Symfony isValid False CSRF令牌无效

时间:2015-07-30 10:33:19

标签: php forms symfony twig

我有表格和实体,我不明白为什么我有这个错误:

"ERROR: The CSRF token is invalid. Please try to resubmit the form.\n"

我尝试使用表单实体和' data_class' => ' Artel \ ProfileBundle \ Entity \ Teams',现在没有实体,我有转储但信息不足:

FormErrorIterator {#1194 ▼
-form: Form {#1245 ▶}
-errors: array:1 [▼
0 => FormError {#1244 ▼
  -message: "The CSRF token is invalid. Please try to resubmit the form."
  #messageTemplate: "The CSRF token is invalid. Please try to resubmit the form."
  #messageParameters: []
  #messagePluralization: null
  -cause: null
  -origin: Form {#1245}
}
]
}

UserProfileController.php on line 178:
false//this is $form->isValid()

 UserProfileController.php on line 178:
"ERROR: The CSRF token is invalid. Please try to resubmit the form.\n"

表格:

class TeamInformationType extends AbstractType
{
private $optionContent;

public function __construct($options)
{
    $this->optionContent = $options;
}
/**
 * @param FormBuilderInterface $builder
 * @param array                $options
 */
public function buildForm(FormBuilderInterface $builder, array $options)
{
    $builder
        ->add('company', null, array('label' => 'Company', 'max_length' => 255))
        ->add('technologies', 'skills', array('label' => 'Technologies'))
        ->add('webSite', 'text', array('label' => 'Website URL', 'required' => false))
        ->add('description', null, array('label' => 'Company Description', 'max_length' => 65000, 'required' => false))
        ->add('markets',  'chosen', array('choices' => $this->optionContent['markets'],
            'attr' => array('placeholder' => '...'),
            'label' => 'Vertical markets',
            'required' => true, 'multiple' => true
        ))

        ->add('save', 'submit');
}

/**
 * @return string
 */
public function getName()
{
    return '';
}
}

和我的行动:

//  Team Information submit
public function submitTeamInformationAction($username)
{
    $em = $this->getDoctrine()->getManager();
    $request = $this->get('request');
    $profileRepository = $this->get('artel.profile.users.repository');
    $teamRepository = $this->get('artel.profile.team.repository');
    $user_check_username = $profileRepository;
    $user = $profileRepository->findOneByUsername($username);

    if (!$user) {
        throw $this->createNotFoundException('Unable to find a profile.');
    }
    $authenticator = $this->get('artel.profile.authenticator');
    if (!$authenticator->check($user)) {
        throw new AccessDeniedException('Access Denied!');
    }

    $functionHelper = $this->get('artel.profile.additional_function');
    $em = $this->getDoctrine()->getManager();
    $option['markets'] = $functionHelper->getMarkets();

    $team_id = $user->getTeams()->getId();
    $team = $teamRepository->findOneById($team_id);

    $form = $this->createForm(new TeamInformationType($option), $team);

    if ($request->isMethod('POST')) {
        $form->bind($request);
        if ($form->isValid()) {
            $data = $form->getData();

            $em->persist($data);
            $em->flush();

            return $this->redirect($this->generateUrl('artel_user_profile_homepage', array('username' => $username)) .'#team_infornation');
        }
    }
    dump($form->getErrors(), $form->isValid(), $form->getErrorsAsString());exit;

    $response = $this->render('ArtelProfileBundle:' . $this->template . ':form_team_information.html.twig', array(
        'form' => $form->createView(),
        'user' => $user
    ));

    return $response;
}

和我的树枝:

{{ form_errors(teamForm) }}
{{ form_start(teamForm, {'action': path('artel_user_team_submit_information', {'username': user.username}), 'method': 'POST'}) }}

<div class="form-group">
{{ form_label(teamForm.company, label|default(null), {'label_attr': {'class': 'control-label'}}) }}
{{ form_widget(teamForm.company, {'attr': {'class': 'form-control bs-select'}}) }}
</div>


<div class="form-group">
{{ form_label(teamForm.webSite, label|default(null), {'label_attr': {'class': 'control-label'}}) }}
{{ form_widget(teamForm.webSite, {'attr': {'class': 'form-control bs-select'}}) }}
 </div>

<div class="form-group">
{{ form_label(teamForm.description, label|default(null), {'label_attr': {'class': 'control-label'}}) }}
{{ form_widget(teamForm.description, {'attr': {'class': 'form-control bs-select'}}) }}
</div>

<div class="form-group">
{{ form_label(teamForm.markets, label|default(null), {'label_attr': {'class': 'control-label'}}) }}
{{ form_widget(teamForm.markets, {'attr': {'class': 'form-control bs-select'}}) }}
</div>


<div class="form-group skills col-xs-12">
{{ form_label(teamForm.technologies, label|default(null), {'label_attr': {'class': 'control-label'}}) }}
{{ form_widget(teamForm.technologies, {'attr': {'class': 'form-control chosen-select input-xlarge'}}) }}
</div>


<div class="margin-top-20">
{{ form_widget(teamForm.save, {'attr': {'class': 'btn green-haze'}}) }}
</div>

{{ form_end(infoForm) }}

1 个答案:

答案 0 :(得分:1)

您可以将标记添加到树枝模板:

{{ form_widget(form._token) }}

或不使用CSRF保护(不好):

public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults(array(
            'data_class'      => 'AppBundle\Entity\Task',
            'csrf_protection' => false,
            'csrf_field_name' => '_token',
            // a unique key to help generate the secret token
            'intention'       => 'task_item',
        ));
    }

有关CSRF protection in Symfony

的更多信息
相关问题
最新问题