Update Csrf.php

The CSRF is a bit naive, assuming that it is receiving a string, and not an array.  Most penetration tests start with malformed input, and arrays cause this validator to throw an Array to string conversion error.

Author: Saeven

src/Csrf.php

@@ -116,7 +116,11 @@ public function __construct($options = [])
      */
     public function isValid($value, $context = null)
     {
-        $this->setValue((string) $value);
+        if (! is_string($value) ){
+            return false;    
+        }
+        
+        $this->setValue($value);
 
         $tokenId = $this->getTokenIdFromHash($value);
         $hash = $this->getValidationToken($tokenId);