ZF-3869: Document how to test forms which use Zend_Form_Element_Hash

Issue Type: Docs: Improvement Created: 2008-08-06T05:19:51.000+0000 Last Updated: 2012-05-05T02:53:07.000+0000 Status: Resolved Fix version(s): - 1.11.12 (22/Jun/12)

  • 1.12.0 (27/Aug/12)

Reporter: Tobias Schifftner (milchbazi) Assignee: Adam Lundrigan (adamlundrigan) Tags: - Zend_Test_PHPUnit

  • state:patch-ready-for-review
  • zf-caretaker-adamlundrigan
  • zf-crteam-padraic
  • zf-crteam-priority
  • zf-crteam-review

Related issues: Attachments: - ZF-3869.patch


Zend_Forms containing a Zend_Form_Element_Hash are not supported by Zend_Test_PHPUnit. The form will not pass as long as you do not send the token as well generated by Zend_Form_Element_Hash. See discussion at […]

A solution might be to retrieve the name of the hash element as well as the hash from Zend_Session and add it by default as $_POST variables:



### Comments

Posted by Stanislav Malyshev (stas) on 2008-11-25T10:02:09.000+0000

Matthew, what do you think is the best way to handle it?



Posted by Daniel Getelman (dget) on 2010-05-17T09:04:12.000+0000

Sorry for poor formatting, first time commenting. I was able to solve this by creating a new Zend\_Form\_Element\_Hash object in the test.


$csrf = new Zend\_Form\_Element\_Hash("csrf"); $this->request->setMethod('POST')->setPost( array( ... 'csrf' => $csrf->getHash(), ));



Posted by Daniel Getelman (dget) on 2010-05-17T09:30:10.000+0000

As it turns out, the above didn't actually solve it. I just had another error that masked it.

For reference, the discussion link doesn't work, but […]( does.



Posted by julien PAULI (doctorrock83) on 2011-01-07T05:30:34.000+0000

    <pre class="highlight">
    $csrf = new Zend_Form_Element_Hash("csrf");
    $hash = $csrf->getHash();
    'csrf' => $hash,

That would work



Posted by Adam Lundrigan (adamlundrigan) on 2011-10-18T23:27:13.000+0000

This is more of a documentation/awareness issue than an issue with Zend\_Form\_Element\_Hash itself. I suggest updating the manual entry for that component to outline how forms which use it can be unit tested. Example:

    <pre class="highlight">
    Index: documentation/manual/en/module_specs/Zend_Form-StandardElements.xml
    --- documentation/manual/en/module_specs/Zend_Form-StandardElements.xml (revision 24514)
    +++ documentation/manual/en/module_specs/Zend_Form-StandardElements.xml (working copy)
    @@ -522,6 +522,37 @@
                 The 'formHidden' view helper is used to render the element in the
    +            Testing forms containing Zend_Form_Element_Hash
    +                When unit testing a form containing a Zend_Form_Element_Hash 
    +                it is necessary to call initCsrfToken and 
    +                initCsrfValidator before attempting to
    +                validate the form.  The hash value of the Zend_Form_Element_Hash 
    +                element must also be injected into the array of values passed as the
    +                argument to Zend_Form::isValid
    +                Simple example of testing a CSRF-protected form
    +public function testCsrfProtectedForm() 
    +    $form = new Zend_Form();
    +    $form->addElement(new Zend_Form_Element_Hash('csrf'));
    +    $csrf = $form->getElement('csrf');
    +    $csrf->initCsrfToken();
    +    $csrf->initCsrfValidator();
    +    $this->assertTrue($form->isValid(array(
    +        'csrf' => $csrf->getHash()
    +    )));




Posted by Adam Lundrigan (adamlundrigan) on 2012-03-10T01:18:39.000+0000

Attached patch



Posted by Adam Lundrigan (adamlundrigan) on 2012-05-05T02:53:07.000+0000

Fixed in trunk (1.12.0): r24757 Fixed in release-1.11 (1.11.12): r24758

Not applicable to ZF2



Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.