minor #5816 Merge branches (nicolas-grekas, snoek09, WouterJ, xabbuh)

This PR was merged into the 2.7 branch. Discussion ---------- Merge branches | Q | A | ------------- | --- | Doc fix? | yes | New docs? | no | Applies to | 2.7+ | Fixed tickets | Merges some commits that have been done in the `2.6` branch after we stopped support for that version. Commits ------- ab19cfb fix code block syntax 0ed7d99 Merge remote-tracking branch 'upstream/2.6' into merge-branches 149576e feature #5310 Fix missing note about debug.dump_destination (nicolas-grekas) f67c353 [#5572] Fix syntax 85dc294 feature #5572 4668 document isCsrfTokenValid (snoek09) 11383f8 4668 document isCsrfTokenValid dae2811 Fix missing note about debug.dump_destination
symfony · Nov 5, 2015 · 7c8d5d2 · 7c8d5d2
2 parents 5494f15 + ab19cfb
commit 7c8d5d2
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/book/controller.rst b/book/controller.rst
@@ -440,7 +440,7 @@ If you want to redirect the user to another page, use the ``redirectToRoute()``
     }
 
 .. versionadded:: 2.6
-    The ``redirectToRoute()`` method was added in Symfony 2.6. Previously (and still now), you
+    The ``redirectToRoute()`` method was introduced in Symfony 2.6. Previously (and still now), you
     could use ``redirect()`` and ``generateUrl()`` together for this (see the example above).
 
 Or, if you want to redirect externally, just use ``redirect()`` and pass it the URL::
@@ -811,6 +811,29 @@ Just like when creating a controller for a route, the order of the arguments of
 order of the arguments, Symfony will still pass the correct value to each
 variable.
 
+Validating a CSRF Token
+-----------------------
+
+Sometimes, you want to use CSRF protection in an action where you don't want to
+use the Symfony Form component. If, for example, you're doing a DELETE action,
+you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid`
+method to check the CSRF token::
+
+    if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
+        // ... do something, like deleting an object
+    }
+
+.. versionadded:: 2.6
+    The ``isCsrfTokenValid()`` shortcut method was introduced in Symfony 2.6.
+    It is equivalent to executing the following code:
+
+    .. code-block:: php
+
+        use Symfony\Component\Security\Csrf\CsrfToken;
+
+        $this->get('security.csrf.token_manager')
+            ->isTokenValid(new CsrfToken('token_id', 'TOKEN'));
+
 Final Thoughts
 --------------