Comments on: How to change CSRF attack message in Symfony 1.2 http://bluehorn.co.nz/2010/07/15/how-to-change-csrf-attack-message-in-symfony-1-2/ New Zealand Web Design & Development (PHP 5, MySQL, Symfony Framework, Apache, Linux) Fri, 09 Dec 2011 18:27:36 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Sid http://bluehorn.co.nz/2010/07/15/how-to-change-csrf-attack-message-in-symfony-1-2/comment-page-1/#comment-6680 Sid Thu, 17 Mar 2011 19:52:26 +0000 http://bluehorn.co.nz/?p=398#comment-6680 Hi Matt, It would be. Someone just need to test it and make sure it is working (and with what version of Symfony). May be I'll test your code next time I need something like this. Cheers Hi Matt,

It would be. Someone just need to test it and make sure it is working (and with what version of Symfony).

May be I’ll test your code next time I need something like this.

Cheers

]]> By: Matt Farmer http://bluehorn.co.nz/2010/07/15/how-to-change-csrf-attack-message-in-symfony-1-2/comment-page-1/#comment-6679 Matt Farmer Thu, 17 Mar 2011 19:41:39 +0000 http://bluehorn.co.nz/?p=398#comment-6679 Wouldn't it be better to no loop over all of the erros in changeCSRFErrorMessage and instead do something like (untested): public static function changeCSRFErrorMessage(sfForm $form) { $errors = $form->getErrorSchema()->getNamedErrors(); if ( $errors && isset($errors['_csrf_token']) ) { $csrf_error = $errors['_csrf_token']; $validator = $error->getValidator(); $validator->setMessage('csrf_attack', 'This session has expired. Please return to the home page and try again.'); } } Wouldn’t it be better to no loop over all of the erros in changeCSRFErrorMessage and instead do something like (untested):

public static function changeCSRFErrorMessage(sfForm $form)
{
$errors = $form->getErrorSchema()->getNamedErrors();
if ( $errors && isset($errors['_csrf_token']) )
{
$csrf_error = $errors['_csrf_token'];
$validator = $error->getValidator();
$validator->setMessage(‘csrf_attack’, ‘This session has expired. Please return to the home page and try again.’);
}
}

]]> By: Sid http://bluehorn.co.nz/2010/07/15/how-to-change-csrf-attack-message-in-symfony-1-2/comment-page-1/#comment-5496 Sid Thu, 20 Jan 2011 20:23:21 +0000 http://bluehorn.co.nz/?p=398#comment-5496 Removing CSRF? You can call $this->disableCSRFProtection() to remove the CSRF protection of a form. Or to disable all CSRF on all forms, go to the frontend/config/settings.yml and set "csrf_secret: false" Removing CSRF? You can call $this->disableCSRFProtection() to remove the CSRF protection of a form. Or to disable all CSRF on all forms, go to the frontend/config/settings.yml and set “csrf_secret: false”

]]> By: Jerome http://bluehorn.co.nz/2010/07/15/how-to-change-csrf-attack-message-in-symfony-1-2/comment-page-1/#comment-5492 Jerome Thu, 20 Jan 2011 17:19:33 +0000 http://bluehorn.co.nz/?p=398#comment-5492 This is great. Symfony prepends the message w/ "_csrf_token:" with is a bit cryptic for end users. Is there a solution for removing it? This is great. Symfony prepends the message w/ “_csrf_token:” with is a bit cryptic for end users. Is there a solution for removing it?

]]>