Menu
I have a delete link to delete a Comment object by ID /comment/:id/delete
In order to secure this link I add a csrf token to the link
$CSRFTokenForm = new BaseForm();
$link = url_for(..., array('_csrf_token' => $CSRFTokenForm->getCSRFToken()));
and in the executeDelete i use the checkCSRFProtection() method, and it all works fine.
The only thing is that each comment is displayed by a partial, and each partial creates it's own BaseForm() in order to create the token, which is waste of time since they're all the same..
Do you have a better idea on how to make it more efficient, like maybe a static getCSRFToken() method or creating a global BaseForm()?
836
Use SF's method => delete. It creates the CSRF token for you:
<?php
echo link_to('comment/' . $comment->getId() . '/delete',
array(
'method' => 'delete',
'confirm' => 'Do you really want to delete the comment??',
'title' => 'Delete'
)
);
?>
Yes it's a jQuery Plugin error. If you are using sfJqueryReloadedPlugin - 1.4.3 you need to change the source code of the file jQueryHelper in the plugin's directory and put "BaseForm" instead of "sfForm" in the "csrf => 1" sectuo
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
