From 021091eef911aac24a0d4c1a6fd951fcd2d75dac Mon Sep 17 00:00:00 2001 From: Charles-Henri Bruyand Date: Wed, 20 Feb 2013 15:32:21 +0100 Subject: [PATCH 1/3] Fix PHP Fatal error when validating CSRF token on a form bound with a string --- .../EventListener/CsrfValidationListener.php | 6 ++++-- .../Csrf/Type/FormTypeCsrfExtensionTest.php | 20 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php index 345a7ea9a9e28..c011f7ac0e167 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php +++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php @@ -67,8 +67,10 @@ public function preBind(FormEvent $event) if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.')); } - - unset($data[$this->fieldName]); + if (is_array($data)) + { + unset($data[$this->fieldName]); + } } $event->setData($data); diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php index 47dd52927047e..021ca9b32758c 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php @@ -196,6 +196,26 @@ public function testFailIfRootAndCompoundAndTokenMissing() $this->assertFalse($form->isValid()); } + public function testFailIfRootAndCompoundAndBoundDataIsString() + { + $form = $this->factory + ->createBuilder('form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'intention' => '%INTENTION%', + 'compound' => true, + )) + ->add('child', 'text') + ->getForm(); + + $form->bind('malformed request'); + + $this->assertSame(array('child' => null), $form->getData()); + + // Validate accordingly + $this->assertFalse($form->isValid()); + } + public function testDontValidateTokenIfCompoundButNoRoot() { $this->csrfProvider->expects($this->never()) From c1f05c2ce1f2b99b25c3a834a66b9440f758aa4c Mon Sep 17 00:00:00 2001 From: Charles-Henri Bruyand Date: Wed, 20 Feb 2013 16:40:15 +0100 Subject: [PATCH 2/3] The curly brace should be on the previous line --- .../Extension/Csrf/EventListener/CsrfValidationListener.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php index c011f7ac0e167..96d780014d1aa 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php +++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php @@ -67,8 +67,7 @@ public function preBind(FormEvent $event) if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.')); } - if (is_array($data)) - { + if (is_array($data)) { unset($data[$this->fieldName]); } } From f1928da44624ee6a8e61a9fbf620a06f018dcd00 Mon Sep 17 00:00:00 2001 From: Charles-Henri Bruyand Date: Wed, 20 Feb 2013 15:32:21 +0100 Subject: [PATCH 3/3] Fix PHP Fatal error when validating CSRF token on a form bound with a string The curly brace should be on the previous line --- .../EventListener/CsrfValidationListener.php | 5 +++-- .../Csrf/Type/FormTypeCsrfExtensionTest.php | 20 +++++++++++++++++++ 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php index 345a7ea9a9e28..96d780014d1aa 100644 --- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php +++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php @@ -67,8 +67,9 @@ public function preBind(FormEvent $event) if (!isset($data[$this->fieldName]) || !$this->csrfProvider->isCsrfTokenValid($this->intention, $data[$this->fieldName])) { $form->addError(new FormError('The CSRF token is invalid. Please try to resubmit the form.')); } - - unset($data[$this->fieldName]); + if (is_array($data)) { + unset($data[$this->fieldName]); + } } $event->setData($data); diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php index 47dd52927047e..021ca9b32758c 100644 --- a/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php +++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/Type/FormTypeCsrfExtensionTest.php @@ -196,6 +196,26 @@ public function testFailIfRootAndCompoundAndTokenMissing() $this->assertFalse($form->isValid()); } + public function testFailIfRootAndCompoundAndBoundDataIsString() + { + $form = $this->factory + ->createBuilder('form', null, array( + 'csrf_field_name' => 'csrf', + 'csrf_provider' => $this->csrfProvider, + 'intention' => '%INTENTION%', + 'compound' => true, + )) + ->add('child', 'text') + ->getForm(); + + $form->bind('malformed request'); + + $this->assertSame(array('child' => null), $form->getData()); + + // Validate accordingly + $this->assertFalse($form->isValid()); + } + public function testDontValidateTokenIfCompoundButNoRoot() { $this->csrfProvider->expects($this->never())