The default scary error message is hard coded in sfValidatorCSRFToken.class.php like this:

$this->addMessage('csrf_attack', 'CSRF attack detected.');

There aren’t that many clues out there about how to change it without modifying the core class either. Kris Wallsmith (Symfony Release Manager) suggested I look at using event dispatcher. Then I found his article on the net which gave me more clues.

So here’s the solution that I ended up with. First let’s create a listener class and save it in the project lib folder as myTemplateFilterParametersListener.php

class myTemplateFilterParametersListener
{
  public function connect(sfEventDispatcher $dispatcher)
  {
    $dispatcher->connect('template.filter_parameters',
      array($this, 'filterParameters'));
  }
 
  public function filterParameters(sfEvent $event, $parameters)
  {
    foreach ($parameters as $name => $param)
    {
      if ($param instanceof sfForm)
      {
        $form = $param; /* @var $form sfForm */
 
        self::changeCSRFErrorMessage($form);
      }
    }
 
    return $parameters;
  }
 
  public static function changeCSRFErrorMessage(sfForm $form)
  {
    $errors = $form->getErrorSchema()->getNamedErrors();
    if ($errors)
    {
      foreach ($errors as $i => $error)
      { /* @var $error sfValidatorError */
 
        if ($i == '_csrf_token')
        {
          $validator = $error->getValidator();
          /* @var $validator sfValidatorCSRFToken */
          $validator->setMessage('csrf_attack', 'This session has expired. Please return to the home page and try again.');
        }
      }
    }
  }
}

Then hook it to the event dispatcher in apps/frontend/config/frontendConfiguration.class.php

 
class frontendConfiguration extends sfApplicationConfiguration
{
  public function  initialize() {
    $listener = new myTemplateFilterParametersListener($this->getConfigCache());
    $listener->connect($this->dispatcher);
  }
 
  public function configure()
  {
  }
}

./symfony cc

That’s it :)

Use Firebug to test it. Open your webpage containing the form, use Firebug to change the _csrf_token value to trigger CSRF attack error, and you should see “This session has expired. Please return to the home page and try again.” error message.

Related posts:

1. How to make Symfony session to never timeout This is fo

Related posts brought to you by Yet Another Related Posts Plugin.

A Symfony programmer, rekarnar, was doing a butterfly twist move

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Setting timeout to false in factories.yml should’ve worked, e.g. like this:

all:
  user:
    class: myUser
    param:
      # this should have worked, but did not
      timeout: false

But it didn’t work because I think ‘false’ did not get parsed as literal false.

Anyway, my hackish workaround is to add the following inside myUser.class.php:

class myUser extends sfGuardSecurityUser
{
  public function initialize(sfEventDispatcher $dispatcher, sfStorage $storage, $options = array())
  {
    // disable timeout
    $options['timeout'] = false;
    parent::initialize($dispatcher, $storage, $options);
  }
 
  // ...
}

Related posts:

1. How to change CSRF attack message in Symfony 1.2 I wanted t

Related posts brought to you by Yet Another Related Posts Plugin.

At a glance, by reading the ‘read and learn‘ section, this new version will be quite different than the previous versions in terms of file and directory structure, components, etc.

Some highlights:

• Namespace – finally PHP has namespace and Symfony will be one of the first frameworks to support it.
• Bundles – this is kind of like plugin, but in Symfony 2, most/all the codes are organized in bundles. A bundle consists of PHP, css, javascript, images, etc.
• View layer will be even more flexible, due to bundles. I’m guessing there’s be no more issue with trying to share codes between ‘apps’ (no more apps in Symfony 2, they are all bundles).
• More configurable routing.yml – for example you can specify for a routing to return xml, json, and more.

Interesting comparison with other frameworks showing how fast Symfony 2 is, Symfony team claimed it is arguably the fastest!

I look forward to spend sometime to get familiar with this new version.

Happy coding!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Thanks to Ben Haine for uploading those videos :)

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

sudo apt-get update
sudo apt-get install php5-dev apache2-dev build-essential apache2-threaded-dev php-pear
sudo pecl install apc

Then update /etc/php5/apache2/php.ini and add this line:

extension=apc.so

Have fun!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Example of usage:

cacls C:\Inetpub\wwwroot\mypublicfile.txt /E /G Guest:F

• C:\Inetpub\wwwroot\mypublicfile.txt is the file, but we can also specify a folder
• Guest is the user we want to give access
• /E means we add to existing file security settings. Without /E, the system will delete everyone else’s access.
• /G must exists before user:access
• F means full access, R means read, W means write

I got this info from this thread when trying to solve permission denied problem of my ASP script when trying to delete a file.

Happy coding!

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Wikipedia, Facebook, Friendster, Yahoo, Delicious, Youtube, Digg, Wordpress, Tagged, W3Counter, MyYearBook

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.