[Form] CsrfValidationListener marks the token as invalid if it is not a string
This commit is contained in:
parent
afb7bb5dde
commit
deb8e95091
@ -59,7 +59,7 @@ class CsrfValidationListener implements EventSubscriberInterface
|
||||
if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
|
||||
$data = $event->getData();
|
||||
|
||||
if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
|
||||
if (!isset($data[$this->fieldName]) || !\is_string($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
|
||||
$errorMessage = $this->errorMessage;
|
||||
|
||||
if (null !== $this->translator) {
|
||||
|
@ -64,6 +64,16 @@ class CsrfValidationListenerTest extends TestCase
|
||||
$this->assertSame($data, $event->getData());
|
||||
}
|
||||
|
||||
public function testArrayCsrfToken()
|
||||
{
|
||||
$event = new FormEvent($this->form, ['csrf' => []]);
|
||||
|
||||
$validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
|
||||
$validation->preSubmit($event);
|
||||
|
||||
$this->assertNotEmpty($this->form->getErrors());
|
||||
}
|
||||
|
||||
public function testMaxPostSizeExceeded()
|
||||
{
|
||||
$serverParams = $this
|
||||
|
Reference in New Issue
Block a user