I made a little project in symfony 3, and ran the detectify.com over that.
As detectify says, i have "Blind SQL Injection in MySQL" risk
I have Postgres, but nevermind. My keys in the table escalated to 700 after scan. But no data here.
Sooo, i have a security risk.
the controller:
public function bidAction($category = null, Request $request)
{
$bid = new Bids();
$bid->setCategory($category);
$bid->setDate(new \DateTime('now'));
$form = $this->createFormBuilder($bid)
->add('notes', 'textarea', array('label' => 'Message'))
->add('email', 'email')
->add('save', 'submit', array('label' => 'Write your bid'))
->getForm();
$form->handleRequest($request);
if ($form->isValid() && $form->isSubmitted()) {
$em = $this->getDoctrine()->getManager();
$em->persist($bid);
$em->flush();
return $this->redirectToRoute('mikola_studio_main_bid_category', array('category'=>'success'));
}
return $this->render('MikolaStudioMainBundle:Default:bid.html.twig',
array(
'category' => $category,
'form' => $form->createView(),
'unique'=>false, // for template
'sidebar'=>true // for template
));
}
i was in faith, doctrine persist were protected against sql injection
im now disappointed
the entity:
/**
* #var string
*
* #ORM\Column(name="notes", type="text")
*/
private $notes;
/**
* #var string
*
* #Assert\Email(
* message = "The ({{ value }}) is not valid!",
* checkMX = true
* )
* #ORM\Column(name="email", type="string", length=255)
*/
private $email;
Twig:
{{ form_start(form) }}
{{ form_errors(form) }}
{{ form_row(form.notes) }}
{{ form_row(form.email) }}
<footer>{{ form_row(form.save, {'attr': {'class': 'button icon fa-shopping-cart'}}) }}</footer>
{{ form_end(form) }}
The detectify request body:
form%5Bnotes%5D=&form%5Bemail%5D=If(%40x%2c0%2c(SeleCT(%40x%3a%3dSleeP(0.1)--1)))%2f*%27Or(If(%40x%2c0%2c(SeleCT(%40x%3a%3dSleeP(0.1)--1))))Or%27%22or(If(%40x%2c0%2c(SeleCT(%40x%3a%3dSleeP(0.1)--1))))Or%22*%2f&form%5Bsave%5D=
readable:
form[notes]=&form[email]=If(#x,0,(SeleCT(#x:=SleeP(0.1)--1)))/*'Or(If(#x,0,(SeleCT(#x:=SleeP(0.1)--1))))Or'"or(If(#x,0,(SeleCT(#x:=SleeP(0.1)--1))))Or"*/&form[save]=
Related
I've inherited some code which uses Symfony (v3.3) to generate forms. Some elements are being created with no space between the element type and the auto-generated ID. This means the element doesn't display:
<selectid="someID">
...
</selectid="someID">
This is happening on select elements and textarea elements.
I'm not familiar with Symfony so don't know how to troubleshoot this... any help is much appreciated!
Edit: added code as requested. The problem is I don't know where the issue lies and there are a lot of classes.
Twig template
<form action="" method="post" name="callback" id="request-callback" class="contact-form">
<input type="hidden" name="form-type" value="callback">
{#<input type="hidden" name="mc4wp-subscribe" value="1">#}
<div{% if form.name.vars.errors | length > 0 %} class="form-error"{% endif %}>
{{ form_label(form.name) }} {{ form_errors(form.name) }}
{{ form_widget(form.name) }}
</div>
<div{% if form.phone_number.vars.errors | length > 0 %} class="form-error"{% endif %}>
{{ form_label(form.phone_number) }} {{ form_errors(form.phone_number) }}
{{ form_widget(form.phone_number) }}
</div>
<div{% if form.email.vars.errors | length > 0 %} class="form-error"{% endif %}>
{{ form_label(form.email) }} {{ form_errors(form.email) }}
{{ form_widget(form.email) }}
</div>
<div{% if form.treatment.vars.errors | length > 0 %} class="form-error"{% endif %}>
{{ form_label(form.treatment) }} {{ form_errors(form.treatment) }}
{{ form_widget(form.treatment) }}
</div>
<div class="text-center">
<button class="button bg-darkblue" type="submit" id="contact_send" name="contact[send]">Send My Request</button>
</div>
</form>
Form class
<?php
namespace REDACTED;
use DrewM\MailChimp\MailChimp;
use GuzzleHttp\Exception\ConnectException;
use Symfony\Component\Form\Forms;
