diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bug #26117 isCsrfTokenValid() replace string by ?string (GaylordP) 

This PR was submitted for the master branch but it was squashed and merged into the 4.0 branch instead (closes #26117).

Discussion
----------

isCsrfTokenValid() replace string  by ?string

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | no
| License       | MIT
| PHP version | 7.1.13

Hello,

In my controller :

```php
    class PostController extends Controller
    {
        public function delete(Request $request, Post $post): Response
        {
            if (!$this->isCsrfTokenValid('delete', $request->request->get('token'))) {
                return $this->render('administration/post/delete.html.twig', [
                    'post' => $post,
                ]);
            }
            ... // flush is database
        }
````

Generate this error :

> Type error: Argument 2 passed to Symfony\Bundle\FrameworkBundle\Controller\Controller::isCsrfTokenValid() must be of the type string, null given, called in ...

In `CsrfToken` class, you have :
````php
    namespace Symfony\Component\Security\Csrf;

    class CsrfToken
    {
        public function __construct(string $id, ?string $value)
````
And in ControllerTrait :
````php
    trait ControllerTrait
   {
        protected function isCsrfTokenValid(string $id, string $token): bool
        {
````
Sorry for my bad english, I'm French and this is my first bug report :)

Commits
-------

37fbbca isCsrfTokenValid() replace string  by ?string
This commit is contained in:
Nicolas Grekas 2018-02-11 11:55:53 +01:00
parent 99c5b77319 37fbbca086
commit 963b675564
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Symfony/Bundle/FrameworkBundle/Controller/ControllerTrait.php
View File

@ -370,12 +370,12 @@ trait ControllerTrait
/**
* Checks the validity of a CSRF token.
*
* @param string $id The id used when generating the token
* @param string $token The actual token sent with the request that should be validated
* @param string $id The id used when generating the token
* @param string|null $token The actual token sent with the request that should be validated
*
* @final since version 3.4
*/
protected function isCsrfTokenValid(string $id, string $token): bool
protected function isCsrfTokenValid(string $id, ?string $token): bool
{
if (!$this->container->has('security.csrf.token_manager')) {
throw new \LogicException('CSRF protection is not enabled in your application. Enable it with the "csrf_protection" key in "config/packages/framework.yaml".');