bug #9673 Fixed BC break in csrf protection (WouterJ)

This PR was merged into the 2.4 branch.

Discussion
----------

Fixed BC break in csrf protection

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #9429
| License       | MIT
| Doc PR        | n/a

Commits
-------

d00954a Default form.csrf_protection.enabled to csrf_protection.enabled

Author: fabpot

DependencyInjection/Configuration.php

@@ -120,8 +120,12 @@ private function addFormSection(ArrayNodeDefinition $rootNode)
                     ->canBeEnabled()
                     ->children()
                         ->arrayNode('csrf_protection')
-                            ->canBeDisabled()
+                            ->treatFalseLike(array('enabled' => false))
+                            ->treatTrueLike(array('enabled' => true))
+                            ->treatNullLike(array('enabled' => true))
+                            ->addDefaultsIfNotSet()
                             ->children()
+                                ->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
                                 ->scalarNode('field_name')->defaultNull()->end()
                             ->end()
                         ->end()

DependencyInjection/FrameworkExtension.php

@@ -162,6 +162,10 @@ public function load(array $configs, ContainerBuilder $container)
     private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
     {
         $loader->load('form.xml');
+        if (null === $config['form']['csrf_protection']['enabled']) {
+            $config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
+        }
+
         if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
             $loader->load('form_csrf.xml');
 

Tests/DependencyInjection/ConfigurationTest.php

@@ -96,7 +96,7 @@ protected static function getBundleDefaultConfig()
             'form'                => array(
                 'enabled' => false,
                 'csrf_protection' => array(
-                    'enabled' => true,
+                    'enabled' => null, // defaults to csrf_protection.enabled
                     'field_name' => null,
                 ),
             ),

Tests/DependencyInjection/Fixtures/php/csrf.php

@@ -1,8 +1,14 @@
 <?php
 
 $container->loadFromExtension('framework', array(
+    'csrf_protection' => array(
+        'enabled' => false,
+    ),
     'form' => array(
         'enabled' => true,
+        'csrf_protection' => array(
+            'enabled' => true,
+        ),
     ),
     'session' => array(
         'handler_id' => null,

Tests/DependencyInjection/Fixtures/xml/csrf.xml

@@ -7,7 +7,12 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form />
+        <framework:csrf-protection enabled="false" />
+
+        <framework:form>
+            <framework:csrf-protection />
+        </framework:form>
+
         <framework:session />
     </framework:config>
 </container>

Tests/DependencyInjection/Fixtures/yml/csrf.yml

@@ -1,6 +1,8 @@
 framework:
+    csrf_protection: false
     secret: s3cr3t
-    form: ~
+    form:
+        csrf_protection: true
     session: ~
     # CSRF is disabled by default
     # csrf_protection: ~