Avoid error if token is not string

natanfelles · natanfelles · commit 53837944cc3c · 2025-01-27T18:41:01.000-03:00
diff --git a/src/AntiCSRF.php b/src/AntiCSRF.php
@@ -100,7 +100,8 @@ public function setToken(?string $token = null) : static
      */
     public function getUserToken() : ?string
     {
-        return $this->request->getParsedBody($this->getTokenName());
+        $token = $this->request->getParsedBody($this->getTokenName());
+        return \is_string($token) ? $token : null;
     }
 
     /**
diff --git a/tests/AntiCSRFTest.php b/tests/AntiCSRFTest.php
@@ -76,6 +76,17 @@ public function testUserTokenEmpty() : void
         self::assertFalse($this->anti->verify());
     }
 
+    public function testUserTokenIsNotString() : void
+    {
+        $this->prepare();
+        $_POST = [
+            'csrf_token' => [
+                'foo' => 'bar',
+            ],
+        ];
+        self::assertFalse($this->anti->verify());
+    }
+
     public function testVerifySuccess() : void
     {
         $this->prepare();

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,8 @@ public function setToken(?string $token = null) : static`
`100`	`100`	`*/`
`101`	`101`	`public function getUserToken() : ?string`
`102`	`102`	`{`
`103`		`- return $this->request->getParsedBody($this->getTokenName());`
	`103`	`+ $token = $this->request->getParsedBody($this->getTokenName());`
	`104`	`+ return \is_string($token) ? $token : null;`
`104`	`105`	`}`
`105`	`106`
`106`	`107`	`/**`