Fix hardcoded to adjust new version ResourceBundle

This commit is contained in:
Michał Kaczmarek 2026-05-18 18:07:54 +02:00
parent 6a14e3de7f
commit 991ce2e158
18 changed files with 23 additions and 17 deletions

View file

@ -29,6 +29,7 @@ final class RemoveAvatarAction
private AvatarImageRepositoryInterface $avatarRepository, private AvatarImageRepositoryInterface $avatarRepository,
private RouterInterface $router, private RouterInterface $router,
private ?CsrfTokenManagerInterface $csrfTokenManager, private ?CsrfTokenManagerInterface $csrfTokenManager,
private readonly string $csrfParameter = '_csrf_token',
) { ) {
} }
@ -37,7 +38,7 @@ final class RemoveAvatarAction
$userId = $request->attributes->get('id', ''); $userId = $request->attributes->get('id', '');
if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid( if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid(
new CsrfToken($userId, (string) $request->query->get('_csrf_token', '')), new CsrfToken($userId, (string) $request->query->get($this->csrfParameter, '')),
)) { )) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.'); throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
} }

View file

@ -35,6 +35,7 @@ final readonly class ResendOrderConfirmationEmailAction
private ?CsrfTokenManagerInterface $csrfTokenManager, private ?CsrfTokenManagerInterface $csrfTokenManager,
private RequestStack $requestStack, private RequestStack $requestStack,
private RouterInterface $router, private RouterInterface $router,
private string $csrfParameter = '_csrf_token',
) { ) {
} }
@ -43,7 +44,7 @@ final readonly class ResendOrderConfirmationEmailAction
$orderId = $request->attributes->get('id', ''); $orderId = $request->attributes->get('id', '');
if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid( if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid(
new CsrfToken($orderId, (string) $request->query->get('_csrf_token', '')), new CsrfToken($orderId, (string) $request->query->get($this->csrfParameter, '')),
)) { )) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.'); throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
} }

View file

@ -33,6 +33,7 @@ final readonly class ResendShipmentConfirmationEmailAction
private ResendShipmentConfirmationEmailDispatcherInterface $resendShipmentConfirmationDispatcher, private ResendShipmentConfirmationEmailDispatcherInterface $resendShipmentConfirmationDispatcher,
private ?CsrfTokenManagerInterface $csrfTokenManager, private ?CsrfTokenManagerInterface $csrfTokenManager,
private RequestStack $requestStack, private RequestStack $requestStack,
private string $csrfParameter = '_csrf_token',
) { ) {
} }
@ -41,7 +42,7 @@ final readonly class ResendShipmentConfirmationEmailAction
$shipmentId = $request->attributes->get('id', ''); $shipmentId = $request->attributes->get('id', '');
if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid( if ($this->csrfTokenManager && !$this->csrfTokenManager->isTokenValid(
new CsrfToken($shipmentId, (string) $request->query->get('_csrf_token', '')), new CsrfToken($shipmentId, (string) $request->query->get($this->csrfParameter, '')),
)) { )) {
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.'); throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid csrf token.');
} }

View file

@ -62,6 +62,7 @@ return static function (ContainerConfigurator $container) {
service('sylius.repository.avatar_image'), service('sylius.repository.avatar_image'),
service('router'), service('router'),
service('security.csrf.token_manager')->nullOnInvalid(), service('security.csrf.token_manager')->nullOnInvalid(),
param('sylius.resource.csrf_parameter'),
]) ])
; ;
@ -73,6 +74,7 @@ return static function (ContainerConfigurator $container) {
service('security.csrf.token_manager')->nullOnInvalid(), service('security.csrf.token_manager')->nullOnInvalid(),
service('request_stack'), service('request_stack'),
service('router'), service('router'),
param('sylius.resource.csrf_parameter'),
]) ])
; ;
@ -83,6 +85,7 @@ return static function (ContainerConfigurator $container) {
service('sylius.command_dispatcher.resend_shipment_confirmation_email'), service('sylius.command_dispatcher.resend_shipment_confirmation_email'),
service('security.csrf.token_manager')->nullOnInvalid(), service('security.csrf.token_manager')->nullOnInvalid(),
service('request_stack'), service('request_stack'),
param('sylius.resource.csrf_parameter'),
]) ])
; ;

