr':{ 'class': 'form-control' }}) }}
</div>
<div class="form-group">
{{ form_label(form.description) }}
{{ form_widget(form.description, {'attr':{ 'class': 'form-control' }}) }}
</div>
{{ form_widget(form._token) }}
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Annuleren</button>
{{ form_widget(form.save, {'attr':{ 'class': 'btn btn-primary' }}) }}
</div>
</div>
</div>
{{ form_end(form) }}
I also created a gist for the CategoryForm class : http://goo.gl/6NWTkB.
Anyone who knows what I'm missing here?

You must provide the value:
<input type="hidden" value={{ csrf_token('category') }}"" name="category[_token]" id="category__token">

A couple of ideas:
{{ form_end(form) }} should output your token so there's no need to have: {{ form_widget(form._token) }}.
If you have a very large form php might truncate your request vars. Have a look at max_input_vars in your php.ini. Default is 1000 I believe.

Related

symfony- update entity and changed fields

I try editAction in symfony but I have error when if not change input file it update field file in database to null ... how to not update field file if not changed value in update action
code action:
/**
* #Route("/babysitter/update/{id}", name="update_babysitter_by_admin")
*
* #param Request $request
* #param BabySitter $babySitter
* #ParamConverter("id", options={"id": "id"})
*
* #return mixed
*/
public function updateBabySitterAction(BabySitter $babySitter, Request $request){
$em= $this->getDoctrine()->getManager();
$form= $this->createForm(BabySitterType::class, $babySitter,['requiredFile'=> false]);
$form->handleRequest($request);
if($form->isSubmitted() && $form->isValid()){
if($babySitter->getPicture()->getDocument()){
$this->uploadDocument->upload($babySitter->getPicture(), $this->getParameter('pictures_directory'));
}
if($babySitter->getCriminalRecord()->getDocument()){
$this->uploadDocument->upload($babySitter->getCriminalRecord(), $this->getParameter('criminalRecord_director_babySitter'));
}
if($babySitter->getIdCards()){
$this->uploadDocument->uploadIdCard($babySitter->getIdCards(), $babySitter,$this->getParameter('idCard_directory'));
}
$em->persist($babySitter);
$em->flush();
$url = $this->generateUrl('info_babySitter',['id'=> $babySitter->getId()]);
$response = new RedirectResponse($url);
return $response;
}
return $this->render('admin/registerBabySitter.html.twig',[
'form'=> $form->createView()
]);
}
code twig:
{% trans_default_domain 'FOSUserBundle' %}
<div class="register-box" style="width:460px">
<div class="register-box-body">
<p class="login-box-msg">Register a new BabySitter</p>
{{ form_start(form, {'method':'post', 'attr': {'class': 'fos_user_registration_register', 'novalidate': 'novalidate'}}) }}
<div class="form-group has-feedback">
{{ form_widget(form.email,{'attr': {'class': 'form-control', 'placeholder': 'Email'}}) }}
{{ form_errors(form.email) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.firstName,{'attr': {'class': 'form-control', 'placeholder': 'FirstName'}}) }}
{{ form_errors(form.firstName) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.lastName,{'attr': {'class': 'form-control', 'placeholder': 'LastName'}}) }}
{{ form_errors(form.lastName) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.plainPassword.first,{'attr': {'class': 'form-control', 'placeholder': 'Password'}}) }}
{{ form_errors(form.plainPassword.first) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.plainPassword.second,{'attr': {'class': 'form-control', 'placeholder': 'Repeat Password'}}) }}
{{ form_errors(form.plainPassword.second) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.genre,{'attr': {'class': 'form-control', 'placeholder': 'Genre'}}) }}
{{ form_errors(form.genre) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.dateBirth,{'attr': {'class': 'form-control', 'placeholder': 'date Birthday'}}) }}
{{ form_errors(form.dateBirth) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.linkVideo,{'attr': {'class': 'form-control', 'placeholder': 'link Video'}}) }}
{{ form_errors(form.linkVideo) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.criminalRecord) }}
{{ form_errors(form.criminalRecord) }}
</div>
<div class="form-group has-feedback">
<ul id="idCard-fields-list"
data-prototype="{{ form_widget(form.idCards.vars.prototype)|e }}"
data-widget-tags="{{ '<li></li>'|e }}">
{{ form_row(form.idCards) }}
{% for idCardField in form.idCards %}
<li>
{{ form_errors(idCardField) }}
{{ form_widget(idCardField) }}
</li>
{% endfor %}
</ul>
<div class="row">
<button type="button"
class="add-another-collection-widget-idCard btn btn-primary btn-flat"
