Symfony FosUserBundle和HTMLPurifierBundle
在我的个人Symfony3.2项目中,我想在我的HtmlPurifier表单中使用UserProfile,以防止XSS攻击。
因此,正如在:https://github.com/Exercise/HTMLPurifierBundle中所描述的,我一致地修改了UserProfileFormType:
namespace AppUserBundle\Form\Type;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\DataTransformerInterface;
use Symfony\Component\Form\Extension\Core\Type\TextareaType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
class UserProfileFormType extends AbstractType
{
private $purifierTransformer;
public function __construct(DataTransformerInterface $purifierTransformer)
{
$this->purifierTransformer = $purifierTransformer;
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
parent::buildForm($builder, $options);
$builder->addViewTransformer($this->purifierTransformer);
$builder->add('name',TextType::class,array('label'=>'profile.first_name','required' => false));
$builder->add('surname',TextType::class,array('label'=>'profile.surnname','required' => false));
$builder->remove('username');
$builder->add('username',TextType::class,['required' => false]);
$builder->add('email',TextType::class,['required' => false]);
$builder->add('description',TextareaType::class,['required' => false]);
$builder->remove('current_password');
}
public function getParent()
{
return 'FOS\UserBundle\Form\Type\ProfileFormType';
}
public function getBlockPrefix()
{
return 'app_user_profile';
}
// For Symfony 2.x
public function getName()
{
return $this->getBlockPrefix();
}
}并在services.yml条目中使用这些条目:
services:
app_user.html_purifier:
class: Exercise\HTMLPurifierBundle\Form\HTMLPurifierTransformer
arguments: ["@exercise_html_purifier.default"]
app_user.user_profile_form:
class: AppUserBundle\Form\Type\UserProfileFormType
arguments: ["@app_user.html_purifier"]
tags:
- { name: form.type, alias: app_user_profile }此外,我还将这些条目放在config.yml中
fos_user:
db_driver: orm # other valid values are 'mongodb' and 'couchdb'
firewall_name: main
user_class: '%user_class%'
from_email:
address: "somemail@example.com"
sender_name: "App Mailer"
registration:
confirmation:
enabled: false
profile:
form:
type: AppUserBundle\Form\Type\UserProfileFormType
exercise_html_purifier:
default:
Cache.SerializerPath: '%kernel.cache_dir%/htmlpurifier'使用这些选项,我得到以下错误消息:
类型错误:传递给AppUserBundle\Form\Type\UserProfileFormType::__construct()的参数1必须是未给定的Symfony\Component\Form\DataTransformerInterface,的实例,在第85行的/home/pcmagas/Kwdikas/php/apps/symfonyAdminLTE/vendor/symfony/symfony/src/Symfony/Component/Form/FormRegistry.php中调用
我还试图在src/AppUserBundle/Resources/config.yml中更改以下值
fos_user:
#Some configuration
profile:
form:
type: AppUserBundle\Form\Type\UserProfileFormType有了这个:
fos_user #一些配置配置文件: form: type: app_user.user_profile_form
返回以下错误:
无法加载类型"app_user.user_profile_form“
你知道我会怎么解决这个问题吗?只要我理解问题所在,FosUserBundle就无法以某种方式加载适当的服务。您知道我如何告诉您如何将适当的服务加载到配置中吗?
编辑1:
在UserProfileFormType方法中,我替换了:
$builder->add('description',TextareaType::class,['required' => false]);通过以下方式:
$builder->add('description',PurifiedTextAreaType::class,['required' => false]);我得到了以下错误:
类型错误:传递给AppUserBundle\Form\Type\PurifiedTextAreaType::__construct()的参数1必须实现没有给定的接口Symfony\Component\Form\DataTransformerInterface,,在第389行的/home/pcmagas/Kwdikas/php/apps/symfonyAdminLTE/var/cache/dev/appDevDebugProjectContainer.php中调用
请记住,我创建了AppUserBundle/Form/Type/PurifiedTextAreaType.php
namespace AppUserBundle\Form\Type;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\DataTransformerInterface;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
class PurifiedTextAreaType extends AbstractType
{
private $purifierTransformer;
public function __construct(DataTransformerInterface $purifierTransformer)
{
$this->purifierTransformer = $purifierTransformer;
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->addViewTransformer($this->purifierTransformer);
}
public function getParent()
{
return 'textarea';
}
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(array(
'compound' => false,
));
}
public function getName()
{
return 'purified_textarea';
}
}我还忘了使用不同的包来进行任何类型的名为AppUserBudnle的用户管理和处理,所有的自定义表单都在这个包中。
回答 1
Stack Overflow用户
发布于 2017-05-17 16:34:11
正如Manuel DUVERNON最后说的,我创建了一个代表HtmlPurified TextArea的FormType:
namespace AppUserBundle\Form\Type;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\DataTransformerInterface;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolverInterface;
use Exercise\HTMLPurifierBundle\Form\HTMLPurifierTransformer;
use HTMLPurifier;
class PurifiedTextAreaType extends AbstractType
{
private $purifierTransformer;
/**
* I Do not Dependency Inject the HtmlPurifier because I want to Use it as
* FormType in FosUserBundle's extended forms in the wat that is described in:
* https://symfony.com/doc/master/bundles/FOSUserBundle/overriding_forms.html
*
* And the method described above does not favour Dependency Injection.
*/
public function __construct()
{
$this->purifierTransformer = new HTMLPurifierTransformer(new \HTMLPurifier());
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->addViewTransformer($this->purifierTransformer);
}
public function getParent()
{
return 'Symfony\Component\Form\Extension\Core\Type\TextareaType';
}
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(array(
'compound' => false,
));
}
public function getName()
{
return 'purified_textarea';
}
}请记住,不要通过依赖注入加载HTMLPurifierTransformer,因为FosUserBundle的FormBuilder不能通过依赖注入加载扩展表单。还请记住,要使用您正在扩展的FormType的命名空间(在我的例子中是Symfony\Component\Form\Extension\Core\Type\TextareaType),因为FormBuilder对特定的接口也有限制。
https://stackoverflow.com/questions/44011040
复制相似问题
腾讯云开发者
