Merge branch 'craft-4' of https://github.com/verbb/formie into craft-5

# Conflicts: # CHANGELOG.md # composer.json # src/helpers/StringHelper.php
verbb · Jan 17, 2025 · da50521 · da50521
2 parents 5c57891 + abd32b8
commit da50521
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 10 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -531,6 +531,19 @@
 - `Field::name` attribute has been deprecated. Use `Field::label` instead.
 - `Field::inputHtml()` method has been deprecated. Use `Field::cpInputHtml()` instead.
 
+## 2.1.39 - 2025-01-17
+
+### Added
+- Add support for inline CSS for some string content (Multi-Line Rich Text content).
+- Add `Variables::EVENT_PARSE_VARIABLES` to allow you to parse custom registered variables.
+
+### Changed
+- Bump `guzzlehttp/oauth-subscriber` to `^0.8.1`.
+- Lock `league/oauth2-client` to `2.7.0` to prevent an issue with refresh token scopes on some providers.
+
+### Fixed
+- Fix reCAPTCHA Enterprise and score validation.
+
 ## 2.1.38 - 2025-01-13
 
 ### Added

diff --git a/src/events/ParseVariablesEvent.php b/src/events/ParseVariablesEvent.php
@@ -0,0 +1,21 @@
+<?php
+namespace verbb\formie\events;
+
+use verbb\formie\elements\Form;
+use verbb\formie\elements\Submission;
+use verbb\formie\models\Notification;
+
+use yii\base\Event;
+
+class ParseVariablesEvent extends Event
+{
+    // Properties
+    // =========================================================================
+
+    public mixed $value;
+    public ?Submission $submission = null;
+    public ?Form $form = null;
+    public ?Notification $notification = null;
+    public array $variables = [];
+
+}
diff --git a/src/helpers/StringHelper.php b/src/helpers/StringHelper.php
@@ -28,7 +28,12 @@ public static function toId(mixed $value, bool $allowNull = true): ?int
 
     public static function cleanString(string $str): string
     {
-        return (new AntiXSS())->xss_clean($str);
+        $antiXss = new AntiXSS();
+
+        // Allow inline CSS for rich text
+        $antiXss->removeEvilAttributes(['style']);
+
+        return $antiXss->xss_clean((string)$str);
     }
 
     public static function decdec(string $str): string

diff --git a/src/helpers/Variables.php b/src/helpers/Variables.php
@@ -7,6 +7,7 @@
 use verbb\formie\base\SubFieldInterface;
 use verbb\formie\elements\Form;
 use verbb\formie\elements\Submission;
+use verbb\formie\events\ParseVariablesEvent;
 use verbb\formie\events\RegisterVariablesEvent;
 use verbb\formie\fields\data\MultiOptionsFieldData;
 use verbb\formie\fields\data\SingleOptionFieldData;
@@ -35,6 +36,7 @@ class Variables
     // =========================================================================
 
     public const EVENT_REGISTER_VARIABLES = 'registerVariables';
+    public const EVENT_PARSE_VARIABLES = 'parseVariables';
 
 
     // Static Methods
@@ -202,7 +204,7 @@ public static function getParsedValue(mixed $value, Submission $submission = nul
             // Form Info
             $formName = $form->title ?? '';
 
-            Formie::$plugin->getRenderCache()->setGlobalVariables($cacheKey, [
+            $variables = [
                 'formName' => $formName,
                 'submissionUrl' => $submission?->getCpEditUrl() ?? '',
                 'submissionId' => $submission->id ?? null,
@@ -234,14 +236,15 @@ public static function getParsedValue(mixed $value, Submission $submission = nul
                 'userFullName' => $userFullName,
                 'userFirstName' => $userFirstName,
                 'userLastName' => $userLastName,
-            ]);
+            ];
 
             // Add support for all global sets
             foreach (Craft::$app->getGlobals()->getAllSets() as $globalSet) {
-                Formie::$plugin->getRenderCache()->setGlobalVariables($cacheKey, [
-                    $globalSet->handle => $globalSet,
-                ]);
+                $variables[$globalSet->handle] = $globalSet;
             }
+
+            // Cache variables in-memory for better performance next parse
+            Formie::$plugin->getRenderCache()->setGlobalVariables($cacheKey, $variables);
         }
 
         $fieldVariables[] = self::getParsedFieldValues($form, $submission, $notification);
@@ -271,9 +274,19 @@ public static function getParsedValue(mixed $value, Submission $submission = nul
             }
         }
 
+        // Allow plugins to modify the variables
+        $event = new ParseVariablesEvent([
+            'submission' => $submission,
+            'form' => $form,
+            'notification' => $notification,
+            'value' => $value,
+            'variables' => $variables,
+        ]);
+        Event::trigger(self::class, self::EVENT_PARSE_VARIABLES, $event);
+
         // Try to parse submission + extra variables
         try {
-            return Formie::$plugin->getTemplates()->renderObjectTemplate($value, $submission, $variables);
+            return Formie::$plugin->getTemplates()->renderObjectTemplate($value, $submission, $event->variables);
         } catch (Throwable $e) {
             Formie::error('Failed to render dynamic string “{value}”. Template error: “{message}” {file}:{line}', [
                 'value' => $originalValue,

diff --git a/src/integrations/captchas/Recaptcha.php b/src/integrations/captchas/Recaptcha.php
@@ -196,11 +196,13 @@ public function validateSubmission(Submission $submission): bool
                 $this->spamReason = $reason;
             }
 
-            if (isset($result['score'])) {
-                $scoreRating = ($result['score'] >= $this->minScore);
+            $score = $result['riskAnalysis']['score'] ?? $result['score'] ?? null;
+
+            if ($score) {
+                $scoreRating = ($score >= $this->minScore);
 
                 if (!$scoreRating) {
-                    $this->spamReason = 'Score ' . $result['score'] . ' is below threshold ' . $this->minScore . '.';
+                    $this->spamReason = 'Score ' . $score . ' is below threshold ' . $this->minScore . '.';
                 }
 
                 return $scoreRating;