use Symfony\Component\Form\Extension\HttpFoundation\HttpFoundationExtension;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Translation\Translator;
use Symfony\Bridge\Twig\Extension\FormExtension;
use Symfony\Bridge\Twig\Extension\TranslationExtension;
use Symfony\Bridge\Twig\Form\TwigRendererEngine;
use Symfony\Bridge\Twig\Form\TwigRenderer;
use Symfony\Component\Form\Extension\Validator\ValidatorExtension;
use Symfony\Component\Validator\Validation;
use GuzzleHttp\Client;
use Symfony\Component\Form\FormError;
use Symfony\Component\Form\FormFactoryInterface;
abstract class Form
{
/**
* Recaptcha endpoint
*/
const RECAPTCHA_VERIFY = 'https://www.google.com/recaptcha/api/siteverify';
/**
* Default from name
*/
const EMAIL_FROMNAME = '';
/**
* #var \Twig_Environment
*/
protected $twig;
/**
* #var \Symfony\Component\Form\FormInterface
*/
protected $form;
/**
* #var \Symfony\Component\HttpFoundation\Request
*/
private $request;
/**
* Capture failed
*
* #var bool
*/
protected $captchaFailed = false;
/**
* #var string
*/
protected $template;
/**
* #var string
*/
protected $messageTemplate;
/**
* #var string
*/
protected $subject;
/**
* #var string
*/
protected $emailTo;
/**
* #var string
*/
protected $emailFromName;
/**
* #var array
*/
protected $params = [];
protected $mailchimpList;
private $mailchimpApiKey = '6542760048f1c73d69df8f552d4a2b87-us18';
public $mailerError;
public $redirectTo;
/**
* SunstoneForm constructor
*
* #param Request $request
* #param $emailTo
* #param $emailFromName
* #param array $params
*/
private function __construct(
Request $request = null,
$emailTo = null,
$emailFromName = null,
array $params = []
) {
$this->request = $request;
$this->emailTo = $emailTo;
$this->emailFromName = $emailFromName;
$this->params = $params;
}
/**
* Make the contact form
*
* #param Request $request
* #param string $emailTo
* #param string $emailFromName
* #param array $params
* #return static
*/
public static function make(
Request $request = null,
$emailTo = null,
$emailFromName = self::EMAIL_FROMNAME,
array $params = []
) {
return (new static($request, $emailTo, $emailFromName, $params))
->twig()
->form();
}
/**
* Render the form
*
* #return string
*/
public function renderForm()
{
return $this->twig->render($this->template, [
'form' => $this->form->createView(),
'captchaFailed' => $this->captchaFailed,
]);
}
/**
* Handle a form submission and check form is valid
*
* #return bool
*/
public function handleRequest()
{
$this->form->handleRequest($this->request);
if ($this->form->isSubmitted() && $this->form->isValid()) {
// send the message
return $this->process();
}
return false;
}
/**
* Instantiate Twig
*
* #return $this
*/
protected function twig()
{
// instantiate twig
$translator = new Translator('en');
$loader = new \Twig_Loader_Filesystem([
TWIG_TEMPLATE_DIR,
ABSPATH.'vendor/symfony/twig-bridge/Resources/views/Form',
]);
$twig = new \Twig_Environment($loader, [
'debug' => WP_DEBUG,
]);
$twig->addExtension(new FormExtension());
$twig->addExtension(new TranslationExtension($translator));
if (WP_DEBUG) {
$twig->addExtension(new \Twig_Extension_Debug);
}
// get form engine
$formEngine = new TwigRendererEngine(['form_div_layout.html.twig'], $twig);
$twig->addRuntimeLoader(new \Twig_FactoryRuntimeLoader([
TwigRenderer::class => function() use ($formEngine) {
return new TwigRenderer($formEngine);
},
]));
$this->twig = $twig;
return $this;
}
public function getForm()
{
return $this->form;
}
public function getSubmissionComplete()
{
return sprintf('<div class="form-sent">%s</div>',
get_field('form_submitted_content', 'options')
);
}
/**
* Generate the form
*
* #return $this
*/
protected function form()
{
$this->form = $this->formFields(
Forms::createFormFactoryBuilder()
->addExtension(new HttpFoundationExtension)
->addExtension(new ValidatorExtension(Validation::createValidator()))
->getFormFactory()
)
->getForm();
return $this;
}
/**
* #param array $additionalData
* #return bool
*/
protected function process(array $additionalData = [])
{
