[BUGFIX] Send payload of image cropping wizard via POST
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Form / Wizard / ImageManipulationWizard.php
index 0b10301..11290f9 100644 (file)
@@ -57,8 +57,8 @@ class ImageManipulationWizard
     public function getWizardAction(ServerRequestInterface $request, ResponseInterface $response)
     {
         if ($this->isSignatureValid($request)) {
-            $queryParams = json_decode($request->getQueryParams()['arguments'], true);
-            $fileUid = $queryParams['image'];
+            $parsedBody = json_decode($request->getParsedBody()['arguments'], true);
+            $fileUid = $parsedBody['image'];
             $image = null;
             if (MathUtility::canBeInterpretedAsInteger($fileUid)) {
                 try {
@@ -68,7 +68,7 @@ class ImageManipulationWizard
             }
             $viewData = [
                 'image' => $image,
-                'cropVariants' => $queryParams['cropVariants']
+                'cropVariants' => $parsedBody['cropVariants']
             ];
             $content = $this->templateView->renderSection('Main', $viewData);
             $response->getBody()->write($content);
@@ -81,12 +81,12 @@ class ImageManipulationWizard
     /**
      * Check if hmac signature is correct
      *
-     * @param ServerRequestInterface $request the request with the GET parameters
+     * @param ServerRequestInterface $request the request with the POST parameters
      * @return bool
      */
     protected function isSignatureValid(ServerRequestInterface $request)
     {
-        $token = GeneralUtility::hmac($request->getQueryParams()['arguments'], 'ajax_wizard_image_manipulation');
-        return hash_equals($token, $request->getQueryParams()['signature']);
+        $token = GeneralUtility::hmac($request->getParsedBody()['arguments'], 'ajax_wizard_image_manipulation');
+        return hash_equals($token, $request->getParsedBody()['signature']);
     }
 }