Merge branch 'release/8.2.0'

Author: rhukster

CHANGELOG.md

@@ -1,12 +1,22 @@
+# v8.2.0
+## 112/27/2025
+
+1. [](#improved)
+    - Use new Twig::setEscaper() helper if it exists
+    - Automated form none refresh `refresh_nonce` (false by default)
+1. [](#bugfix)
+    - Fix spacer field [#623](https://github.com/getgrav/grav-plugin-form/pulls/623)
+    - Fix number field
+
 # v8.1.0
 ## 11/03/2025
 
-1. [](#bugfix)
-    - Fixed an issue with DropZone file field with `js_pipeline` enabled [#621](https://github.com/getgrav/grav-plugin-form/issues/621)
-    - Fixed general pipeline issues with form javascript
 1. [](#improved)
     - Added a field-based configuration of basic-captcha [#622](https://github.com/getgrav/grav-plugin-form/issues/622)
     - Improved filesize min/max error handling
+2. [](#bugfix)
+    - Fixed an issue with DropZone file field with `js_pipeline` enabled [#621](https://github.com/getgrav/grav-plugin-form/issues/621)
+    - Fixed general pipeline issues with form javascript
 
 # v8.0.6
 ## 10/07/2025

assets/form-nonce-refresh.js

@@ -0,0 +1,62 @@
+(function() {
+    function refreshNonces() {
+        var nonces = document.querySelectorAll('.form-nonce-field');
+        if (nonces.length === 0) return;
+
+        var actions = {};
+        nonces.forEach(function(field) {
+            var action = field.getAttribute('data-nonce-action');
+            if (!actions[action]) actions[action] = [];
+            actions[action].push(field);
+        });
+
+        Object.keys(actions).forEach(function(action) {
+             try {
+                 var urlObj = new URL(window.location.href);
+                 urlObj.searchParams.set('task', 'get-nonce');
+                 urlObj.searchParams.set('action', action);
+                 var fetchUrl = urlObj.toString();
+
+                 fetch(fetchUrl, {
+                    headers: { 'X-Requested-With': 'XMLHttpRequest' }
+                 })
+                 .then(function(response) { return response.json(); })
+                 .then(function(data) {
+                    if (data.nonce) {
+                        actions[action].forEach(function(field) {
+                            field.value = data.nonce;
+                        });
+                    }
+                 })
+                 .catch(function(e) {
+                     console.error('Grav Form Plugin: Failed to refresh nonce', e);
+                 });
+             } catch (e) {
+                 console.error('Grav Form Plugin: URL parsing failed', e);
+             }
+        });
+    }
+
+    // Refresh based on configured interval (default to 15 minutes)
+    var interval = (window.GravForm && window.GravForm.refresh_nonce_interval) || 900000;
+
+    function scheduleRefresh() {
+        var nonces = document.querySelectorAll('.form-nonce-field');
+        if (nonces.length === 0) return;
+
+        var parsed = Number(interval);
+        var delay = !isNaN(parsed) && parsed > 0 ? parsed : 900000;
+        delay = Math.max(delay, 1000);
+        setTimeout(function() {
+            refreshNonces();
+            setInterval(refreshNonces, delay);
+        }, delay);
+    }
+
+    if (document.readyState === 'loading') {
+        document.addEventListener('DOMContentLoaded', scheduleRefresh);
+    } else {
+        scheduleRefresh();
+    }
+
+})();

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Form
 slug: form
 type: plugin
-version: 8.1.0
+version: 8.2.0
 description: Enables forms handling and processing
 icon: check-square
 author:

form.php

@@ -32,9 +32,7 @@
 use RocketTheme\Toolbox\Event\Event;
 use RuntimeException;
 use Symfony\Contracts\HttpClient\Exception\TransportExceptionInterface;
-use Twig\Environment;
 use Twig\Extension\CoreExtension;
-use Twig\Extension\EscaperExtension;
 use Twig\TwigFunction;
 use function count;
 use function function_exists;
@@ -116,7 +114,20 @@ class_alias(Form::class, 'Grav\Plugin\Form');
 
         // Initialize the captcha manager
         CaptchaManager::initialize();
-        
+
+        /** @var Uri $uri */
+        $uri = $this->grav['uri'];
+
+        // Refresh Nonce Logic - Run early to catch both frontend and admin
+        // Uri::param() returns false when missing, so use fallback even on falsey values.
+        $task = $uri->param('task') ?: $uri->query('task') ?: ($_REQUEST['task'] ?? null);
+        if ($task === 'get-nonce') {
+            $action = $uri->param('action') ?: $uri->query('action') ?: ($_REQUEST['action'] ?? 'form');
+            $nonce = Utils::getNonce($action);
+            $response = new Response(200, ['Content-Type' => 'application/json'], json_encode(['nonce' => $nonce]));
+
+            $this->grav->close($response);
+        }
 
         if ($this->isAdmin()) {
             $this->enable([
@@ -126,11 +137,7 @@ class_alias(Form::class, 'Grav\Plugin\Form');
             return;
         }
 
-        /** @var Uri $uri */
-        $uri = $this->grav['uri'];
-
         // Mini Keep-Alive Logic
-        $task = $uri->param('task');
         if ($task === 'keep-alive') {
             $response = new Response(200);
 
@@ -368,17 +375,15 @@ public function onTwigInitialized(): void
             new TwigFunction('forms', [$this, 'getForm'])
         );
 