$data = $this->form->getData();
$mailer = new \PHPMailer(true);
$mailer->addAddress($this->emailTo);
if (WP_DEBUG && defined('DEBUG_BCC')) {
$mailer->addBCC(DEBUG_BCC);
}
$mailer->From = $this->emailTo;
$mailer->FromName = 'drpuneetgupta.co.uk';
$mailer->Subject = $this->subject;
$mailer->Body = $this->twig->render($this->messageTemplate, [
'data' => $data + $additionalData,
]);
$mailer->isHTML(true);
if ($this->mailchimpList) {
try {
$mailchimp = new MailChimp($this->mailchimpApiKey);
$mailchimp->post("lists/{$this->mailchimpList}/members", [
'email_address' => $data['email'],
'status' => 'subscribed',
]);
} catch (\Exception $e) {}
}
try {
return $mailer->send();
} catch (\phpmailerException $e) {
$this->mailerError = $e->getMessage();
}
return false;
}
/**
* Define form fields
*
* #param FormFactoryInterface $formFactory
* #return mixed
*/
abstract protected function formFields(FormFactoryInterface $formFactory);
}
RequestCallback extends Form class
<?php
namespace REDACTED;
use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
use Symfony\Component\Form\Extension\Core\Type\HiddenType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\Form\Extension\Core\Type\EmailType;
use Symfony\Component\Validator\Constraints\NotBlank;
use Symfony\Component\Validator\Constraints\Email;
use DrewM\MailChimp\MailChimp;
class RequestCallback extends Form
{
protected $template = 'request-callback.twig';
protected $messageTemplate = 'email-callback.twig';
protected $mailchimpList = 'REDACTED';
protected $subject = 'Callback request';
/**
* #param FormFactoryInterface $formFactory
* #return FormBuilderInterface
*/
protected function formFields(FormFactoryInterface $formFactory)
{
return $formFactory->createNamedBuilder('request_callback', FormType::class, null, [
'allow_extra_fields' => true,
])
->add('mc4wp-subscribe', HiddenType::class, [
'data' => 1,
])
->add('name', TextType::class, [
'required' => true,
'label' => 'Your Name',
'attr' => [
'placeholder' => 'Your Name',
],
'label_attr' => [
'class' => 'sr-only',
],
'constraints' => [
new NotBlank(['message' => 'Please enter your name']),
],
])
->add('phone_number', TextType::class, [
'required' => true,
'label' => 'Phone Number',
'attr' => [
'placeholder' => 'Phone Number',
],
'label_attr' => [
'class' => 'sr-only',
],
'constraints' => [
new NotBlank(['message' => 'Please enter your phone number']),
],
])
->add('email', EmailType::class, [
'required' => true,
'label' => 'Your email address',
'attr' => [
'placeholder' => 'Email address',
],
'label_attr' => [
'class' => 'sr-only',
],
'constraints' => [
new NotBlank(['message' => 'Please enter your email address']),
new Email(['message' => 'Please enter a valid email address']),
],
])
->add('treatment', ChoiceType::class, [
'required' => true,
'label' => 'Which treatment would you like to discuss?',
'label_attr' => [
'class' => 'sr-only',
],
'constraints' => [
new NotBlank(['message' => 'Please select a treatment']),
],
'choices' => [
'Which treatment would you like to discuss?' => '',
'Liposuction' => 'Liposuction',
'Lipoedema' => 'Lipoedema',
'Breast reduction' => 'Breast reduction',
'Male chest reduction' => 'Male chest reduction',
],
]);
}
}
I thought I'll create an answer for this as finding the right answer in a comment is not straightforward.
As #DarkBee mentions in one of the question comments the fix on the question PHP 7.4 trimming whitespace between string variables solves this issue.
There is a fix in Twig that prevents the whitespace from being trimmed so updating to a recent Twig version fixes the issue:
composer require "twig/twig:^2.0"
I have been experiencing problems with embedding a controller that creates a form where you can upload files. When the controller is rendered in certain parts of the twig file, I get this error:
An exception has been thrown during the rendering of a template ("Expected argument of type "Symfony\Component\HttpFoundation\File\UploadedFile", "string" given").
