diff --git a/composer.json b/composer.json index 0763735..e88a290 100644 --- a/composer.json +++ b/composer.json @@ -12,6 +12,9 @@ "sort-packages": true, "platform": { "php": "5.6.3" + }, + "allow-plugins": { + "cweagans/composer-patches": true } }, "require": { @@ -42,11 +45,20 @@ "gipfl/translation": ">=0.1.1", "gipfl/web": ">=0.11", "gipfl/zfdb": ">=0.4", - "gipfl/zfdbstore": ">=0.3" + "gipfl/zfdbstore": ">=0.3", + "cweagans/composer-patches": "~1.0" }, "scripts": { "post-update-cmd": [ "bin/refresh-public.sh" ] + }, + "extra": { + "composer-exit-on-patch-failure": true, + "patches": { + "gipfl/web": { + "Gipfl Form: Csrf element validation": "patches/gipfl-web-form.patch" + } + } } } diff --git a/patches/gipfl-web-form.patch b/patches/gipfl-web-form.patch new file mode 100644 index 0000000..3136f82 --- /dev/null +++ b/patches/gipfl-web-form.patch @@ -0,0 +1,28 @@ +diff --git a/vendor/gipfl/web/src/Form.php b/vendor/gipfl/web/src/Form.php +index e5e52f9..348ec9d 100644 +--- a/vendor/gipfl/web/src/Form.php ++++ b/vendor/gipfl/web/src/Form.php +@@ -201,8 +201,9 @@ class Form extends iplForm + + protected function addCsrfElement() + { +- $element = new HiddenElement('__CSRF__', [ ++ $element = new HiddenElement('__FORM_CSRF', [ + 'ignore' => true, ++ 'required' => true + ]); + $element->setValidators([ + new PhpSessionBasedCsrfTokenValidator() +@@ -210,11 +211,7 @@ class Form extends iplForm + // prepend / register -> avoid decorator + $this->prepend($element); + $this->registerElement($element); +- if ($this->hasBeenSent()) { +- if (! $element->isValid()) { +- $element->setValue(PhpSessionBasedCsrfTokenValidator::generateCsrfValue()); +- } +- } else { ++ if (! $this->hasBeenSent()) { + $element->setValue(PhpSessionBasedCsrfTokenValidator::generateCsrfValue()); + } + }