symfony · chbruyand · Feb 20, 2013 · Feb 20, 2013 · Feb 20, 2013 · Feb 20, 2013
diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -67,8 +67,9 @@ public function preBind(FormEvent $event)
             if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) {
                 $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.'));
             }
-
-            unset($data[$this->fieldName]);
+            if (is_array($data)) {
+                unset($data[$this->fieldName]);
+            }
         }
 
         $event->setData($data);

diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php
@@ -196,6 +196,26 @@ public function testFailIfRootAndCompoundAndTokenMissing()
         $this->assertFalse($form->isValid());
     }
 
+    public function testFailIfRootAndCompoundAndBoundDataIsString()
+    {
+        $form = $this->factory
+            ->createBuilder('form', null, array(
+                'csrf_field_name' => 'csrf',
+                'csrf_provider' => $this->csrfProvider,
+                'intention' => '%INTENTION%',
+                'compound' => true,
+            ))
+            ->add('child', 'text')
+            ->getForm();
+
+        $form->bind('malformed request');
+
+        $this->assertSame(array('child' => null), $form->getData());
+
+        // Validate accordingly
+        $this->assertFalse($form->isValid());
+    }
+
     public function testDontValidateTokenIfCompoundButNoRoot()
     {
         $this->csrfProvider->expects($this->never())