This is strange since in other parts of the same twig file, the expected argument is given without problems. The problem seems to be another form in the same twig file that doesn't play nice with my embedded controller form.
The part that seems to cause the problem:
<div id="payment_checkout_form">
{% if cId and shippingRegionId %}
{% set savedPath =path('cart_set_shipping', {'store_id': webstore.id, 'shippingRegion': shippingRegionId,'cId':cId}) %}
{{ form_start(form, {'attr': {'id': 'form_checkout','data-url':savedPath}}) }}
{% else %}
{{ form_start(form, {'attr': {'id': 'form_checkout'}}) }}
{% endif %}
{{ render(url('passport')) }}
Relevent part of my PassportType:
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('file', 'file', array('label' => false) , [
'multiple' => true,
'label' => '',
'attr' => [
'accept' => 'image/*',
'multiple' => 'multiple'
]
]
)
->add('confirm', 'submit');
}
public function configureOptions(OptionsResolver $resolver){
$resolver->setDefaults(array(
'data_class' => 'AppBundle\Entity\Passport',
));
}
Relevent part of my Passport entity:
/**
* #Assert\File(maxSize="6000000")
*/
private $file;
/**
* Sets file.
*
* #param Symfony\Component\HttpFoundation\File\UploadedFile $file
*/
public function setFile(UploadedFile $file = null) {
$this->file = $file;
}
Relevent part of my Passport controller
/**
* #Route("/passport", name="passport")
*/
public function createPassportAction(Request $request)
{
$request = $this->get('request_stack')->getMasterRequest();
$passport = new Passport();
$passport->setName('default');
$form = $this->createForm(new PassportType(), $passport);
$form->handleRequest($request);
if ($form->isSubmitted() && $form->isValid()) {
$files = $request->files->get('passportPhoto');
if (!empty($files)) {
$this->uploadFile($files);
}
}
return $this->render('passport.html.twig', [
'form' => $form->createView(),
'isFormSubmitted' => $form->isSubmitted(),
'passportImages' => $this->getDoctrine()->getRepository('AppBundle\Entity\Passport')->findAll(),
]);
}
{{ render(url('passport')) }} is the embedded controller that renders the file upload form. If I put the{{ render(url('passport')) }} above the form_start of the other form everything works.
Answering my own question:
embedding a form inside another form like I'm trying to do in the question by using render is not possible. I fixed my problem by first removing the render call of my embedded passport form and making my passport type a sub type of the type that is used in the checkout form like this:
public function buildForm(FormBuilderInterface $builder, array $options){
$builder
...
->add('passport', new PassportType(), array(
'required' => true
))
...
}
I still wanted to have the controller of the passport part of my form to be in it's own file. To achieve this I called my passport controller inside of the checkout controller using the forward method like this:
$files = $request->files->get('order')['passport_id'];
$store_id = $request->attributes->get('store_id');
$this->forward('AppBundle\Controller\PassportController::uploadFile',
[ 'files' => $files, 'store_id' => $store_id ]);
I followed the symfony 4.2 documentation, but it seems the form is not submitted...
I spent my whole sunday, but it seems a secret how does it works, in the logs I do not see any errors.
So start it. the config contains these settings:
framework:
validation:
email_validation_mode: 'html5'
enable_annotations: true
Here the entity:
namespace App\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Validator\Constraints as Assert;
/**
* #ORM\Entity(repositoryClass="App\Repository\FeedbackRepository")
*/
class Feedback extends BaseEntity
{
/**
* #ORM\Id()
* #ORM\GeneratedValue()
* #ORM\Column(type="integer")
*/
private $id;
/**
* #ORM\Column(type="string", length=255)
* #Assert\Type("string")
* #Assert\NotBlank
*/
private $name;
/**
* #ORM\Column(type="string", length=255)
* #Assert\Type("string")
* #Assert\Email()
* #Assert\NotBlank
*/
private $email;
AS you can see I use the Assert annotations for the validations.
So here the formtype:
class FeedbackType extends AbstractType
{
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('name', TextType::class)
->add('email', EmailType::class)
;
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'data_class' => Feedback::class,
// enable/disable CSRF protection for this form
'csrf_protection' => true,
// the name of the hidden HTML field that stores the token
'csrf_field_name' => '_token',
]);
}
}
Maybe the problem with the token, but I do not know exactly.
