Part of the fix for #2468 - Wrong log output date

CHANGELOG.md

@@ -1,3 +1,17 @@
+# v1.10.50
+## 11/14/2025
+
+1. [](#new)
+    * Support for 'safe-upgrade' installation
+    * Support for safe-upgrade restore functionality in Tools
+1. [](#improved)
+    * Improved session expiration/logout handling
+    * Various minor CSS fixes
+1. [](#bugfix)   
+    * Fix for deeply nested sortable fields (at last!)
+    * Restore admin session timeout modal by returning 401 for timed-out AJAX requests
+    * Honor `system.updates.safe_upgrade` so legacy Grav installs keep the classic updater
+
 # v1.10.49.1
 ## 09/03/2025
 

admin.php

@@ -32,6 +32,7 @@
 use Grav\Plugin\Admin\Router;
 use Grav\Plugin\Admin\Themes;
 use Grav\Plugin\Admin\AdminController;
+use Grav\Plugin\Admin\SafeUpgradeManager;
 use Grav\Plugin\Admin\Twig\AdminTwigExtension;
 use Grav\Plugin\Admin\WhiteLabel;
 use Grav\Plugin\Form\Form;
@@ -383,6 +384,34 @@ public function onAdminTools(Event $event)
             'reports'        => [['admin.super'], 'PLUGIN_ADMIN.REPORTS'],
             'direct-install' => [['admin.super'], 'PLUGIN_ADMIN.DIRECT_INSTALL'],
         ]);
+
+        $config = $this->grav['config'] ?? null;
+        if (!SafeUpgradeManager::configAllowsSafeUpgrade($config)) {
+            return;
+        }
+
+        try {
+            $manifestFiles = glob(GRAV_ROOT . '/user/data/upgrades/*.json') ?: [];
+
+            if (!$manifestFiles) {
+                $manager = new SafeUpgradeManager(Grav::instance());
+                $manifestFiles = $manager->hasSnapshots() ? [true] : [];
+            }
+
+            $tools = $event['tools'];
+            Grav::instance()['log']->debug('[Admin] Tools before restore grav: ' . implode(',', array_keys($tools)));
+
+            if ($manifestFiles) {
+                $tools['restore-grav'] = [['admin.super'], 'PLUGIN_ADMIN.RESTORE_GRAV'];
+                Grav::instance()['log']->debug('[Admin] Restore Grav tool enabled');
+            }
+
+            $event['tools'] = $tools;
+            Grav::instance()['log']->debug('[Admin] Tools after register: ' . implode(',', array_keys($tools)));
+        } catch (\Throwable $e) {
+            // ignore availability errors, snapshots tool will simply stay hidden
+            Grav::instance()['log']->warning('[Admin] Restore Grav detection failed: ' . $e->getMessage());
+        }
     }
 
     /**

admin.yaml

@@ -23,6 +23,7 @@ pages:
   show_modular: true
 session:
   timeout: 1800
+  keep_alive: true
 edit_mode: normal
 frontend_preview_target: inline
 show_github_msg: true

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Admin Panel
 slug: admin
 type: plugin
-version: 1.10.49.1
+version: 1.10.50
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:
@@ -224,6 +224,18 @@ form:
                   type: number
                   min: 1
 
+            session.keep_alive:
+              type: toggle
+              label: Keep Alive Ping
+              help: "Periodically pings to keep your admin session alive. Turn OFF to allow the session to expire while idle (useful for testing timeouts)."
+              highlight: 1
+              default: 1
+              options:
+                1: PLUGIN_ADMIN.ENABLED
+                0: PLUGIN_ADMIN.DISABLED
+              validate:
+                type: bool
+
             hide_page_types:
               type: select
               size: large

classes/plugin/Admin.php

@@ -341,6 +341,31 @@ public static function toolsPermissions()
         return array_unique($perms);
     }
 
+    /**
+     * @return array<int, array{id:string, source_version:?string, target_version:?string, created_at:int, created_at_iso:?string, backup_path:?string, package_path:?string}>
+     */
+    public function safeUpgradeSnapshots(): array
+    {
+        try {
+            $manager = new SafeUpgradeManager();
+
+            return $manager->listSnapshots();
+        } catch (\Throwable $e) {
+            return [];
+        }
+    }
+
+    public function safeUpgradeHasSnapshots(): bool
+    {
+        try {
+            $manager = new SafeUpgradeManager();
+
+            return $manager->hasSnapshots();
+        } catch (\Throwable $e) {
+            return false;
+        }
+    }
+
     /**
      * Return the languages available in the site
      *

classes/plugin/AdminBaseController.php

@@ -96,6 +96,8 @@ public function execute()
 
         // Make sure that user is logged into admin.
         if (!$this->admin->authorize()) {
+            $this->respondUnauthorizedIfAjax();
+
             return false;
         }
 
@@ -236,6 +238,31 @@ protected function sendJsonResponse(array $json, $code = 200): void
         $this->close($response);
     }
 
+    /**
+     * Return a JSON 401 response when an unauthenticated request was clearly triggered via AJAX.
+     *
+     * @return void
+     */
+    protected function respondUnauthorizedIfAjax(): void
+    {
+        $uri = $this->grav['uri'] ?? null;
+        $extension = $uri ? $uri->extension() : null;
+        $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
+        $requestedWith = $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '';
+
+        $acceptsJson = is_string($accept) && (stripos($accept, 'application/json') !== false || stripos($accept, 'text/json') !== false);
+        $isAjax = ($extension === 'json') || $acceptsJson || (is_string($requestedWith) && strtolower($requestedWith) === 'xmlhttprequest');
+
+        if (!$isAjax) {
+            return;
+        }
+
+        $this->sendJsonResponse([
+            'status' => 'unauthenticated',
+            'message' => Admin::translate('PLUGIN_ADMIN.SESSION_EXPIRED_DESC')
+        ], 401);
+    }
+
     /**
      * @param ResponseInterface $response
      * @return never-return