data-list="#idCard-fields-list">Add another idCard</button>
</div>
</div>
<div class="form-group has-feedback">
{{ form_widget(form.nbrYears,{'attr': {'class': 'form-control', 'placeholder': 'Number Years'}}) }}
{{ form_errors(form.nbrYears) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.rib,{'attr': {'class': 'form-control', 'placeholder': ' rib'}}) }}
{{ form_errors(form.rib) }}
</div>
<div class="form-group has-feedback">
{{ form_widget(form.presentation,{'attr': {'class': 'form-control', 'placeholder': 'presentation'}}) }}
{{ form_errors(form.presentation) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.adress) }}
{{ form_errors(form.adress) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.availability) }}
{{ form_errors(form.availability) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.assignement) }}
{{ form_errors(form.assignement) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.qualification) }}
{{ form_errors(form.qualification) }}
</div>
<div class="form-group has-feedback">
{{ form_row(form.picture) }}
{{ form_errors(form.picture) }}
</div>
<div class="form-group has-feedback">
<ul id="language-fields-list"
data-prototype="{{ form_widget(form.languages.vars.prototype)|e }}"
data-widget-tags="{{ '<li></li>'|e }}">
{{ form_widget(form.languages) }}
{% for languageField in form.languages %}
<li>
{{ form_errors(languageField) }}
{{ form_widget(languageField) }}
</li>
{% endfor %}
</ul>
<div class="row">
<button type="button"
class="add-another-collection-widget btn btn-primary btn-flat"
data-list="#language-fields-list">Add another language</button>
</div>
</div>
<div class="row">
<div class="col-xs-12">
<input type="submit" class="btn btn-primary btn-block btn-flat" value="{{ 'registration.submit'|trans }}">
</div>
<!-- /.col -->
</div>
{{ form_rest(form) }}
{{ form_end(form) }}
</div>
<!-- /.form-box -->
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
<script>
jQuery(document).ready(function () {
jQuery('.add-another-collection-widget').click(function (e) {
var list = jQuery(jQuery(this).attr('data-list'));
// Try to find the counter of the list or use the length of the list
var counter = list.data('widget-counter') | list.children().length;
// grab the prototype template
var newWidget = list.attr('data-prototype');
// replace the "__name__" used in the id and name of the prototype
// with a number that's unique to your emails
// end name attribute looks like name="contact[emails][2]"
newWidget = newWidget.replace(/__name__/g, counter);
// Increase the counter
counter++;
// And store it, the length cannot be used if deleting widgets is allowed
list.data('widget-counter', counter);
// create a new list element and add it to the list
var newElem = jQuery(list.attr('data-widget-tags')).html(newWidget);
newElem.appendTo(list);
addTagFormDeleteLink(newElem);
});
function addTagFormDeleteLink($tagFormLi) {
var $removeFormButton = $('<button class="btn btn-danger btn-flat" style="margin-top:2%;margin-left:50%" type="button">Delete this Language</button>');
$tagFormLi.append($removeFormButton);
$removeFormButton.on('click', function(e) {
// remove the li for the tag form
$tagFormLi.remove();
});
}
jQuery('.add-another-collection-widget-idCard').click(function (e) {
var list = jQuery(jQuery(this).attr('data-list'));
// Try to find the counter of the list or use the length of the list
var counter = list.data('widget-counter') | list.children().length;
// grab the prototype template
var newWidget = list.attr('data-prototype');
// replace the "__name__" used in the id and name of the prototype
// with a number that's unique to your emails
// end name attribute looks like name="contact[emails][2]"
newWidget = newWidget.replace(/__name__/g, counter);
// Increase the counter
counter++;
// And store it, the length cannot be used if deleting widgets is allowed
list.data('widget-counter', counter);
// create a new list element and add it to the list
var newElem = jQuery(list.attr('data-widget-tags')).html(newWidget);
if(counter <= 3){ newElem.appendTo(list); }
});
function addIdCardFormDeleteLink($tagFormLi) {
var $removeFormButton = $('<button class="btn btn-danger btn-flat" style="margin-top:2%;margin-left:50%" type="button">Delete this idCard</button>');
$tagFormLi.append($removeFormButton);
$removeFormButton.on('click', function(e) {
// remove the li for the tag form
$tagFormLi.remove();
});
}
});
</script>
when i update entity and i not update field file i have field file in database null ... how to update entity without changed in input file

