@@ -126,11 +126,8 @@ public function showAction(Post $post)
126126 throw $ this createAccessDeniedException ('Posts can only be shown to their authors. ' );
127127 }
128128
129- $ deleteForm$ this createDeleteForm ($ post
130-
131129 return $ this render ('admin/blog/show.html.twig ' , [
132130 'post ' => $ post
133- 'delete_form ' => $ deleteFormcreateView (),
134131 ]);
135132 }
136133
@@ -148,12 +145,11 @@ public function editAction(Post $post, Request $request)
148145
149146 $ entityManager$ this getDoctrine ()->getManager ();
150147
151- $ editForm$ this createForm (PostType::class, $ post
152- $ deleteForm$ this createDeleteForm ($ post
148+ $ form$ this createForm (PostType::class, $ post
153149
154- $ editForm handleRequest ($ request
150+ $ form handleRequest ($ request
155151
156- if ($ editForm isSubmitted () && $ editForm isValid ()) {
152+ if ($ form isSubmitted () && $ form isValid ()) {
157153 $ postsetSlug ($ this get ('slugger ' )->slugify ($ postgetTitle ()));
158154 $ entityManagerflush ();
159155
@@ -164,16 +160,15 @@ public function editAction(Post $post, Request $request)
164160
165161 return $ this render ('admin/blog/edit.html.twig ' , [
166162 'post ' => $ post
167- 'edit_form ' => $ editFormcreateView (),
168- 'delete_form ' => $ deleteFormcreateView (),
163+ 'form ' => $ formcreateView (),
169164 ]);
170165 }
171166
172167 /**
173168 * Deletes a Post entity.
174169 *
175- * @Route("/{id}", name="admin_post_delete")
176- * @Method("DELETE ")
170+ * @Route("/{id}/delete ", name="admin_post_delete")
171+ * @Method("POST ")
177172 * @Security("post.isAuthor(user)")
178173 *
179174 * The Security annotation value is an expression (if it evaluates to false,
@@ -182,40 +177,17 @@ public function editAction(Post $post, Request $request)
182177 */
183178 public function deleteAction (Request $ requestPost $ post
184179 {
185- $ form$ this createDeleteForm ($ post
186- $ formhandleRequest ($ request
180+ if (!$ this isCsrfTokenValid ('delete ' , $ requestrequest ->get ('token ' ))) {
181+ return $ this redirectToRoute ('admin_post_index ' );
182+ }
187183
188- if ($ formisSubmitted () && $ formisValid ()) {
189- $ entityManager$ this getDoctrine ()->getManager ();
184+ $ entityManager$ this getDoctrine ()->getManager ();
190185
191- $ entityManagerremove ($ post
192- $ entityManagerflush ();
186+ $ entityManagerremove ($ post
187+ $ entityManagerflush ();
193188
194- $ this addFlash ('success ' , 'post.deleted_successfully ' );
195- }
189+ $ this addFlash ('success ' , 'post.deleted_successfully ' );
196190
197191 return $ this redirectToRoute ('admin_post_index ' );
198192 }
199-
200- /**
201- * Creates a form to delete a Post entity by id.
202- *
203- * This is necessary because browsers don't support HTTP methods different
204- * from GET and POST. Since the controller that removes the blog posts expects
205- * a DELETE method, the trick is to create a simple form that *fakes* the
206- * HTTP DELETE method.
207- * See http://symfony.com/doc/current/cookbook/routing/method_parameters.html.
208- *
209- * @param Post $post The post object
210- *
211- * @return \Symfony\Component\Form\Form The form
212- */
213- private function createDeleteForm (Post $ post
214- {
215- return $ this createFormBuilder ()
216- ->setAction ($ this generateUrl ('admin_post_delete ' , ['id ' => $ postgetId ()]))
217- ->setMethod ('DELETE ' )
218- ->getForm ()
219- ;
220- }
221193}
0 commit comments