View file

@ -18,7 +18,7 @@
{{ form_widget(hookable_metadata.context.form.avatar) }} {{ form_widget(hookable_metadata.context.form.avatar) }}
{% if admin_user.id is not null and admin_user.avatar is not null and admin_user.avatar.path is not empty %} {% if admin_user.id is not null and admin_user.avatar is not null and admin_user.avatar.path is not empty %}
<button <button
formaction="{{ path('sylius_admin_admin_user_remove_avatar', {'id': admin_user.id, '_csrf_token': sylius_csrf_protection_enabled() ? csrf_token(admin_user.id) : null}) }}" formaction="{{ path('sylius_admin_admin_user_remove_avatar', {'id': admin_user.id, (sylius_resource_csrf_parameter()): sylius_csrf_protection_enabled() ? csrf_token(admin_user.id) : null}) }}"
type="submit" type="submit"
class="btn btn-danger" class="btn btn-danger"
{{ sylius_test_html_attribute('delete-avatar-button') }} {{ sylius_test_html_attribute('delete-avatar-button') }}

View file

@ -5,7 +5,7 @@
<form action="{{ path('sylius_admin_shop_user_delete', {'id': user.id, 'customerId': customer.id}) }}" method="POST"> <form action="{{ path('sylius_admin_shop_user_delete', {'id': user.id, 'customerId': customer.id}) }}" method="POST">
<input type="hidden" name="_method" value="DELETE" /> <input type="hidden" name="_method" value="DELETE" />
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(user.id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(user.id) }}" />
{% endif %} {% endif %}
<button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('customer-actions-delete') }}> <button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('customer-actions-delete') }}>
{{ ux_icon('tabler:trash-x', {'class': 'icon dropdown-item-icon'}) }} {{ ux_icon('tabler:trash-x', {'class': 'icon dropdown-item-icon'}) }}

View file

@ -6,7 +6,7 @@
<form action="{{ path('sylius_admin_order_cancel', {'id': order.id}) }}" method="POST" novalidate> <form action="{{ path('sylius_admin_order_cancel', {'id': order.id}) }}" method="POST" novalidate>
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(order.id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(order.id) }}" />
{% endif %} {% endif %}
<button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('cancel-order') }}> <button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('cancel-order') }}>
{{ ux_icon('tabler:circle-check', {'class': 'icon dropdown-item-icon'}) }} {{ ux_icon('tabler:circle-check', {'class': 'icon dropdown-item-icon'}) }}

View file

@ -4,7 +4,7 @@
<form action="{{ path('sylius_admin_order_cancel', {'id': order.id}) }}" method="POST" novalidate> <form action="{{ path('sylius_admin_order_cancel', {'id': order.id}) }}" method="POST" novalidate>
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(order.id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(order.id) }}" />
{% endif %} {% endif %}
<button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('cancel-order') }}> <button type="submit" class="dropdown-item" {{ sylius_test_html_attribute('cancel-order') }}>
{{ ux_icon('tabler:circle-check', {'class': 'icon dropdown-item-icon'}) }} {{ ux_icon('tabler:circle-check', {'class': 'icon dropdown-item-icon'}) }}

View file

@ -1,7 +1,7 @@
{% set order = hookable_metadata.context.resource %} {% set order = hookable_metadata.context.resource %}
{% if order.state in sylius_order_states_that_allows_to_resend_order_confirmation_email %} {% if order.state in sylius_order_states_that_allows_to_resend_order_confirmation_email %}
{% set path = path('sylius_admin_order_resend_confirmation_email', {'id': order.id, '_csrf_token': sylius_csrf_protection_enabled() ? csrf_token(order.id) : null}) %} {% set path = path('sylius_admin_order_resend_confirmation_email', {'id': order.id, (sylius_resource_csrf_parameter()): sylius_csrf_protection_enabled() ? csrf_token(order.id) : null}) %}
<a class="dropdown-item" href="{{ path }}" {{ sylius_test_html_attribute('resend-order-confirmation-email') }}> <a class="dropdown-item" href="{{ path }}" {{ sylius_test_html_attribute('resend-order-confirmation-email') }}>
{{ ux_icon('tabler:send', {'class': 'icon dropdown-item-icon flex-shrink-0'}) }} {{ ux_icon('tabler:send', {'class': 'icon dropdown-item-icon flex-shrink-0'}) }}
<div class="pe-6">{{ 'sylius.ui.resend_the_order_confirmation_email'|trans }}</div> <div class="pe-6">{{ 'sylius.ui.resend_the_order_confirmation_email'|trans }}</div>

