Skip to content

Commit

Permalink
Avoid to mutate original request on CRUDController::batchAction()
Browse files Browse the repository at this point in the history
  • Loading branch information
@phansys
phansys committed Aug 25, 2020
1 parent 6a8ad35 commit 901f3ba
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 8 deletions.
18 changes: 10 additions & 8 deletions src/Controller/CRUDController.php
View file
Expand Up @@ -420,20 +420,22 @@ public function batchAction()

$confirmation = $request->get('confirmation', false);

$forwardedRequest = $request->duplicate();

if ($data = json_decode((string) $request->get('data'), true)) {
$action = $data['action'];
$idx = $data['idx'];
$allElements = (bool) $data['all_elements'];
$request->request->replace(array_merge($request->request->all(), $data));
$forwardedRequest->request->replace(array_merge($forwardedRequest->request->all(), $data));
} else {
$action = $request->request->getAlnum('action');
$action = $forwardedRequest->request->getAlnum('action');
$idx = $request->request->get('idx', []);
$allElements = $request->request->getBoolean('all_elements');
$allElements = $forwardedRequest->request->getBoolean('all_elements');

$request->request->set('idx', $idx);
$request->request->set('all_elements', $allElements);
$forwardedRequest->request->set('idx', $idx);
$forwardedRequest->request->set('all_elements', $allElements);

$data = $request->request->all();
$data = $forwardedRequest->request->all();

unset($data['_sonata_csrf_token']);
}
Expand All @@ -456,7 +458,7 @@ public function batchAction()
$isRelevantAction = sprintf('batchAction%sIsRelevant', $camelizedAction);

if (method_exists($this, $isRelevantAction)) {
$nonRelevantMessage = $this->{$isRelevantAction}($idx, $allElements, $request);
$nonRelevantMessage = $this->{$isRelevantAction}($idx, $allElements, $forwardedRequest);
} else {
$nonRelevantMessage = 0 !== \count($idx) || $allElements; // at least one item is selected
}
Expand Down Expand Up @@ -531,7 +533,7 @@ public function batchAction()
return $this->redirectToList();
}

return $this->{$finalAction}($query, $request);
return $this->{$finalAction}($query, $forwardedRequest);
}

/**
Expand Down
6 changes: 6 additions & 0 deletions tests/Controller/CRUDControllerTest.php
View file
Expand Up @@ -3471,8 +3471,11 @@ public function testBatchActionWithoutConfirmation(): void
$this->request->request->set('data', json_encode(['action' => 'delete', 'idx' => ['123', '456'], 'all_elements' => false]));
$this->request->request->set('_sonata_csrf_token', 'csrf-token-123_sonata.batch');

$this->assertNull($this->request->get('idx'));

$result = $this->controller->batchAction();

$this->assertNull($this->request->get('idx'), 'Ensure original request is not modified by calling `CRUDController::batchAction()`.');
$this->assertInstanceOf(RedirectResponse::class, $result);
$this->assertSame(['flash_batch_delete_success'], $this->session->getFlashBag()->get('sonata_flash_success'));
$this->assertSame('list', $result->getTargetUrl());
Expand Down Expand Up @@ -3619,8 +3622,11 @@ public function testBatchActionNonRelevantAction(): void
$this->request->request->set('idx', ['789']);
$this->request->request->set('_sonata_csrf_token', 'csrf-token-123_sonata.batch');

$this->assertNull($this->request->get('all_elements'));

$result = $controller->batchAction();

$this->assertNull($this->request->get('all_elements'), 'Ensure original request is not modified by calling `CRUDController::batchAction()`.');
$this->assertInstanceOf(RedirectResponse::class, $result);
$this->assertSame(['flash_batch_empty'], $this->session->getFlashBag()->get('sonata_flash_info'));
$this->assertSame('list', $result->getTargetUrl());
Expand Down

0 comments on commit 901f3ba

Please sign in to comment.