diff --git a/src/Sylius/Bundle/CoreBundle/Controller/ProductTaxonController.php b/src/Sylius/Bundle/CoreBundle/Controller/ProductTaxonController.php index 77c96f0af1..07ef09b835 100644 --- a/src/Sylius/Bundle/CoreBundle/Controller/ProductTaxonController.php +++ b/src/Sylius/Bundle/CoreBundle/Controller/ProductTaxonController.php @@ -29,11 +29,13 @@ class ProductTaxonController extends ResourceController { public function updateProductTaxonsPositionsAction(Request $request): Response { + $data = json_decode($request->getContent(), true); + $configuration = $this->requestConfigurationFactory->create($this->metadata, $request); - $this->validateCsrfProtection($request, $configuration); + $this->validateCsrfProtection($data['_csrf_token'] ?? [], $configuration); $this->isGrantedOr403($configuration, ResourceActions::UPDATE); - $productTaxonsPositions = $request->request->all('productTaxons'); + $productTaxonsPositions = $data['productTaxons'] ?? []; $productTaxonsPositions = array_combine( array_column($productTaxonsPositions, 'id'), array_column($productTaxonsPositions, 'position'), @@ -98,9 +100,9 @@ class ProductTaxonController extends ResourceController return $this->repository->count(['taxon' => $productTaxon->getTaxon()]) - 1; } - private function validateCsrfProtection(Request $request, RequestConfiguration $configuration): void + private function validateCsrfProtection(string $csrfToken, RequestConfiguration $configuration): void { - if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', (string) $request->request->get('_csrf_token'))) { + if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-taxon-position', $csrfToken)) { throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.'); } } diff --git a/src/Sylius/Bundle/CoreBundle/Controller/ProductVariantController.php b/src/Sylius/Bundle/CoreBundle/Controller/ProductVariantController.php index 8b7d877fd7..a7cbf37044 100644 --- a/src/Sylius/Bundle/CoreBundle/Controller/ProductVariantController.php +++ b/src/Sylius/Bundle/CoreBundle/Controller/ProductVariantController.php @@ -28,11 +28,13 @@ class ProductVariantController extends ResourceController */ public function updatePositionsAction(Request $request): Response { + $data = json_decode($request->getContent(), true); + $configuration = $this->requestConfigurationFactory->create($this->metadata, $request); $this->isGrantedOr403($configuration, ResourceActions::UPDATE); - $productVariantsToUpdate = $request->request->all('productVariants'); + $productVariantsToUpdate = $data['productVariants'] ?? []; - if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', (string) $request->request->get('_csrf_token'))) { + if ($configuration->isCsrfProtectionEnabled() && !$this->isCsrfTokenValid('update-product-variant-position', $data['_csrf_token'] ?? '')) { throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.'); }