Merge branch 'release/7.2.2'

getgrav · Dec 13, 2023 · b3ab929 · b3ab929
2 parents fed50ab + b163ede
commit b3ab929
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,12 @@
+# v7.2.2
+## 12/13/2023
+
+1. [](#improved)
+   * Add _inline errors_ for `file` field.  Useful in combination with `form: no-validate: true` form setting.
+   * Validate filename against `uploads_dangerous_extensions` when using the `save:` action
+1. [](#bugfix)
+   * Cleared 'basic captcha' value when invalid
+
 # v7.2.1
 ## 06/27/2023
 

diff --git a/blueprints.yaml b/blueprints.yaml
@@ -1,7 +1,7 @@
 name: Form
 slug: form
 type: plugin
-version: 7.2.1
+version: 7.2.2
 description: Enables forms handling and processing
 icon: check-square
 author:

diff --git a/form.php b/form.php
@@ -518,7 +518,7 @@ public function onFormProcessed(Event $event): void
                 $captcha_value = trim($form->value('basic-captcha'));
                 if (!$captcha->validateCaptcha($captcha_value)) {
                     $message = $params['message'] ?? $this->grav['language']->translate('PLUGIN_FORM.ERROR_BASIC_CAPTCHA');
-
+                    $form->setData('basic-captcha', '');
                     $this->grav->fireEvent('onFormValidationError', new Event([
                         'form' => $form,
                         'message' => $message
@@ -667,6 +667,11 @@ public function onFormProcessed(Event $event): void
                     $filename = $prefix . $this->udate($format, $raw_format) . $postfix . $ext;
                 }
 
+                // Handle bad filenames.
+                if (!Utils::checkFilename($filename)) {
+                    throw new RuntimeException(sprintf('Form save: File with extension not allowed: %s', $filename));
+                }
+
                 /** @var Twig $twig */
                 $twig = $this->grav['twig'];
                 $vars = [

diff --git a/templates/forms/fields/file/file.html.twig b/templates/forms/fields/file/file.html.twig
@@ -89,7 +89,14 @@
             {{ macro.preview(path, file, _context) }}
         {% endfor %}
         {% include 'forms/fields/hidden/hidden.html.twig' with {field: {name: '_json.' ~ field.name}, value: (value ?? [])|json_encode } %}
+
+
     </div>
+    {% if inline_errors and errors %}
+    <div class="{{ form_field_inline_error_classes }}">
+      <p class="form-message"><i class="fa fa-exclamation-circle"></i> {{ errors|first|raw }}</p>
+    </div>
+    {% endif %}
 
     {% if grav.browser.browser == 'msie' and grav.browser.version < 12 %}
         {% do assets.addJs('plugin://form/assets/object.assign.polyfill.js') %}