diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php index 345a7ea9a9e28..96d780014d1aa 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php +++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php @@ -67,8 +67,9 @@ public function preBind(FormEvent $event) if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.')); } - - unset($data[$this->fieldName]); + if (is_array($data)) { + unset($data[$this->fieldName]); + } } $event->setData($data); diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php index 47dd52927047e..021ca9b32758c 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php @@ -196,6 +196,26 @@ public function testFailIfRootAndCompoundAndTokenMissing() $this->assertFalse($form->isValid()); } + public function testFailIfRootAndCompoundAndBoundDataIsString() + { + $form = $this->factory + ->createBuilder('form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'intention' => '%INTENTION%', + 'compound' => true, + )) + ->add('child', 'text') + ->getForm(); + + $form->bind('malformed request'); + + $this->assertSame(array('child' => null), $form->getData()); + + // Validate accordingly + $this->assertFalse($form->isValid()); + } + public function testDontValidateTokenIfCompoundButNoRoot() { $this->csrfProvider->expects($this->never())