FormHelper::csrfToken()

string csrfToken(string $tokenId)

Returns a CSRF token.

Use this helper for CSRF protection without the overhead of creating a form.

echo $view['form']->csrfToken('rmuser'.$user->getId());

Check the token in your action using the same CSRF token id.

$csrfProvider = $this->get('security.csrf.tokengenerator'); if (!$csrfProvider->isCsrfTokenValid('rmuser_'.$user->getId(), $token)) { throw new \RuntimeException('CSRF attack detected.'); }

Parameters

string $tokenId The CSRF token id of the protected action

Return Value

string A CSRF token

Exceptions

BadMethodCallException When no CSRF provider was injected in the constructor.
doc_Symfony
2016-10-28 06:18:50
Comments
Leave a Comment

Please login to continue.