fix invoice create and search (#2990)

src/Controller/AbstractController.php

@@ -218,6 +218,8 @@ protected function handleSearch(FormInterface $form, Request $request): bool
             }
         }
 
+        $request->query->remove('_token');
+
         if ($request->query->has('resetSearchFilter')) {
             $data->resetFilter();
             $this->removeLastSearch($data);

src/Controller/InvoiceController.php

@@ -66,7 +66,7 @@ public function __construct(ServiceInvoice $service, InvoiceTemplateRepository $
      * @Route(path="/", name="invoice", methods={"GET", "POST"})
      * @Security("is_granted('view_invoice')")
      */
-    public function indexAction(Request $request, SystemConfiguration $configuration): Response
+    public function indexAction(Request $request, SystemConfiguration $configuration, CsrfTokenManagerInterface $csrfTokenManager): Response
     {
         if (!$this->templateRepository->hasTemplate()) {
             if ($this->isGranted('manage_invoice_template')) {
@@ -100,6 +100,8 @@ public function indexAction(Request $request, SystemConfiguration $configuration
                     return $this->redirectToRoute('invoice');
                 }
 
+                $csrfTokenManager->refreshToken('invoice.create');
+
                 try {
                     return $this->renderInvoice($query, $request);
                 } catch (Exception $ex) {
@@ -148,6 +150,7 @@ public function previewAction(Customer $customer, Request $request, SystemConfig
 
         if ($form->isValid()) {
             try {
+                $query->setCustomers([$customer]);
                 $model = $this->service->createModel($query);
 
                 return $this->service->renderInvoiceWithModel($model, $this->dispatcher);
@@ -167,7 +170,7 @@ public function previewAction(Customer $customer, Request $request, SystemConfig
      * @Security("is_granted('access', customer)")
      * @Security("is_granted('create_invoice')")
      */
-    public function createInvoiceAction(Customer $customer, InvoiceTemplate $template, Request $request, SystemConfiguration $configuration): Response
+    public function createInvoiceAction(Customer $customer, InvoiceTemplate $template, Request $request, SystemConfiguration $configuration, CsrfTokenManagerInterface $csrfTokenManager): Response
     {
         if (!$this->templateRepository->hasTemplate()) {
             return $this->redirectToRoute('invoice');
@@ -185,9 +188,13 @@ public function createInvoiceAction(Customer $customer, InvoiceTemplate $templat
             return $this->redirectToRoute('invoice');
         }
 
+        $csrfTokenManager->refreshToken('invoice.create');
+
         $query = $this->getDefaultQuery();
         $form = $this->getToolbarForm($query, $configuration->find('invoice.simple_form'));
-        $form->submit($request->query->all(), false);
+        if ($this->handleSearch($form, $request)) {
+            return $this->redirectToRoute('invoice');
+        }
 
         if ($form->isValid()) {
             $query->setTemplate($template);

src/Form/Extension/SelectWithApiDataExtension.php

@@ -75,8 +75,12 @@ public function buildView(FormView $view, FormInterface $form, array $options)
         } while (($parent = $parent->getParent()) !== null);
 
         $formPrefix = implode('_', array_reverse($formPrefixes));
+        $formField = $apiData['select'];
 
-        $formField = $formPrefix . '_' . $apiData['select'];
+        // forms with prefix (like toolbar & search) would result in a wrong field name "_foo" instead of "foo"
+        if ($formPrefix !== '') {
+            $formField = $formPrefix . '_' . $apiData['select'];
+        }
 
         $view->vars['attr'] = array_merge($view->vars['attr'], [
             'data-form-prefix' => $formPrefix,