Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove string type hint as there can be an array value #1525

Merged
merged 1 commit into from Mar 23, 2020

Conversation

@bytehead
Copy link
Member

bytehead commented Mar 11, 2020

Q A
Fixed issues n/a
Docs PR or issue n/a

Recently this error showed up (via sentry.io) multiple times in a Contao 4.9.1 setup:

TypeError
Argument 2 passed to Contao\CoreBundle\EventListener\CsrfTokenCookieSubscriber::isCsrfCookie() must be of the type string, array given, called in /vendor/contao/core-bundle/src/EventListener/CsrfTokenCookieSubscriber.php on line 168

I'm afraid I don't have a case to reproduce this behaviour on my local machine.

But the method itself checks if it is a string or not:

if (!\is_string($key)) {
return false;
}

Looks like we can remove the type hint of the second argument.

@bytehead bytehead added the defect label Mar 11, 2020
@bytehead bytehead added this to the 4.9 milestone Mar 11, 2020
@bytehead bytehead requested a review from contao/reviewers Mar 11, 2020
@bytehead bytehead self-assigned this Mar 11, 2020
Copy link
Contributor

aschempp left a comment

I'd love to know where the error comes from? Wouldn't it be better to keep the type hint and remove the is_string check?

@bytehead

This comment has been minimized.

Copy link
Member Author

bytehead commented Mar 11, 2020

I don't know. Is it possible, that the $value here

foreach ($request->cookies as $key => $value) {
if (!$this->isCsrfCookie($key, $value)) {
return true;
}
}
is an array?

@fritzmg

This comment has been minimized.

Copy link
Contributor

fritzmg commented Mar 11, 2020

I think Symfony automatically deserializes serialized cookie data.

Copy link
Member

leofeyer left a comment

$request->cookies basically maps $_COOKIES, therefore the value can be anything. It seems correct to me to remove the type hint in this case, which implicitly sets the type to mixed.

@leofeyer leofeyer merged commit f3c9557 into contao:4.9 Mar 23, 2020
9 checks passed
9 checks passed
Coverage
Details
Coding Style
Details
PHP 7.2
Details
PHP 7.3
Details
PHP 7.4
Details
Prefer Lowest
Details
Bundles
Details
Windows
Details
codecov/project 90.32% (+0%) compared to 3f24a79
Details
@leofeyer

This comment has been minimized.

Copy link
Member

leofeyer commented Mar 23, 2020

Thank you @bytehead.

@bytehead bytehead deleted the bytehead:fix/csrf-token-cookie-subscriber branch Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.