Also check if CSRF token is a string (0 or 1)

MbinOrg · Sep 13, 2024 · 00e5731 · 00e5731
1 parent 3067ba9
commit 00e5731
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/Controller/AbstractController.php b/src/Controller/AbstractController.php
@@ -36,7 +36,8 @@ protected function getUserOrThrow(): User
     protected function validateCsrf(string $id, $token): void
     {
         if (!\is_string($token) || !$this->isCsrfTokenValid($id, $token)) {
-            throw new BadRequestHttpException("Invalid CSRF token, with ID: $id");
+            $isTokenAString = \is_string($token);
+            throw new BadRequestHttpException("Invalid CSRF token, with ID: $id. Is token a string?: $isTokenAString");
         }
     }