View file

@ -3,7 +3,7 @@
{% set order = hookable_metadata.context.resource %} {% set order = hookable_metadata.context.resource %}
{% if order.state in sylius_order_states_that_allows_to_resend_order_confirmation_email %} {% if order.state in sylius_order_states_that_allows_to_resend_order_confirmation_email %}
{% set path = path('sylius_admin_order_resend_confirmation_email', {'id': order.id, '_csrf_token': sylius_csrf_protection_enabled() ? csrf_token(order.id) : null}) %} {% set path = path('sylius_admin_order_resend_confirmation_email', {'id': order.id, (sylius_resource_csrf_parameter()): sylius_csrf_protection_enabled() ? csrf_token(order.id) : null}) %}
<a class="dropdown-item" href="{{ path }}" {{ sylius_test_html_attribute('resend-order-confirmation-email') }}> <a class="dropdown-item" href="{{ path }}" {{ sylius_test_html_attribute('resend-order-confirmation-email') }}>
{{ ux_icon('tabler:send', {'class': 'icon dropdown-item-icon flex-shrink-0'}) }} {{ ux_icon('tabler:send', {'class': 'icon dropdown-item-icon flex-shrink-0'}) }}
<div class="pe-6">{{ 'sylius.ui.resend_the_order_confirmation_email'|trans }}</div> <div class="pe-6">{{ 'sylius.ui.resend_the_order_confirmation_email'|trans }}</div>

View file

@ -5,7 +5,7 @@
<form action="{{ path('sylius_admin_order_payment_complete', {'orderId': order.id, 'id': payment.id}) }}" method="POST" novalidate> <form action="{{ path('sylius_admin_order_payment_complete', {'orderId': order.id, 'id': payment.id}) }}" method="POST" novalidate>
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(payment.id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(payment.id) }}" />
{% endif %} {% endif %}
<button type="submit" class="btn" {{ sylius_test_html_attribute('complete-payment', payment.id) }}> <button type="submit" class="btn" {{ sylius_test_html_attribute('complete-payment', payment.id) }}>
{{ ux_icon('tabler:check') }} {{ 'sylius.ui.complete'|trans }} {{ ux_icon('tabler:check') }} {{ 'sylius.ui.complete'|trans }}

View file

@ -5,7 +5,7 @@
<form action="{{ path('sylius_admin_order_payment_refund', {'orderId': order.id, 'id': payment.id}) }}" method="POST" novalidate> <form action="{{ path('sylius_admin_order_payment_refund', {'orderId': order.id, 'id': payment.id}) }}" method="POST" novalidate>
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(payment.id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(payment.id) }}" />
{% endif %} {% endif %}
<button type="submit" class="btn" {{ sylius_test_html_attribute('refund-payment', payment.id) }}> <button type="submit" class="btn" {{ sylius_test_html_attribute('refund-payment', payment.id) }}>
{{ ux_icon('tabler:arrow-back-up-double') }} {{ 'sylius.ui.refund'|trans }} {{ ux_icon('tabler:arrow-back-up-double') }} {{ 'sylius.ui.refund'|trans }}

View file

@ -1,7 +1,7 @@
{% set shipment = hookable_metadata.context.shipment %} {% set shipment = hookable_metadata.context.shipment %}
{% if shipment.state == 'shipped' %} {% if shipment.state == 'shipped' %}
{% set resend_path = path('sylius_admin_shipment_resend_confirmation_email', {'id': shipment.id, '_csrf_token': sylius_csrf_protection_enabled () ? csrf_token(shipment.id) : null}) %} {% set resend_path = path('sylius_admin_shipment_resend_confirmation_email', {'id': shipment.id, (sylius_resource_csrf_parameter()): sylius_csrf_protection_enabled() ? csrf_token(shipment.id) : null}) %}
<a href="{{ resend_path }}" class="btn btn-icon" data-bs-toggle="tooltip" data-bs-title="{{ 'sylius.ui.resend_the_shipment_confirmation_email'|trans }}" {{ sylius_test_html_attribute('resend-shipment-confirmation-email') }}> <a href="{{ resend_path }}" class="btn btn-icon" data-bs-toggle="tooltip" data-bs-title="{{ 'sylius.ui.resend_the_shipment_confirmation_email'|trans }}" {{ sylius_test_html_attribute('resend-shipment-confirmation-email') }}>
{{ ux_icon('tabler:send') }} {{ ux_icon('tabler:send') }}
</a> </a>

