понедельник, 21 марта 2011 г.

How to change "csrf attack detected" message in symfony

It is proposed some methods how to change this message.

I wrote another simple one:

1. Override addCSRFProtection in BaseForm.class.php:

public function addCSRFProtection($secret = null)
  {
    parent::addCSRFProtection($secret);
    $validatorSchema=$this->getValidatorSchema();
    if (isset($validatorSchema[self::$CSRFFieldName])) 
    {
      $validatorSchema[self::$CSRFFieldName]=new myValidatorCSRFToken($validatorSchema[self::$CSRFFieldName]->getOptions());
    }
  }

2. Add new myValidatorCSRFToken.class.php with contents:

class myValidatorCSRFToken extends sfValidatorBase
{
  protected function configure($options = array(), $messages = array())
  {
    $this->addRequiredOption('token');

    $this->setOption('required', true);

    $this->addMessage('csrf_attack', 'Время сессии истекло.');
  }

  protected function doClean($value)
  {
    if ($value != $this->getOption('token'))
    {
      $exception=new sfValidatorError($this, 'csrf_attack');
      throw new sfValidatorErrorSchema($this, array($exception));
    }

    return $value;
  }
}

3. That's all :)

Комментариев нет:

Отправить комментарий