Now let see the view:
<form action="{{ path('feedback') }}" type="POST">
<div class="input-field">
<i class="material-icons prefix">account_circle</i>
{{ form_label(feedback.name) }}
{{ form_widget(feedback.name) }}
</div>
<div class="input-field">
<i class="material-icons prefix">email</i>
{{ form_label(feedback.email) }}
{{ form_widget(feedback.email) }}
</div>
{{ form_widget(feedback._token) }}
Next, here the controller which get the request.
/**
* #Route("/feedback", name="feedback", methods="GET|POST")
*/
public function feedbackFormAction(Request $request, EntityManagerInterface $entityManager): JsonResponse
{
$feedbackForm = new Feedback();
$form = $this->createForm(FeedbackType::class, $feedbackForm);
$form->handleRequest($request);
dump($request);
dump($feedbackForm);
if ($form->isSubmitted() && $form->isValid()) {
$entityManager->persist($feedbackForm);
$entityManager->flush();
} else {
$errors = $this->getErrorsFromForm($form);
dump($form);die;
return new JsonResponse(['data' => ['result' => 'failed', 'errors' => $errors]]);
}
return new JsonResponse(['data' => ['result' => 'success']]);
}
The errors give me an empty array in Json format.
If I check the dump($feedbackForm) I see that the submitted property is false. and the modeldata, viewdata and normdata values are null... But how is this possible?
Dumping request:
query: ParameterBag {#16 ▼
#parameters: array:1 [▼
"feedback" => array:11 [▼
"name" => "a"
"email" => "a#a.a"
"_token" => "NJHBv7NpwYlugFcU-sE0qoBEQkS38yhxOjbklkHu8j0"
]
]
}
I think, this is correct.
You have not loaded the form data into the entity and trying to persist an empty new Feedback.
if ($form->isSubmitted() && $form->isValid()) {
// add line below
$feedbackForm = $form->getData();
$entityManager->persist($feedbackForm);
$entityManager->flush();
} else { ...
Read carefully https://symfony.com/doc/current/forms.html#handling-form-submissions
Did you create your FeedbackType, Controller action and the form view manually?
Remove all and use
php bin/console make:crud Feedback
This will generate operational files :-)
I think that using form_row is apropriate that using form_widget
Your Controller
/**
* #Route("/feedback", name="feedback", methods="GET|POST")
*/
public function feedbackFormAction(Request $request, EntityManagerInterface $entityManager): JsonResponse
{
$feedback = new Feedback();
$form = $this->createForm(FeedbackType::class, $feedback);
$form->handleRequest($request);
if ($form->isSubmitted()) {
if ($form->isValid()) {
$entityManager->persist($feedbackForm);
$entityManager->flush();
return new JsonResponse(['data' => ['result' => 'success']]);
}
else {
$errors = $this->getErrorsFromForm($form);
return new JsonResponse(['data' => ['result' => 'failed', 'errors' => $errors]]);
}
}
return $this->render('path_to_your_feed_back.html.twig', [
'feedback' => $feedback,
'form' => $form->createView(),
]);
}
Your form.html.twig
{{ form_start(form, {'method': 'POST', 'attr' : {'class' : 'formFeedback'}}) }}
<div class="input-field">
<i class="material-icons prefix">account_circle</i>
{{ form_row(form.name) }}
</div>
<div class="input-field">
<i class="material-icons prefix">email</i>
{{ form_row(form.email) }}
</div>
{{ form_end(form) }}
I would like to create a function to search for a movie through the query builder
I have a table Movie:
1. Id
2. Titre
3. Content
And i have class MovieRepository :
class MovieRepository extends EntityRepository
{
public function myFindAll()
{
return $this->createQueryBuilder('a')
->getQuery()
->getResult();
}
public function getSearchMovies($movie){
$qb = $this->createQueryBuilder('m')
->where('m.title LIKE :title')
->setParameter('title', '%' . $movie->getTitle() . '%')
->orderBy('m.title', 'DESC')
->getQuery();
}
}
Also i have MovieController :
public function indexAction()
{
$movie = new Movie;
$form = $this->createForm(new SearchMovieType(), $movie);
$request = $this->getRequest();
if ($request->getMethod() == 'POST') {
$form->bind($request);
$movies = $this->getDoctrine()
->getManager()
->getRepository('AreaDownloadBundle:Movie')
->getSearchUsers($movie);
return $this->render('AreaDownloadBundle:Download:index.html.twig', array('form' => $form->createView(),array('movies' => $movies)));
} else {
$movies = $this->getDoctrine()
->getManager()
