From da6bfc57b32d8d4cfd12f7f26894acad69ce3c08 Mon Sep 17 00:00:00 2001
From: Leo Feyer <github@contao.org>
Date: Sat, 9 Jun 2018 18:52:07 +0200
Subject: [PATCH] Auto-clear the session form data (see #1389).

---
 src/EventListener/ClearFormDataListener.php | 42 +++++++++++++++++++++
 src/Resources/config/listener.yml           |  6 +++
 2 files changed, 48 insertions(+)
 create mode 100644 src/EventListener/ClearFormDataListener.php

diff --git a/src/EventListener/ClearFormDataListener.php b/src/EventListener/ClearFormDataListener.php
new file mode 100644
index 0000000000..430590777a
--- /dev/null
+++ b/src/EventListener/ClearFormDataListener.php
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * This file is part of Contao.
+ *
+ * (c) Leo Feyer
+ *
+ * @license LGPL-3.0-or-later
+ */
+
+namespace Contao\CoreBundle\EventListener;
+
+use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+
+class ClearFormDataListener
+{
+    /**
+     * Clear the Contao form data if not a POST request.
+     *
+     * @param FilterResponseEvent $event
+     */
+    public function onKernelResponse(FilterResponseEvent $event): void
+    {
+        if (!$event->isMasterRequest()) {
+            return;
+        }
+
+        $request = $event->getRequest();
+
+        if ($request->isMethod('POST')) {
+            return;
+        }
+
+        if (null === ($session = $request->getSession()) || !$session->isStarted()) {
+            return;
+        }
+
+        unset($_SESSION['FORM_DATA']);
+    }
+}
diff --git a/src/Resources/config/listener.yml b/src/Resources/config/listener.yml
index 747e6d4481..ea3a42c40d 100644
--- a/src/Resources/config/listener.yml
+++ b/src/Resources/config/listener.yml
@@ -41,6 +41,12 @@ services:
             # and lower than the header replay header (defaults to 7)
             - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest, priority: 6 }
 
+    contao.listener.clear_form_data:
+        class: Contao\CoreBundle\EventListener\ClearFormDataListener
+        tags:
+            # The priority must be lower than the one of the Symfony save session listener (defaults to -1000)
+            - { name: kernel.event_listener, event: kernel.response, method: onKernelResponse, priority: -768 }
+
     contao.listener.command_scheduler:
         class: Contao\CoreBundle\EventListener\CommandSchedulerListener
         arguments: