From deb8e950916654be53b347a3e1b3e18909ea7a44 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sa=C5=A1a=20Stamenkovi=C4=87?= <umpirsky@gmail.com>
Date: Mon, 14 Jan 2019 17:30:34 +0100
Subject: [PATCH] [Form] CsrfValidationListener marks the token as invalid if
 it is not a string

---
 .../Csrf/EventListener/CsrfValidationListener.php      |  2 +-
 .../Csrf/EventListener/CsrfValidationListenerTest.php  | 10 ++++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
index 452bca443f5e..8f90d21c297b 100644
--- a/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
+++ b/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php
@@ -59,7 +59,7 @@ public function preSubmit(FormEvent $event)
         if ($form->isRoot() && $form->getConfig()->getOption('compound') && !$postRequestSizeExceeded) {
             $data = $event->getData();
 
-            if (!isset($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
+            if (!isset($data[$this->fieldName]) || !\is_string($data[$this->fieldName]) || !$this->tokenManager->isTokenValid(new CsrfToken($this->tokenId, $data[$this->fieldName]))) {
                 $errorMessage = $this->errorMessage;
 
                 if (null !== $this->translator) {
diff --git a/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php b/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
index 43e9acad057c..1b409a3903af 100644
--- a/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
+++ b/src/Symfony/Component/Form/Tests/Extension/Csrf/EventListener/CsrfValidationListenerTest.php
@@ -64,6 +64,16 @@ public function testStringFormData()
         $this->assertSame($data, $event->getData());
     }
 
+    public function testArrayCsrfToken()
+    {
+        $event = new FormEvent($this->form, ['csrf' => []]);
+
+        $validation = new CsrfValidationListener('csrf', $this->tokenManager, 'unknown', 'Invalid.');
+        $validation->preSubmit($event);
+
+        $this->assertNotEmpty($this->form->getErrors());
+    }
+
     public function testMaxPostSizeExceeded()
     {
         $serverParams = $this