Form get{fieldName} methods - astonishing magic - Discussion

Created Feb '18	Last Reply None	Replies 0	Views 258	Votes 0

I extend Phalcon\Forms\Form in purpose to implement CSRF layer

In this form I have a methods:

private function addCsrfToken(){
$csrf = new Hidden('token');
$csrf->addValidator(new CsrfValidator(['form' => $this]));
$this->add($csrf);
}
public function getToken(){
$token = 'I am in -> (|)';
$this->session->set(get_class($this), $token);
return $token;
}

getToken is supposed to provide value to input

I extend one time more and create standard logIn form
In login template:

{{ form.render('token') }}

And it would be ok, but I see in SESSION 'I am in -> (|)' even if I don't touch loginForm or login action! Furthermore, adding sth to getToken method:

public function getToken(){
    $token = 'I am in -> (|)';
    echo 'test'; //don't stop it
    exit; //stop it
    $this->session->set(get_class($this), $token);
    return $token;
}

might spoil the effect, but no application.

It occurs only when form->render is called, so I guess during rendering phalcon tries to perform getToken method, but in a secret way.

$csrf = new Hidden('_token'); $this->csrfToken = md5(uniqid('', true)); if(!$this->request->isPost()) { $this->session->set(get_class($this), $this->csrfToken); $csrf->setAttribute('value', $this->csrfToken); } $csrf->addValidator(new CsrfValidator(['form' => $this])); $this->add($csrf);

public function afterValidation(){ if($this->request->isPost()) { $this->session->set(get_class($this), $this->csrfToken); } $this->get('_token')->clear(); $this->get('_token')->setAttribute('value', $this->csrfToken); }