提交嵌入的表单时处理csrf标记

时间:2014-05-02 23:51:34

标签: forms symfony token csrf

使用Symfony2.3.​​4

在我的项目中,我有以下课程:服务,交通,膳食和住宿 我在服务中嵌入了后者。

我正致力于服务'带有嵌入式表单的new.html.twig视图,我得到它来显示所有三个实体'表格好。只有一个我不满意的细节:

这里是现在的代码:

////ServicesController.php
public function newAction(Request $request, $id_person, $id_edition) {
        $entity = new Services();

        $meals = new Meals();
        $lodging = new Lodging();
        $transport = new Transport();
        $transport2 = new Transport();
        $entity->addLodging($lodging);
        $entity->addTransport($transport);
        $entity->addTransport($transport2);
        $entity->addMeals($meals);

        $form = $this->createCreateForm($entity);
        $form->bind($request);

PAUSE:最后一行代码是我需要一些建议的:首先我把它放在我读的here但是如果我这样做,我得到 CSRF令牌是无效的。请尝试重新提交表单。错误,我把它拿出来并且修复了,这是正确的方法?,我应该做其他事吗?,有关它的任何见解......

//continues...
        return $this->render('ServicesBundle:Services:new.html.twig', array(
                    'form' => $form->createView(),
                    'id_person' => $id_person,
                    'id_edition' => $id_edition));
    }

和视图:

{# Services' new.html.twig #}
{% extends 'AdminBundle:Default:admin.html.twig' %}

{% block content -%}

<div class="row-fluid">
    <h2 class="new-tag">Services</h2>
    <form class="form-horizontal sf_admin_form_area" 
          action="{{ path('services_create',{'id_peson':person.id}) }}" 
          method="post" {{ form_enctype(form) }}>
          {{form_errors(form)}}

PAUSE:最后一行不在那里,我把它看看是什么触发了下一个IF

{% if form_errors(form) != '' %}
   <div class="alert alert-error">
       <i class="glyphicon-ban-circle"></i>
       <h3>General "There's an error somewhere..." error message</h3>
   </div>
{% endif %}
<h3>Lodging</h3>
{%for lo in form.lodging%}
   {{ form_widget(lo) }}
{%endfor%}

<h3>Meals</h3>        
{%for me in form.meals%}
    {{ form_widget(me) }}
{%endfor%}

{%if person.type != 'ee'%}
   <h3>Transport</h3>
   {%for tr in form.transport%}
       {{ form_widget(tr) }}
   {%endfor%}        
{%endif%}

{{form_row(form._token)}}{#not sure about this guy, 
got the error with it and without it#}

<div class="form-actions">
    <button class="btn btn-primary">
        <i class="glyphicon-ok"></i> {{'Save' | trans}}</button>
    <a class="btn" href="{{ path('student',{'edition_id':id_edition}) }}">
        <i class="glyphicon-ban-circle"></i> {{'Cancel' | trans }}</a>
</div>
</form>
</div>
{% endblock %}

最后是类型构建器,以备不时之需

public function buildForm(FormBuilderInterface $builder, array $options) {
        $builder->add('lodging', 'collection', array(
            'type' => new LodgingType()));
        $builder->add('transport', 'collection', array(
            'type' => new TransportType()));
        $builder->add('meals', 'collection', array(
            'type' => new MealsType(),
            'allow_add' => true));
    }

1 个答案:

答案 0 :(得分:2)

由于您只在添加$form->bind($request)时收到消息,我建议您尝试以下操作:

if ('POST' === $request->getMethod()) {
    $form->bind($request);
    if ($form->isValid()) {
        // Do something
    }
}

您只需将请求绑定到提交表单,因为它只包含数据。这样您就可以保留CSRF令牌。当然,您还必须在视图中保留{{ form_widget(form._token) }}