Remove entity not working inside the form easy admin bundle

I have this code :
{{ form_start(form, {'attr': {'class': 'form-vertical edit-form', 'id': 'new-users-form', 'data-view': 'new'}}) }}
<div class="row">
<div class="field-group col-xs-12 col-sm-4">
<div class="box box-default">
<div class="box-body " id="box-body-_easyadmin_form_design_element_0">
<div class="row">
<div class="col-xs-12 ">
<div class="form-group field-text">
{{ form_row(form.value, {'attr': {'class': 'form-control' }}) }}
</div>
</div>
<div class="col-xs-12 ">
<div class="form-group field-text">
{{ form_row(form.comment, {'attr': {'class': 'form-control' }}) }}
</div>
</div>
<div class="col-xs-12 form-actions">
<div class="form-group">
<div id="form-actions-row">
<button type="submit" class="btn btn-primary action-save pull-right">
<i class="fa fa-check"></i> {{ 'general.buttons.confirm'|trans }}
</button>
<a class="btn btn-danger pull-right action-delete" style="margin-right: 1%" title=""
href="{{ path('admin', {'entity' : 'User', 'action' : 'delete', 'id' : entity.id}) }}" target="_self">
<i class="fa fa-trash-o"></i>
{{ 'general.buttons.delete'|trans }}
</a>
<a name="list" class="btn btn-secondary pull-right" title=""
href="{{ path('admin', {'entity' : 'User', 'action' : 'list'}) }}" target="_self">
{{ 'general.buttons.back_to_liste'|trans }}
</a>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
{{ form_widget(form._token) }}
{{ form_end(form,{'render_rest': false}) }}
Add and Back links works just fine. The only problem is with delete button. When I try to delete I'm redirect to the liste of User entity whitout delete the current User. I don't have any errors. Please help me. Thx in advance

Twig send data to symfony controller from form type

I got the following form type:
class AjoutDossierType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $option)
{
$builder
->add('nomDossier', TextType::class, array(
'label' => 'Nom du dossier',
'required' => 'true',
'attr' => array('pattern' => '[a-zA-Z0-9_\-&.]{1,255}')
))
->add('btnAction', SubmitType::class);
}
}
And the following modal in my twig view where I use the previous form:
{% if dossierForm is not null %}
<div id="ajout-dossier" class="modal fade" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Ajout d'un dossier</h4>
</div>
<div class="modal-body">
<div class="row">
<div class="col-sm-6">
{% if dossierForm is defined %}
{{ form_start(dossierForm, { 'attr': { 'data-toggle':'validator' } }) }}
{{ form_row(dossierForm.nomDossier) }}
{{ form_row(dossierForm.btnAction, {'label':'Créer', 'full_name':'dossierVoulu', 'value':'{{getDossierCourant(cheminVoulu)}}' , 'attr': {'class': 'btn btn-primary boutonRangeeGeneral'}}) }}
{{ form_rest(dossierForm) }}
{{ form_end(dossierForm) }}
{% endif %}
</div>
<div class="col-sm-6">
<p>Caractères acceptés</p>
<ul>
<li>Lettres minuscules et majuscules</li>
<li>Chiffres (0-0)</li>
<li>Les symboles suivants : (_-&.)</li>
</ul>
</div>
</div>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
{% endif %}
{% endblock %}
The thing is, I want to send to my controller a value when he clicks on the button that I need to perform different tasks, So I added this:
{{ form_row(dossierForm.btnAction, {'label':'Créer', 'full_name':'dossierVoulu', 'value':'{{getDossierCourant(cheminVoulu)}}' , 'attr': {'class': 'btn btn-primary boutonRangeeGeneral'}}) }}
This doesn't work but it does on a regular HTML form and I can't find any useful documentation. Is there any way to make it work or another technique to achieve the same results?