-        if (Environment::VERSION_ID > 20000) {
-            // Twig 2/3
-            $this->grav['twig']->twig()->getExtension(EscaperExtension::class)->setEscaper(
-                'yaml',
-                function ($twig, $string, $charset) {
-                    return Yaml::dump($string);
-                }
-            );
+        // Grav 1.8+ has setEscaper() helper that handles all Twig versions
+        $twig = $this->grav['twig'];
+        if (method_exists($twig, 'setEscaper')) {
+            $twig->setEscaper('yaml', function ($twig, $string, $charset) {
+                return Yaml::dump($string);
+            });
         } else {
-            // Twig 1.x
-            $this->grav['twig']->twig()->getExtension(CoreExtension::class)->setEscaper(
+            // Grav 1.7 with Twig 1.x
+            $twig->twig()->getExtension(CoreExtension::class)->setEscaper(
                 'yaml',
                 function ($twig, $string, $charset) {
                     return Yaml::dump($string);
@@ -441,6 +446,18 @@ public function onTwigVariables(?Event $event = null): void
         if ($this->config->get('plugins.form.built_in_css')) {
             $this->grav['assets']->addCss('plugin://form/assets/form-styles.css');
         }
+        if ($this->config->get('plugins.form.refresh_nonce')) {
+            $timeout = (int)$this->config->get('system.session.timeout', 1800);
+            // Nonce lifetime is ~12h (current + previous tick); cap refresh window to that.
+            $effectiveTimeout = min($timeout, 43200);
+            // Refresh close to expiry: 10% lead time, capped between 5s and 60s.
+            $leadTime = min(60, max(5, (int)round($effectiveTimeout * 0.10)));
+            $intervalSeconds = max(1, $effectiveTimeout - $leadTime);
+            $interval = $intervalSeconds * 1000;
+
+            $this->grav['assets']->addInlineJs("window.GravForm = window.GravForm || {}; window.GravForm.refresh_nonce_interval = $interval;", ['group' => 'bottom', 'position' => 'before']);
+            $this->grav['assets']->addJs('plugin://form/assets/form-nonce-refresh.js', ['group' => 'bottom', 'defer' => true]);
+        }
         $twig->twig_vars['form_max_filesize'] = Form::getMaxFilesize();
         $twig->twig_vars['form_json_response'] = $this->json_response;
     }

form.yaml

@@ -1,6 +1,7 @@
 enabled: true
 built_in_css: true
 inline_css: true
+refresh_nonce: false
 refresh_prevention: false
 client_side_validation: true
 debug: false

templates/forms/fields/nonce/nonce.html.twig

@@ -1 +1,4 @@
-{{ nonce_field(form.getNonceAction() ?? 'form', form.getNonceName() ?? 'form-nonce')|raw }}
+{% set nonce_action = form.getNonceAction() ?? 'form' %}
+{% set nonce_name = form.getNonceName() ?? 'form-nonce' %}
+{% set nonce_value = form.getNonce() %}
+<input type="hidden" name="{{ nonce_name }}" value="{{ nonce_value }}" class="form-nonce-field" data-nonce-action="{{ nonce_action }}" />

templates/forms/fields/number/number.html.twig

@@ -5,5 +5,19 @@
     {% if field.validate.min is defined %}min="{{ field.validate.min }}"{% endif %}
     {% if field.validate.max is defined %}max="{{ field.validate.max }}"{% endif %}
     {% if field.validate.step is defined %}step="{{ field.validate.step }}"{% endif %}
-    {{ parent() }}
+    {# Skip text.html.twig's minlength/maxlength and go directly to field.html.twig #}
+    {% if field.size %}size="{{ field.size }}"{% endif %}
+    {% if field.classes is defined %}class="{{ field.classes }}" {% endif %}
+    {% if field.id is defined %}id="{{ field.id }}" {% endif %}
+    {% if field.style is defined %}style="{{ field.style }}" {% endif %}
+    {% if field.disabled or isDisabledToggleable %}disabled="disabled"{% endif %}
+    {% if field.placeholder %}placeholder="{{ field.placeholder|t }}"{% endif %}
+    {% if field.autofocus in ['on', 'true', 1] %}autofocus="autofocus"{% endif %}
+    {% if field.novalidate in ['on', 'true', 1] %}novalidate="novalidate"{% endif %}
+    {% if field.readonly in ['on', 'true', 1] %}readonly="readonly"{% endif %}
+    {% if field.autocomplete is defined %}autocomplete="{{ field.autocomplete }}"{% endif %}
+    {% if field.validate.required in ['on', 'true', 1] %}required="required"{% endif %}
+    {% if field.validate.pattern %}pattern="{{ field.validate.pattern }}"{% endif %}
+    {% if field.validate.message %}title="{{ field.validate.message|t }}"
+    {% elseif field.title is defined %}title="{{ field.title|t }}" {% endif %}
 {% endblock %}

templates/forms/fields/spacer/spacer.html.twig

@@ -3,11 +3,11 @@
 {% block field %}
 <div class="form-field form-spacer {{ field.classes }}">
     {% if field.title %}
-        <{{ title_type|default('h3') }}>{{- field.title|t|raw -}}</ {{ title_type|default('h3') }}>
+        <{{ field.title_type|default('h3') }}>{{- field.title|t|raw -}}</{{ field.title_type|default('h3') }}>
     {% endif %}
 
     {% if field.markdown %}
-        <p>{{- field.text|t|markdown|raw -}}</p>
+        {{- field.text|t|markdown|raw -}}
     {% else %}
         <p>{{- field.text|t|raw -}}</p>
     {% endif %}