bug symfony#26117 isCsrfTokenValid() replace string by ?string (GaylordP)

nicolas-grekas · nicolas-grekas · commit 963b675564f4 · 2018-02-11T11:55:53.000+01:00
This PR was submitted for the master branch but it was squashed and merged into the 4.0 branch instead (closes symfony#26117). Discussion ---------- isCsrfTokenValid() replace string by ?string | Q | A | ------------- | --- | Branch? | master | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | no | License | MIT | PHP version | 7.1.13 Hello, In my controller : ```php class PostController extends Controller { public function delete(Request $request, Post $post): Response { if (!$this->isCsrfTokenValid('delete', $request->request->get('token'))) { return $this->render('administration/post/delete.html.twig', [ 'post' => $post, ]); } ... // flush is database } ```` Generate this error : > Type error: Argument 2 passed to Symfony\Bundle\FrameworkBundle\Controller\Controller::isCsrfTokenValid() must be of the type string, null given, called in ... In `CsrfToken` class, you have : ````php namespace Symfony\Component\Security\Csrf; class CsrfToken { public function __construct(string $id, ?string $value) ```` And in ControllerTrait : ````php trait ControllerTrait { protected function isCsrfTokenValid(string $id, string $token): bool { ```` Sorry for my bad english, I'm French and this is my first bug report :) Commits ------- 37fbbca isCsrfTokenValid() replace string by ?string
diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/ControllerTrait.php b/src/Symfony/Bundle/FrameworkBundle/Controller/ControllerTrait.php
@@ -370,12 +370,12 @@ protected function getUser()
     /**
      * Checks the validity of a CSRF token.
      *
-     * @param string $id    The id used when generating the token
-     * @param string $token The actual token sent with the request that should be validated
+     * @param string      $id    The id used when generating the token
+     * @param string|null $token The actual token sent with the request that should be validated
      *
      * @final since version 3.4
      */
-    protected function isCsrfTokenValid(string $id, string $token): bool
+    protected function isCsrfTokenValid(string $id, ?string $token): bool
     {
         if (!$this->container->has('security.csrf.token_manager')) {
             throw new \LogicException('CSRF protection is not enabled in your application. Enable it with the "csrf_protection" key in "config/packages/framework.yaml".');

Original file line number	Diff line number	Diff line change
`@@ -370,12 +370,12 @@ protected function getUser()`
`370`	`370`	`/**`
`371`	`371`	`* Checks the validity of a CSRF token.`
`372`	`372`	`*`
`373`		`- * @param string $id The id used when generating the token`
`374`		`- * @param string $token The actual token sent with the request that should be validated`
	`373`	`+ * @param string $id The id used when generating the token`
	`374`	`+ * @param string\|null $token The actual token sent with the request that should be validated`
`375`	`375`	`*`
`376`	`376`	`* @final since version 3.4`
`377`	`377`	`*/`
`378`		`- protected function isCsrfTokenValid(string $id, string $token): bool`
	`378`	`+ protected function isCsrfTokenValid(string $id, ?string $token): bool`
`379`	`379`	`{`
`380`	`380`	`if (!$this->container->has('security.csrf.token_manager')) {`
`381`	`381`	`throw new \LogicException('CSRF protection is not enabled in your application. Enable it with the "csrf_protection" key in "config/packages/framework.yaml".');`