View file

@ -14,7 +14,7 @@
<form action="{{ path }}" method="post" {{ form_attr }}> <form action="{{ path }}" method="post" {{ form_attr }}>
<input type="hidden" name="_method" value="DELETE"> <input type="hidden" name="_method" value="DELETE">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(id) }}" />
{% endif %} {% endif %}
{{ button.default({ text: 'sylius.ui.cancel'|trans, attr: 'data-bs-dismiss=modal' }) }} {{ button.default({ text: 'sylius.ui.cancel'|trans, attr: 'data-bs-dismiss=modal' }) }}

View file

@ -4,7 +4,7 @@
{% if sylius_sm_can(data, options.graph, options.transition) %} {% if sylius_sm_can(data, options.graph, options.transition) %}
<form action="{{ path(options.link.route, options.link.parameters) }}" method="post" {{ sylius_test_html_attribute('action', action.name) }}> <form action="{{ path(options.link.route, options.link.parameters) }}" method="post" {{ sylius_test_html_attribute('action', action.name) }}>
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(data.id) }}"> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(data.id) }}">
{% endif %} {% endif %}
<input type="hidden" name="_method" value="PUT"> <input type="hidden" name="_method" value="PUT">
<button class="btn {{ options.class|default }}" {% if labeled and 'btn-icon' in options.class|default %}data-bs-toggle="tooltip" data-bs-title="{{ action.label|trans }}"{% endif %}> <button class="btn {{ options.class|default }}" {% if labeled and 'btn-icon' in options.class|default %}data-bs-toggle="tooltip" data-bs-title="{{ action.label|trans }}"{% endif %}>

View file

@ -25,7 +25,7 @@
<div class="modal-footer"> <div class="modal-footer">
<form action="{{ path('sylius_admin_taxon_delete', {id: id}) }}" method="post"> <form action="{{ path('sylius_admin_taxon_delete', {id: id}) }}" method="post">
<input type="hidden" name="_method" value="DELETE"> <input type="hidden" name="_method" value="DELETE">
<input type="hidden" name="_csrf_token" {{ stimulus_target('@sylius/admin-bundle/delete-taxon', 'csrfToken') }}/> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" {{ stimulus_target('@sylius/admin-bundle/delete-taxon', 'csrfToken') }}/>
{{ button.default({ text: 'sylius.ui.cancel'|trans, attr: 'data-bs-dismiss=modal' }) }} {{ button.default({ text: 'sylius.ui.cancel'|trans, attr: 'data-bs-dismiss=modal' }) }}
{{ button.default({ text: 'sylius.ui.delete'|trans, type: 'submit', class: 'btn-danger', attr: sylius_test_html_attribute('confirm-button') }) }} {{ button.default({ text: 'sylius.ui.delete'|trans, type: 'submit', class: 'btn-danger', attr: sylius_test_html_attribute('confirm-button') }) }}

View file

@ -58,7 +58,7 @@
{{ ux_icon('tabler:trash', {'class': 'icon icon-xs'})}} {{ ((message is empty and labeled) ? 'sylius.ui.delete' : message)|trans }} {{ ux_icon('tabler:trash', {'class': 'icon icon-xs'})}} {{ ((message is empty and labeled) ? 'sylius.ui.delete' : message)|trans }}
</button> </button>
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(resourceId) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(resourceId) }}" />
{% endif %} {% endif %}
</form> </form>
{% endmacro %} {% endmacro %}

View file

@ -14,7 +14,7 @@
<form action="{{ path }}" method="post" {{ form_attr }}> <form action="{{ path }}" method="post" {{ form_attr }}>
<input type="hidden" name="_method" value="DELETE"> <input type="hidden" name="_method" value="DELETE">
{% if sylius_csrf_protection_enabled() %} {% if sylius_csrf_protection_enabled() %}
<input type="hidden" name="_csrf_token" value="{{ csrf_token(id) }}" /> <input type="hidden" name="{{ sylius_resource_csrf_parameter() }}" value="{{ csrf_token(id) }}" />
{% endif %} {% endif %}
<button type="button" class="btn btn-sm" data-bs-dismiss="modal"> <button type="button" class="btn btn-sm" data-bs-dismiss="modal">