bug #29884 [Form] CsrfValidationListener marks the token as invalid if it is not a string (umpirsky)
This PR was squashed before being merged into the 3.4 branch (closes #29884).
Discussion
----------
[Form] CsrfValidationListener marks the token as invalid if it is not a string
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #29882
| License | MIT
Commits
-------
deb8e95091
[Form] CsrfValidationListener marks the token as invalid if it is not a string
This commit is contained in:
commit
5c7931c992
@ -59,7 +59,7 @@ class CsrfValidationListener implements EventSubscriberInterface
|
|||||||
if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
|
if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
|
||||||
$data = $event->getData();
|
$data = $event->getData();
|
||||||
|
|
||||||
if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
|
if (!isset($data[$this->fieldName]) || !\is_string($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
|
||||||
$errorMessage = $this->errorMessage;
|
$errorMessage = $this->errorMessage;
|
||||||
|
|
||||||
if (null !== $this->translator) {
|
if (null !== $this->translator) {
|
||||||
|
@ -64,6 +64,16 @@ class CsrfValidationListenerTest extends TestCase
|
|||||||
$this->assertSame($data, $event->getData());
|
$this->assertSame($data, $event->getData());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testArrayCsrfToken()
|
||||||
|
{
|
||||||
|
$event = new FormEvent($this->form, ['csrf' => []]);
|
||||||
|
|
||||||
|
$validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
|
||||||
|
$validation->preSubmit($event);
|
||||||
|
|
||||||
|
$this->assertNotEmpty($this->form->getErrors());
|
||||||
|
}
|
||||||
|
|
||||||
public function testMaxPostSizeExceeded()
|
public function testMaxPostSizeExceeded()
|
||||||
{
|
{
|
||||||
$serverParams = $this
|
$serverParams = $this
|
||||||
|
Reference in New Issue
Block a user