Permalink
Browse files

bug #29884 [Form] CsrfValidationListener marks the token as invalid i…

…f it is not a string (umpirsky)

This PR was squashed before being merged into the 3.4 branch (closes #29884).

Discussion
----------

[Form] CsrfValidationListener marks the token as invalid if it is not a string

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29882
| License       | MIT

Commits
-------

deb8e95 [Form] CsrfValidationListener marks the token as invalid if it is not a string
  • Loading branch information...
nicolas-grekas committed Feb 7, 2019
2 parents 6fa8d07 + deb8e95 commit 5c7931c992d3daa71e4e7195bc4f4962c799f6de
@@ -59,7 +59,7 @@ public function preSubmit(FormEvent $event)
if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
$data = $event->getData();
if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
if (!isset($data[$this->fieldName]) || !\is_string($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
$errorMessage = $this->errorMessage;
if (null !== $this->translator) {
@@ -64,6 +64,16 @@ public function testStringFormData()
$this->assertSame($data, $event->getData());
}
public function testArrayCsrfToken()
{
$event = new FormEvent($this->form, ['csrf' => []]);
$validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
$validation->preSubmit($event);
$this->assertNotEmpty($this->form->getErrors());
}
public function testMaxPostSizeExceeded()
{
$serverParams = $this

0 comments on commit 5c7931c

Please sign in to comment.