Merge branch 'release/7.1.3'

CHANGELOG.md

@@ -1,3 +1,11 @@
+# v7.1.3
+## 05/09/2023
+
+1. [](#improved)
+   * Removed `FILTER_SANITIZE_STRING` input filter in favor of `htmlspecialchars(strip_tags())` 
+   * Fixed a deprecated message when using `Route::_toString()`
+   * Require Grav `v1.7.41` as it contains `GRAV_SANITIZE_STRING` constant
+
 # v7.1.2
 ## 01/08/2023
 

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Form
 slug: form
 type: plugin
-version: 7.1.2
+version: 7.1.3
 description: Enables forms handling and processing
 icon: check-square
 author:
@@ -14,7 +14,7 @@ bugs: https://github.com/getgrav/grav-plugin-form/issues
 license: MIT
 
 dependencies:
-  - { name: grav, version: '>=1.7.24' }
+  - { name: grav, version: '>=1.7.41' }
 
 form:
   validation: strict

form.php

@@ -1182,8 +1182,8 @@ protected function form(PageInterface $page = null)
             }
 
             // Try to find the posted form if available.
-            $form_name = $this->grav['uri']->post('__form-name__', FILTER_SANITIZE_STRING) ?? '';
-            $unique_id = $this->grav['uri']->post('__unique_form_id__', FILTER_SANITIZE_STRING) ?? '';
+            $form_name = $this->grav['uri']->post('__form-name__', GRAV_SANITIZE_STRING) ?? '';
+            $unique_id = $this->grav['uri']->post('__unique_form_id__', GRAV_SANITIZE_STRING) ?? '';
 
             if (!$form_name) {
                 $form_name = $page ? $page->slug() : null;

templates/forms/default/form.html.twig

@@ -40,7 +40,7 @@
 {% do assets.addInlineJs("
     window.GravForm = window.GravForm || {};
     window.GravForm.config = {
-        current_url: '" ~ grav.route.withoutParams() ~"',
+        current_url: '" ~ grav.route.withoutParams().toString(true) ~"',
         current_params: " ~ grav.route.params|json_encode ~ ",
         param_sep: '" ~ config.system.param_sep ~ "',
         base_url_relative: '" ~ base_url_relative ~ "',

templates/forms/fields/file/file.html.twig

@@ -26,15 +26,15 @@
         {% set uri = global.grav.uri %}
         {% set files = global.files %}
         {% set config = global.grav.config %}
-        {% set route = global.context.route() %}
+        {% set route = global.context.route().toString(true) %}
         {% set type =  global.context.content() is not null ? 'pages' : global.plugin ? 'plugins' : global.theme ? 'themes' : 'config' %}
         {% set blueprint_name = global.blueprints.getFilename %}
         {% if type == 'pages' %}
             {% set blueprint_name = type ~ '/' ~ blueprint_name %}
         {% endif %}
         {% set blueprint = blueprint_name|base64_encode %}
         {% set real_path = value.thumb ?? global.context.media[path].relativePath ?? global.form.getPagePathFromToken(path) %}
-        {% set remove = global.form.getFileDeleteAjaxRoute(files.name, path)|string ?: uri.addNonce(
+        {% set remove = global.form.getFileDeleteAjaxRoute(files.name, path).toString(true) ?: uri.addNonce(
             global.base_url_relative ~
             '/media.json' ~
             '/task' ~ config.system.param_sep ~ 'removeFileFromBlueprint' ~
@@ -64,8 +64,8 @@
     {% block prepend %}{% endblock %}
     {% set settings = {name: field.name, paramName: (scope ~ field.name)|fieldName ~ (files.multiple ? '[]' : ''), limit: limit, filesize: max_filesize, accept: files.accept, resolution: files.resolution, resizeWidth: files.resizeWidth, resizeHeight: files.resizeHeight, resizeQuality: files.resizeQuality } %}
     {% set dropzoneSettings = field.dropzone %}
-    {% set file_url_add = form.getFileUploadAjaxRoute() %}
-    {% set file_url_remove = form.getFileDeleteAjaxRoute(null, null) %}
+    {% set file_url_add = form.getFileUploadAjaxRoute().getUri() %}
+    {% set file_url_remove = form.getFileDeleteAjaxRoute(null, null).getUri() %}
     <div class="{{ form_field_wrapper_classes ?: 'form-input-wrapper' }} {{ field.classes }} dropzone files-upload form-input-file {{ field.size }}"
          data-grav-file-settings="{{ settings|json_encode|e('html_attr') }}"
          data-dropzone-options="{{ dropzoneSettings|json_encode|e('html_attr') }}"