[BUGFIX] ImageManipulationWizard calculates wrong token 08/44008/2
authorFrank Nägler <frank.naegler@typo3.org>
Mon, 12 Oct 2015 10:35:28 +0000 (12:35 +0200)
committerFrans Saris <franssaris@gmail.com>
Mon, 12 Oct 2015 11:30:43 +0000 (13:30 +0200)
This patch fix broken ImageManipulationWizard. Because of a wrong
token calculation the wizard was broken.

Resolves: #70618
Releases: master
Change-Id: Ibe77592bf7167fdd8b081e599fca969e2f625db6
Reviewed-on: http://review.typo3.org/44008
Reviewed-by: Andreas Fernandez <typo3@scripting-base.de>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Tested-by: Frans Saris <franssaris@gmail.com>
typo3/sysext/backend/Classes/Form/Element/ImageManipulationElement.php
typo3/sysext/backend/Classes/Form/Wizard/ImageManipulationWizard.php

index 42987dc..67cdb3b 100644 (file)
@@ -100,9 +100,9 @@ class ImageManipulationElement extends AbstractFormElement
 
             $formFieldId = StringUtility::getUniqueId('formengine-image-manipulation-');
             $wizardData = array(
-                'file' => $file->getUid(),
                 'zoom' => $config['enableZoom'] ? '1' : '0',
                 'ratios' => json_encode($config['ratios']),
+                'file' => $file->getUid(),
             );
             $wizardData['token'] = GeneralUtility::hmac(implode('|', $wizardData), 'ImageManipulationWizard');
 
index 7162e05..7189c55 100644 (file)
@@ -75,11 +75,9 @@ class ImageManipulationWizard
     {
         $parameters = [
             'zoom'   => $request->getQueryParams()['zoom'] ? '1' : '0',
-            'ratios' => $request->getQueryParams()['ratios'] ?: ''
+            'ratios' => $request->getQueryParams()['ratios'] ?: '',
+            'file'   => $request->getQueryParams()['file'] ?: '',
         ];
-        if ($request->getQueryParams()['file']) {
-            $parameters['file'] = $request->getQueryParams()['file'];
-        }
 
         $token = GeneralUtility::hmac(implode('|', $parameters), 'ImageManipulationWizard');
         return $token === $request->getQueryParams()['token'];