Closed
Description
Symfony version(s) affected: 4.1.2 (I suspect the last one too)
Description
CsrfToken can in some cases be instantiated with array as input parameter, which can lead to:
ErrorException: Uncaught Symfony\Component\Debug\Exception\FatalThrowableError: Argument 2 passed to Symfony\Component\Security\Csrf\CsrfToken::__construct() must be of the type string or null, array given, called in vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php on line 62 in vendor/symfony/symfony/src/Symfony/Component/Security/Csrf/CsrfToken.php:24
Stack trace:
#0 vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php(62): Symfony\Component\Security\Csrf\CsrfToken->__construct('library_search', Array)
#1 vendor/symfony/symfony/src/Symfony/Component/EventDispatcher/EventDispatcher.php(212): Symfony\Component\Form\Extension\Csrf\EventListener\CsrfValidationListener->preSubmit(Object(Symfony\Component\Form\FormEvent), 'form.pre_submit', Obj
#1 vendor/symfony/symfony/src/Symfony/Component/Security/Csrf/CsrfToken.php(24): handleFatalError
How to reproduce
URL like /search?search[author]=sasa&search[_token][$acunetix]=1&page=3 will give this error, and search[_token][$acunetix] part probably comes from acunetix software.
It can spam error log with 500.
Possible Solution
Check if parameter is a string before creating in https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Form/Extension/Csrf/EventListener/CsrfValidationListener.php#L69 or allow array as input argument in CsrfToken class.