Avoid error if token is not string

natanfelles · natanfelles · commit adb32e8f8e9b · 2025-01-27T18:47:58.000-03:00
diff --git a/src/AntiCSRF.php b/src/AntiCSRF.php
@@ -162,7 +162,8 @@ public function generateToken() : string
      */
     public function getUserToken() : ?string
     {
-        return $this->request->getParsedBody($this->getTokenName());
+        $token = $this->request->getParsedBody($this->getTokenName());
+        return \is_string($token) ? $token : null;
     }
 
     /**
diff --git a/tests/AntiCSRFTest.php b/tests/AntiCSRFTest.php
@@ -152,6 +152,17 @@ public function testUserTokenEmpty() : void
         self::assertFalse($this->anti->verify());
     }
 
+    public function testUserTokenIsNotString() : void
+    {
+        $this->prepare();
+        $_POST = [
+            'csrf_token' => [
+                'foo' => 'bar',
+            ],
+        ];
+        self::assertFalse($this->anti->verify());
+    }
+
     public function testVerifySuccess() : void
     {
         $this->prepare();

Original file line number	Diff line number	Diff line change
`@@ -162,7 +162,8 @@ public function generateToken() : string`
`162`	`162`	`*/`
`163`	`163`	`public function getUserToken() : ?string`
`164`	`164`	`{`
`165`		`- return $this->request->getParsedBody($this->getTokenName());`
	`165`	`+ $token = $this->request->getParsedBody($this->getTokenName());`
	`166`	`+ return \is_string($token) ? $token : null;`
`166`	`167`	`}`
`167`	`168`
`168`	`169`	`/**`