Fixes issue #29882

umpirsky · umpirsky · commit 4986c26afe9c · 2019-01-15T22:24:42.000+01:00
diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -59,7 +59,7 @@ public function preSubmit(FormEvent $event)
         if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
             $data = $event->getData();
 
-            if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
+            if (!isset($data[$this->fieldName]) || !is_string($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
                 $errorMessage = $this->errorMessage;
 
                 if (null !== $this->translator) {
diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
@@ -74,6 +74,20 @@ public function testStringFormData()
         $this->assertSame($data, $event->getData());
     }
 
+    /**
+     * @see https://github.com/symfony/symfony/issues/29882
+     */
+    public function testArrayCsrfToken()
+    {
+        $data = ['csrf' => []];
+        $event = new FormEvent($this->form, $data);
+
+        $validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
+        $validation->preSubmit($event);
+
+        $this->assertNotEmpty($this->form->getErrors());
+    }
+
     public function testMaxPostSizeExceeded()
     {
         $serverParams = $this
