Revert "bug #58937 [FrameworkBundle] Don't auto-register form/csrf when the corresponding components are not installed (nicolas-grekas)"

nicolas-grekas · nicolas-grekas · commit eca6e49826b2 · 2024-11-20T13:02:02.000+01:00
This reverts commit 552f7749d2b66485eb424af656827a0818c5bc4f, reversing
changes made to e2f2a967158182109faa233b37f26687f6092a96.
diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -237,12 +237,8 @@ private function addFormSection(ArrayNodeDefinition $rootNode, callable $enableI
             ->children()
                 ->arrayNode('form')
                     ->info('Form configuration')
-                    ->treatFalseLike(['enabled' => false])
-                    ->treatTrueLike(['enabled' => true])
-                    ->treatNullLike(['enabled' => true])
-                    ->addDefaultsIfNotSet()
+                    ->{$enableIfStandalone('symfony/form', Form::class)}()
                     ->children()
-                        ->scalarNode('enabled')->defaultNull()->end() // defaults to !class_exists(FullStack::class) && class_exists(Form::class)
                         ->arrayNode('csrf_protection')
                             ->treatFalseLike(['enabled' => false])
                             ->treatTrueLike(['enabled' => true])
diff --git a/DependencyInjection/FrameworkExtension.php b/DependencyInjection/FrameworkExtension.php
@@ -278,19 +278,6 @@ public function load(array $configs, ContainerBuilder $container): void
         $this->readConfigEnabled('profiler', $container, $config['profiler']);
         $this->readConfigEnabled('workflows', $container, $config['workflows']);
 
-        // csrf depends on session or stateless token ids being registered
-        if (null === $config['csrf_protection']['enabled']) {
-            $this->writeConfigEnabled('csrf_protection', ($config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session'])) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
-        }
-
-        if (null === $config['form']['enabled']) {
-            $this->writeConfigEnabled('form', !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/form', Form::class, ['symfony/framework-bundle']), $config['form']);
-        }
-
-        if (null === $config['form']['csrf_protection']['enabled']) {
-            $this->writeConfigEnabled('form.csrf_protection', $config['csrf_protection']['enabled'], $config['form']['csrf_protection']);
-        }
-
         // A translator must always be registered (as support is included by
         // default in the Form and Validator component). If disabled, an identity
         // translator will be used and everything will still work as expected.
@@ -479,6 +466,10 @@ public function load(array $configs, ContainerBuilder $container): void
             $container->removeDefinition('test.session.listener');
         }
 
+        // csrf depends on session or stateless token ids being registered
+        if (null === $config['csrf_protection']['enabled']) {
+            $this->writeConfigEnabled('csrf_protection', ($config['csrf_protection']['stateless_token_ids'] || $this->readConfigEnabled('session', $container, $config['session'])) && !class_exists(FullStack::class) && ContainerBuilder::willBeAvailable('symfony/security-csrf', CsrfTokenManagerInterface::class, ['symfony/framework-bundle']), $config['csrf_protection']);
+        }
         $this->registerSecurityCsrfConfiguration($config['csrf_protection'], $container, $loader);
 
         // form depends on csrf being registered
@@ -763,6 +754,10 @@ private function registerFormConfiguration(array $config, ContainerBuilder $cont
     {
         $loader->load('form.php');
 
+        if (null === $config['form']['csrf_protection']['enabled']) {
+            $this->writeConfigEnabled('form.csrf_protection', $config['csrf_protection']['enabled'], $config['form']['csrf_protection']);
+        }
+
         if ($this->readConfigEnabled('form.csrf_protection', $container, $config['form']['csrf_protection'])) {
             if (!$container->hasDefinition('security.csrf.token_generator')) {
                 throw new \LogicException('To use form CSRF protection, "framework.csrf_protection" must be enabled.');
diff --git a/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php b/Tests/DependencyInjection/Fixtures/php/form_csrf_disabled.php
@@ -4,7 +4,6 @@
     'annotations' => false,
     'csrf_protection' => false,
     'form' => [
-        'enabled' => true,
         'csrf_protection' => true,
     ],
     'http_method_override' => false,
diff --git a/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php b/Tests/DependencyInjection/Fixtures/php/form_no_csrf.php
@@ -6,7 +6,6 @@
     'handle_all_throwables' => true,
     'php_errors' => ['log' => true],
     'form' => [
-        'enabled' => true,
         'csrf_protection' => [
             'enabled' => false,
         ],
diff --git a/Tests/DependencyInjection/Fixtures/php/full.php b/Tests/DependencyInjection/Fixtures/php/full.php
@@ -6,7 +6,6 @@
     'enabled_locales' => ['fr', 'en'],
     'csrf_protection' => true,
     'form' => [
-        'enabled' => true,
         'csrf_protection' => [
             'field_name' => '_csrf',
         ],
diff --git a/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml b/Tests/DependencyInjection/Fixtures/xml/form_csrf_disabled.xml
@@ -12,7 +12,7 @@
         <framework:annotations enabled="false"/>
         <framework:php-errors log="true" />
         <framework:csrf-protection enabled="false"/>
-        <framework:form enabled="true">
+        <framework:form>
             <framework:csrf-protection enabled="true"/>
         </framework:form>
     </framework:config>
diff --git a/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml b/Tests/DependencyInjection/Fixtures/xml/form_no_csrf.xml
@@ -9,7 +9,7 @@
     <framework:config http-method-override="false" handle-all-throwables="true">
         <framework:annotations enabled="false" />
         <framework:php-errors log="true" />
-        <framework:form enabled="true">
+        <framework:form>
             <framework:csrf-protection enabled="false" />
         </framework:form>
     </framework:config>
diff --git a/Tests/DependencyInjection/Fixtures/xml/full.xml b/Tests/DependencyInjection/Fixtures/xml/full.xml
@@ -10,7 +10,7 @@
         <framework:enabled-locale>fr</framework:enabled-locale>
         <framework:enabled-locale>en</framework:enabled-locale>
         <framework:csrf-protection />
-        <framework:form enabled="true">
+        <framework:form>
             <framework:csrf-protection field-name="_csrf"/>
         </framework:form>
         <framework:esi enabled="true" />
diff --git a/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml b/Tests/DependencyInjection/Fixtures/yml/form_csrf_disabled.yml
@@ -2,7 +2,6 @@ framework:
     annotations: false
     csrf_protection: false
     form:
-        enabled: true
         csrf_protection: true
     http_method_override: false
     handle_all_throwables: true
diff --git a/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml b/Tests/DependencyInjection/Fixtures/yml/form_no_csrf.yml
@@ -5,6 +5,5 @@ framework:
     php_errors:
         log: true
     form:
-        enabled: true
         csrf_protection:
             enabled: false
diff --git a/Tests/DependencyInjection/Fixtures/yml/full.yml b/Tests/DependencyInjection/Fixtures/yml/full.yml
@@ -4,7 +4,6 @@ framework:
     enabled_locales: ['fr', 'en']
     csrf_protection: true
     form:
-        enabled: true
         csrf_protection:
             field_name: _csrf
     http_method_override: false