->getRepository('AreaDownloadBundle:Movie')
->myFindAll();
return $this->render('AreaDownloadBundle:Download:index.html.twig',array('form' => $form->createView(), 'movies' => $movies));
}
}
SearchMovieType :
class SearchMovieType extends AbstractType
{
/**
* #param FormBuilderInterface $builder
* #param array $options
*/
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder
->add('title','text', array('required' => false, ))
;
}
And i have index.hml.twig, which can display movies with a search bar :
{% extends "::template.html.twig" %}
{% block body %}
<form action="{{ path('area_download_index') }}" method="post">
<div id="bar">
{{ form_widget(form.title) }}
<input type="submit" value="Chercher">
{{ form_rest(form) }}
</div>
</form>
{% for movie in movies %}
{{ movie.title }}
{{ movie.content }}
{% endfor %}
{% endblock %}
when I seized a title of a movie he sends me this error
Variable "movies" does not exist in AreaDownloadBundle:Download:index.html.twig at line 12
Instead of posting it as a comment, it should have been posted as an answer in the correct formatting; like so:
return $this->render(
'AreaDownloadBundle:Download:index.html.twig',
array(
'form' => $form->createView(),
'movies' => $movies
)
);
This definitely should fix the problem!
I am getting NotFoundHttpException error when I try to create new entity with form.
This is a code for creating form and entity - CategoryController:
/**
* Displays a form to create a new Category entity.
*
* #Route("/new", name="category_new")
* #Method({"GET"})
*/
public function newAction(Request $request)
{
$entity = new Category();
$form = $this->createCreateForm($entity);
return array(
'entity' => $entity,
'form' => $form->createView(),
);
}
/**
* Creates a new Category entity.
*
* #Route("/", name="category_create")
* #Method("POST")
* #Template("AdminBundle:CategoryPanel:new.html.twig")
*/
public function createAction(Request $request)
{
$entity = new Category();
$form = $this->createCreateForm($entity);
$form->handleRequest($request);
if ($form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->persist($entity);
$em->flush();
return $this->redirect($this->generateUrl('category_show', array('id' => $entity->getId())));
}
return array(
'entity' => $entity,
'form' => $form->createView(),
);
}
/**
* Creates a form to create a Category entity.
*
* #param Category $entity
*
* #return \Symfony\Component\Form\Form The form
*/
private function createCreateForm(Category $entity, ServiceCategory $parentCategory = null)
{
$form = $this->createForm(CategoryType::class, $entity, array(
'action' => $this->generateUrl('category_create'),
'method' => 'POST',
'parentCategory' => $parentCategory
));
$form->add('submit', SubmitType::class, array(
'label' => 'Create',
'attr' => array(
'class' => "btn btn-primary"
)
));
return $form;
}
CategoryType
public function buildForm(FormBuilderInterface $builder, array $options)
{
$builder->add('name', TextType::class, array('label' => 'Category name'));
$parentCategory = $options["parentCategory"];
if($parentCategory != null){
$builder->add('parent', 'entity', array(
'class' => "CoreBundle:ServiceCategory",
'choices' => array($parentCategory)
));
}else{
$builder->add('parent', 'entity', array(
'class' => "CoreBundle:ServiceCategory",
'query_builder' => function(ServiceCategoryRepository $cp){
$qb = $cp->createQueryBuilder('c');
return $qb;
},
));
}
}
Why this code is looking for entity when I am only attempting to create it?
UPDATE
new.html.twig
{% extends 'AdminBundle:AdminPanel:base.html.twig' %}
{% block body -%}
<h1>Category creation</h1>
{{ form_start(form) }}
{{ form_row(form.name) }}
{{ form_row(form.parent) }}
<ul class="record_actions">
<li style="display: inline-block">
{{ form_widget(form.submit) }}
</li>
<li style="display: inline-block">
<a href="{{ path('category_panel_index') }}">
<button type="button" class="btn btn-primary">
Back to the list
</button>
</a>
</li>
</ul>
{{ form_end(form) }}
{% endblock %}
This might be a conflict between multiple routes as it happened in my case.
You might have some other route may be in some other controller having similar path (with dynamic varaibles) making <>/new pointing somewhere else.
Please do a var_dump in your newAction Controller to check if the execution is coming right there.