diff --git a/src/Controller/CRUDController.php b/src/Controller/CRUDController.php index 4ec994abb28..25df01dfb4d 100644 --- a/src/Controller/CRUDController.php +++ b/src/Controller/CRUDController.php @@ -420,20 +420,22 @@ public function batchAction() $confirmation = $request->get('confirmation', false); + $forwardedRequest = $request->duplicate(); + if ($data = json_decode((string) $request->get('data'), true)) { $action = $data['action']; $idx = $data['idx']; $allElements = (bool) $data['all_elements']; - $request->request->replace(array_merge($request->request->all(), $data)); + $forwardedRequest->request->replace(array_merge($forwardedRequest->request->all(), $data)); } else { - $action = $request->request->getAlnum('action'); + $action = $forwardedRequest->request->getAlnum('action'); $idx = $request->request->get('idx', []); - $allElements = $request->request->getBoolean('all_elements'); + $allElements = $forwardedRequest->request->getBoolean('all_elements'); - $request->request->set('idx', $idx); - $request->request->set('all_elements', $allElements); + $forwardedRequest->request->set('idx', $idx); + $forwardedRequest->request->set('all_elements', $allElements); - $data = $request->request->all(); + $data = $forwardedRequest->request->all(); unset($data['_sonata_csrf_token']); } @@ -456,7 +458,7 @@ public function batchAction() $isRelevantAction = sprintf('batchAction%sIsRelevant', $camelizedAction); if (method_exists($this, $isRelevantAction)) { - $nonRelevantMessage = $this->{$isRelevantAction}($idx, $allElements, $request); + $nonRelevantMessage = $this->{$isRelevantAction}($idx, $allElements, $forwardedRequest); } else { $nonRelevantMessage = 0 !== \count($idx) || $allElements; // at least one item is selected } @@ -531,7 +533,7 @@ public function batchAction() return $this->redirectToList(); } - return $this->{$finalAction}($query, $request); + return $this->{$finalAction}($query, $forwardedRequest); } /** diff --git a/tests/Controller/CRUDControllerTest.php b/tests/Controller/CRUDControllerTest.php index c1e33c30db8..26dc2cd7423 100644 --- a/tests/Controller/CRUDControllerTest.php +++ b/tests/Controller/CRUDControllerTest.php @@ -3471,8 +3471,11 @@ public function testBatchActionWithoutConfirmation(): void $this->request->request->set('data', json_encode(['action' => 'delete', 'idx' => ['123', '456'], 'all_elements' => false])); $this->request->request->set('_sonata_csrf_token', 'csrf-token-123_sonata.batch'); + $this->assertNull($this->request->get('idx')); + $result = $this->controller->batchAction(); + $this->assertNull($this->request->get('idx'), 'Ensure original request is not modified by calling `CRUDController::batchAction()`.'); $this->assertInstanceOf(RedirectResponse::class, $result); $this->assertSame(['flash_batch_delete_success'], $this->session->getFlashBag()->get('sonata_flash_success')); $this->assertSame('list', $result->getTargetUrl()); @@ -3619,8 +3622,11 @@ public function testBatchActionNonRelevantAction(): void $this->request->request->set('idx', ['789']); $this->request->request->set('_sonata_csrf_token', 'csrf-token-123_sonata.batch'); + $this->assertNull($this->request->get('all_elements')); + $result = $controller->batchAction(); + $this->assertNull($this->request->get('all_elements'), 'Ensure original request is not modified by calling `CRUDController::batchAction()`.'); $this->assertInstanceOf(RedirectResponse::class, $result); $this->assertSame(['flash_batch_empty'], $this->session->getFlashBag()->get('sonata_flash_info')); $this->assertSame('list', $result->getTargetUrl());