`gipfl/web/Form`: Fix form validation

composer.json

@@ -12,6 +12,9 @@
         "sort-packages": true,
         "platform": {
             "php": "5.6.3"
+        },
+        "allow-plugins": {
+            "cweagans/composer-patches": true
         }
     },
     "require": {
@@ -42,11 +45,20 @@
         "gipfl/translation": ">=0.1.1",
         "gipfl/web": ">=0.11",
         "gipfl/zfdb": ">=0.4",
-        "gipfl/zfdbstore": ">=0.3"
+        "gipfl/zfdbstore": ">=0.3",
+        "cweagans/composer-patches": "~1.0"
     },
     "scripts": {
         "post-update-cmd": [
             "bin/refresh-public.sh"
         ]
+    },
+    "extra": {
+        "composer-exit-on-patch-failure": true,
+        "patches": {
+            "gipfl/web": {
+                "Gipfl Form: Csrf element validation": "patches/gipfl-web-form.patch"
+            }
+        }
     }
 }

patches/gipfl-web-form.patch

@@ -0,0 +1,28 @@
+diff --git a/vendor/gipfl/web/src/Form.php b/vendor/gipfl/web/src/Form.php
+index e5e52f9..348ec9d 100644
+--- a/vendor/gipfl/web/src/Form.php
++++ b/vendor/gipfl/web/src/Form.php
+@@ -201,8 +201,9 @@ class Form extends iplForm
+
+     protected function addCsrfElement()
+     {
+-        $element = new HiddenElement('__CSRF__', [
++        $element = new HiddenElement('__FORM_CSRF', [
+             'ignore' => true,
++            'required' => true
+         ]);
+         $element->setValidators([
+             new PhpSessionBasedCsrfTokenValidator()
+@@ -210,11 +211,7 @@ class Form extends iplForm
+         // prepend / register -> avoid decorator
+         $this->prepend($element);
+         $this->registerElement($element);
+-        if ($this->hasBeenSent()) {
+-            if (! $element->isValid()) {
+-                $element->setValue(PhpSessionBasedCsrfTokenValidator::generateCsrfValue());
+-            }
+-        } else {
++        if (! $this->hasBeenSent()) {
+             $element->setValue(PhpSessionBasedCsrfTokenValidator::generateCsrfValue());
+         }
+     }