I have a delete link to delete a Comment object by ID /comment/:id/delete
In order to secure this link I add a csrf token to the link
$CSRFTokenForm = new BaseForm();
$link = url_for(..., array('_csrf_token' => $CSRFTokenForm->getCSRFToken()));
and in the executeDelete i use the checkCSRFProtection()
method, and it all works fine.
The only thing is that each comment is displayed by a partial, and each partial creates it's own BaseForm()
in order to create the token, which is waste of time since they're all the same..
Do you have a better idea on how to make it more efficie开发者_Python百科nt, like maybe a static getCSRFToken()
method or creating a global BaseForm()
?
Use SF's method => delete. It creates the CSRF token for you:
<?php
echo link_to('comment/' . $comment->getId() . '/delete',
array(
'method' => 'delete',
'confirm' => 'Do you really want to delete the comment??',
'title' => 'Delete'
)
);
?>
Yes it's a jQuery Plugin error. If you are using sfJqueryReloadedPlugin - 1.4.3 you need to change the source code of the file jQueryHelper in the plugin's directory and put "BaseForm" instead of "sfForm" in the "csrf => 1" sectuo
With the jQuery Plugin try:
jq_link_to_remote('comment/' . $comment->getId() . '/delete', array('csrf' => 1))
Found it in the sourcecode and they do it with a BaseForm instance, too.
精彩评论