Skip to content

Commit

Permalink
Merge pull request #145 from neos/bugfix/143-allow-arbitrary-objects-…
Browse files Browse the repository at this point in the history
…in-formstate

BUGFIX: Allow arbitrary objects in the FormState
  • Loading branch information
bwaidelich authored Aug 5, 2021
2 parents 24d7ef4 + c8dc79d commit 1e4d43e
Show file tree
Hide file tree
Showing 4 changed files with 59 additions and 1 deletion.
3 changes: 2 additions & 1 deletion Classes/Core/Runtime/FormRuntime.php
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,8 @@ protected function initializeFormStateFromRequest()
$this->formState = new FormState();
} else {
$serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac);
$this->formState = unserialize(base64_decode($serializedFormState), ['allowed_classes' => [FormState::class, \DateTime::class, \DateTimeImmutable::class]]);
/** @noinspection UnserializeExploitsInspection The unserialize call is safe because of the HMAC check above */
$this->formState = unserialize(base64_decode($serializedFormState));
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
<?php
namespace Neos\Form\Tests\Functional\Fixtures\FormFactories;

/*
* This file is part of the Neos.Form package.
*
* (c) Contributors of the Neos Project - www.neos.io
*
* This package is Open Source Software. For the full copyright and license
* information, please view the LICENSE file which was distributed with this
* source code.
*/

use Neos\Form\Core\Model\FormDefinition;
use Neos\Form\Factory\AbstractFormFactory;

class TwoPageFormWithUploadFactory extends AbstractFormFactory
{
public function build(array $configuration, $presetName)
{
$formDefinition = new FormDefinition('two-page-form-with-upload', $this->getPresetConfiguration($presetName));

$page1 = $formDefinition->createPage('page1');
$page2 = $formDefinition->createPage('page2');

$fileUpload = $page1->createElement('file', 'Neos.Form:FileUpload');
$fileUpload->setProperty('allowedExtensions', ['txt']);
$page1->createElement('date', 'Neos.Form:DatePicker');
$page2->createElement('text2-1', 'Neos.Form:SingleLineText');

return $formDefinition;
}
}
1 change: 1 addition & 0 deletions Tests/Functional/Fixtures/dummy.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This is just a dummy file
23 changes: 23 additions & 0 deletions Tests/Functional/SimpleFormTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@
*/
class SimpleFormTest extends AbstractFunctionalTestCase
{
protected static $testablePersistenceEnabled = true;

/**
* @test
*/
Expand Down Expand Up @@ -106,6 +108,27 @@ public function validationIsNotSkippedForGetRequests()
Assert::assertSame(' error', $this->browser->getCrawler()->filterXPath('//*[contains(@class,"error")]//input[@id="three-page-form-with-validation-text2-1"]')->attr('class'));
}

/**
* @test
* @see https://github.com/neos/form/issues/126
* @see https://github.com/neos/form/issues/135
* @see https://github.com/neos/form/issues/143
*/
public function formStateCanContainArbitraryObjects()
{
$this->browser->request('http://localhost/test/form/simpleform/TwoPageFormWithUpload');

$form = $this->browser->getForm();
$form->get('--two-page-form-with-upload[file]')->upload(__DIR__ . '/Fixtures/dummy.txt');
$form->get('--two-page-form-with-upload[date][date]')->setValue('1980-12-13');
$this->gotoNextFormPage($form);
$response = $this->gotoPreviousFormPage($this->browser->getForm());
$form = $this->browser->getForm();
// Note: we can't use $form['--two-page-form-with-upload']['file']['originallySubmittedResource']['__identity'] because that is overruled by the $form['--two-page-form-with-upload']['file'] element
Assert::assertStringContainsString('<input type="hidden" name="--two-page-form-with-upload[file][originallySubmittedResource][__identity]"', $response->getBody()->getContents());
Assert::assertSame('1980-12-13', $form->get('--two-page-form-with-upload[date][date]')->getValue());
}

/**
* This is an edge-case which occurs if somebody makes the formState persistent, which can happen when subclassing the FormRuntime.
*
Expand Down

0 comments on commit 1e4d43e

Please sign in to comment.