How can i have the form text empty?

I dont know the way to leave the the form text empty is there is no result.I need something like this.....
If there is no userCreator = form text empty
My code
<div class="col-md-4">
<div class="form-group">
{{ Form::label('userCreator','UserCreator') }}
#if(isset($userCreator))
#foreach($userCreator as $cs)
{{ Form::text('userCreator',$cs->home_lastname,['class'=>'form-control']) }}
#endforeach
#else{ {{-- What should i put inside here ? --}}
}
#endif
</div>
</div>

#if(isset($userCreator) && count($userCreator) > 0)
<div class="col-md-4">
<div class="form-group">
{{ Form::label('userCreator','UserCreator') }}
#foreach($userCreator as $cs)
{{ Form::text('userCreator',$cs->home_lastname,['class'=>'form-control']) }}
#endforeach
</div>
</div>
#endif

try this ...
<div class="col-md-4">
<div class="form-group">
{{ Form::label('userCreator','UserCreator') }}
#if(!empty($userCreator))
#foreach($userCreator as $cs)
{{ Form::text('userCreator',$cs->home_lastname,['class'=>'form-control']) }}
#endforeach
#else
{{ Form::text('userCreator','', ['class'=>'form-control']) }}
#endif
</div>
</div>

Prevent form fields from rendering

I'm trying to control the rendering of password fields based on whether i'm editing an user or creating one. I'm doing this with a simple session boolean variable as follows:
{{ form_start(userForm) }}
{{ form_errors(userForm) }}
<div id="user-fg-email" class="form-group">
{{ form_label(userForm.email) }}
{{ form_errors(userForm.email) }}
{{ form_widget(userForm.email) }}
</div>
{% if app.session.get('editingUser') == false %}
<div id="user-fg-pp1" class="form-group">
{{ form_label(userForm.plainPassword.first) }}
{{ form_widget(userForm.plainPassword.first) }}
</div>
<div id="user-fg-pp2" class="form-group">
{{ form_label(userForm.plainPassword.second) }}
{{ form_errors(userForm.plainPassword.first) }}
{{ form_widget(userForm.plainPassword.second) }}
</div>
{% endif %}
<div id="user-fg-role" class="form-group">
{{ form_label(userForm.role) }}
{{ form_errors(userForm.role) }}
{{ form_widget(userForm.role) }}
</div>
<button type="submit" class="btn btn-primary pull-right">Submit</button>
{{ form_end(userForm) }}
However when this boolean is evaluated as true, which is supposed to prevent these fields from rendering, they are still being rendered assumingly by the later following form_end tag.
Is there a way to prevent that from happening?
edit:
if editingUser == true the password fields are actually rendered after the button, hence my assumption it's done so by the form_end tag.

Because you have to specify Twig to not display all the rest of the fields which are not explicitly rendered in the form : http://symfony.com/doc/current/reference/forms/twig_reference.html#form-end-view-variables
{{ form_end(form, {'render_rest': false}) }}

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Symfony2 - Empty CSRF token - php

You must provide the value: <input type="hidden" value={{ csrf_token('category') }}"" name="category[_token]" id="category__token">

A couple of ideas: {{ form_end(form) }} should output your token so there's no need to have: {{ form_widget(form._token) }}. If you have a very large form php might truncate your request vars. Have a look at max_input_vars in your php.ini. Default is 1000 I believe.

Related

symfony- update entity and changed fields

Remove entity not working inside the form easy admin bundle

Twig send data to symfony controller from form type

How can i have the form text empty?

Prevent form fields from rendering

Categories

Resources