symfony · wouterj · Nov 30, 2013
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -120,8 +120,12 @@ private function addFormSection(ArrayNodeDefinition $rootNode)
                     ->canBeEnabled()
                     ->children()
                         ->arrayNode('csrf_protection')
-                            ->canBeDisabled()
+                            ->treatFalseLike(array('enabled' => false))
+                            ->treatTrueLike(array('enabled' => true))
+                            ->treatNullLike(array('enabled' => true))
+                            ->addDefaultsIfNotSet()
                             ->children()
+                                ->booleanNode('enabled')->defaultNull()->end() // defaults to framework.csrf_protection.enabled
                                 ->scalarNode('field_name')->defaultNull()->end()
                             ->end()
                         ->end()

diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -158,6 +158,10 @@ public function load(array $configs, ContainerBuilder $container)
     private function registerFormConfiguration($config, ContainerBuilder $container, XmlFileLoader $loader)
     {
         $loader->load('form.xml');
+        if (null === $config['form']['csrf_protection']['enabled']) {
+            $config['form']['csrf_protection']['enabled'] = $config['csrf_protection']['enabled'];
+        }
+
         if ($this->isConfigEnabled($container, $config['form']['csrf_protection'])) {
             if (!$this->isConfigEnabled($container, $config['csrf_protection'])) {
                 throw new \LogicException('CSRF protection needs to be enabled in order to use CSRF protection for forms.');

diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
@@ -96,7 +96,7 @@ protected static function getBundleDefaultConfig()
             'form'                => array(
                 'enabled' => false,
                 'csrf_protection' => array(
-                    'enabled' => true,
+                    'enabled' => null, // defaults to csrf_protection.enabled
                     'field_name' => null,
                 ),
             ),

diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf.php
@@ -1,8 +1,14 @@
 <?php
 
 $container->loadFromExtension('framework', array(
+    'csrf_protection' => array(
+        'enabled' => false,
+    ),
     'form' => array(
         'enabled' => true,
+        'csrf_protection' => array(
+            'enabled' => true,
+        ),
     ),
     'session' => array(
         'handler_id' => null,

diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf.xml
@@ -7,7 +7,12 @@
                         http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
 
     <framework:config>
-        <framework:form />
+        <framework:csrf-protection enabled="false" />
+
+        <framework:form>
+            <framework:csrf-protection />
+        </framework:form>
+
         <framework:session />
     </framework:config>
 </container>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/csrf.yml
@@ -1,6 +1,8 @@
 framework:
+    csrf_protection: false
     secret: s3cr3t
-    form: ~
+    form:
+        csrf_protection: true
     session: ~
     # CSRF is disabled by default
     # csrf_protection: ~