The new version, v1.2, contains several new features, changes, and bug fixes. We want to give you an overview of the most important changes in this version.
Important: A bug fix regarding verifying the origin hosts can break your form. Please verify that you configured your hosts in the project settings correctly and verify the functionality of your form after the upgrade to v1.2. Read more about it in the documentation
New features
Compatibility with PostgreSQL
In January 2024, we received a question from a user if it’s possible to use mosparo with a PostgreSQL database instead of the MySQL database. When we started developing mosparo, we only concentrated on using MySQL because using two database systems would complicate many things (regarding our dependencies on Symfony/Doctrine).
We now took a second look at the options and added a different option to configure the database. With this new approach, our development was almost unchanged, and we were able to add compatibility to PostgreSQL.
With the new version, while installing mosparo, you can decide if you want to use a MySQL or PostgreSQL database.
Suggested by skid9000
Security feature to block repetitive submissions
We received the question of whether blocking repetitive submissions with mosparo is possible. Repetitive submission means that the same form data gets submitted multiple times. Since that was not possible before, we’ve added a fifth security feature to the project security settings, which will block repetitive submissions.
It’s possible to configure the number of submissions and the time frame in which it should be counted. Additionally, it’s possible to configure whether repetitive submissions should be counted based on the IP address or all users.
Suggested by Geremia
Web-based cron jobs
We’ve added the option to enable web-based cron jobs to make it easier to execute the cron jobs. These cron jobs can be enabled in the administration interface and are not enabled by default (for security reasons).
As soon as enabled, you can set up a cron job to request a URL. You can also use an external cron job service to execute the mosparo cron job by defining a cron job with the cron job address.
Inspired by mpaglia0
Changes
Upgrade to Symfony 6.4
The framework we use, Symfony, got upgraded to the latest LTS version, 6.4. We’ve also updated all the other dependencies to the latest version.
While this changed many things in the code, it should not impact the user interface or the functionality of mosparo in general.
Negative spam rating for rules
We received the question of whether it’s possible to reverse a rule, for example, if it’s possible to mark submissions from all countries except one as spam. While we considered this question, we detected that it’s impossible to add rules with a positive effect.
As an easy solution, we’ve adjusted the spam rating value fields for the rule items and changed them to allow negative values. With this change, adding rule items with a negative rating value is now possible.
When the form data is validated, the total number of points is calculated to determine whether a submission is spam or not. A rule with a negative value can reduce the number of points, for example, if the submission is from a specified country or IP subnet.
Inspired by cesare190
Compatibility with reverse proxy subpath setup
We’ve added some adjustments to mosparo to allow using mosparo in a subpath setup with a reverse proxy. With these changes, it’s possible to set up mosparo in a subpath like example.com/mosparo/, as long as you configure it with a reverse proxy.
We still recommend using a domain or subdomain to set up mosparo, but there is no reason not to install it in a subpath with a reverse proxy.
Inspired by davd-edia
Accessibility optimizations
While testing compliance with WCAG 2.1, Access for all found multiple things that could be optimized for better usage of assistance tools. We implemented the majority of these recommendations with v1.2.
- The mosparo box received the `lang` attribute to tell a screen reader which language is visible. If a mosparo box is visible on a page in a different language than the mosparo box, the screen reader reads the text in the wrong language.
- The mosparo logo was not visible if the high-contrast mode was enabled. With this fix, the logo is also visible in the high-contrast mode (as long as the logo’s visibility is enabled in the design settings).
- Since the logo is not added as an HTML image, adding an alternative text to describe the image is impossible. We’ve added an additional text for screen readers after the main label to let the user know that the form is protected by mosparo, as long as the logo is enabled in the project design settings.
- We’ve adjusted the message for screen readers when mosparo validates the form data in the frontend. The message now indicates that the spam protection is validating the data. Before this change, it was unclear what exactly was happening.
- The alert message for screen readers is now linked with the label element to give the user the required context.
Bug fixes
- A bug in the request processing did not verify the hosts correctly. Because of this bug, all origins were accepted for the CORS headers, not only those configured in the project settings. With this fix, the origins are verified correctly. This change can lead to broken forms if your project’s hosts are not set correctly. Please test your forms after upgrading to v1.2. Read more about it in the documentation. Reported by zttom
- Because of a logic bug, it was impossible to edit the login throttling or the access settings when the trust settings were defined in the environment variables. This bug is now fixed.
- A bug in the export functionality led to an incorrect value in the exported security guideline. With this fix, the value in the security guideline is now correctly exported and imported.
Thank you
We thank all of our contributors and testers for their suggestions and work. We could not do such a project without your support and contributions!
If you have any suggestions to enhance or optimize mosparo, you can send them to us by creating a post in the Discussions section on GitHub.