Bug description

Chrome, Firefox, and Safari now support setting the width and height attributes on <source> elements within <picture> elements. You can read more about this in the web.dev article on optimizing CLS. This enhancement allows browsers to better handle layout shifts and varying aspect ratios for responsive images.

How to reproduce

Current Behavior:

Currently, Statamic Responsive Images does not take advantage of this browser capability. As a result, when multiple sources are provided, the appropriate width and height attributes are not applied to <source> elements, which may lead to layout shifts due to varying aspect ratios.

Proposed Enhancement:

Set appropriate width and height attributes on <source> elements based on their aspect ratios.

Benefits:

• Improved Visual Stability: Reduce Cumulative Layout Shift (CLS) by providing browsers with the correct dimensions upfront.
• Better Performance: Modern browsers can allocate the correct space for images during page load.
• Enhanced Responsiveness: Accurately reflect different image aspect ratios for a more consistent user experience.

Environment

Environment
Application Name: local
Laravel Version: 11.41.3
PHP Version: 8.3.16
Composer Version: 2.8.5
Environment: development
Debug Mode: ENABLED
URL: local.test
Maintenance Mode: OFF
Timezone: Europe/Paris
Locale: en

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: NOT CACHED

Drivers
Broadcasting: null
Cache: file
Database: sqlite
Logs: stack / single
Mail: smtp
Queue: redis
Session: file

Statamic
Addons: 3
Sites: 1
Stache Watcher: Disabled (auto)
Static Caching: Disabled
Version: 5.46.1 PRO

Statamic Addons
rias/statamic-redirect: 3.9.3
spatie/statamic-responsive-images: 5.2.1
statamic/seo-pro: 6.5.0

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

regex (default)

Additional details

Leveraging native width and height support on <source> elements can lead to significant improvements in layout stability and overall performance on modern browsers. This enhancement would allow the package to better handle responsive images by using up-to-date browser capabilities.

Thanks for considering this enhancement!

Bug description

Currently, the plugin calculates width/height incorrectly when swapping aspect ratios, leading to incorrect HTML output. When changing the aspect ratio of an image, the longest side should remain fixed, and the other side should be calculated accordingly.

How to reproduce

For an image of 3000x1688px as a source:

{{ responsive:image ratio="16/9" md:ratio="9/16" }}

it returns:

<picture>
    <source [...] >
    <source [...] >
    <source [...] >
    <img src="/img/asset/hash/image.jpg?w=3000&amp;h=1688&amp;s=9358bb54be5d388a9a2529a4196dcfc6" alt="" width="3000" height="1688">
</picture>

Now for the same image as source but with:

{{ responsive:image ratio="9/16" md:ratio="16/9" }}

it returns:

<picture>
    <source [...] >
    <source [...] >
    <source [...] >
    <img src="/img/asset/hash/image.jpg?w=3000&amp;h=5333&amp;s=6c5c0bb8447dbd7ff61a692f98b5f46d" alt="" width="3000" height="5333">
</picture>

The calculated aspect ratio is correct, but the dimensions are not. The generated values exceed the original image size.

In this last example, the correct height should be 3000px, and the width should be 1688px to ensure the image stays within its original dimensions.

Environment

Environment
Application Name: local
Laravel Version: 11.41.3
PHP Version: 8.3.14
Composer Version: 2.8.5
Environment: development
Debug Mode: ENABLED
URL: local.test
Maintenance Mode: OFF
Timezone: Europe/Paris
Locale: en

Cache
Config: NOT CACHED
Events: NOT CACHED
Routes: NOT CACHED
Views: CACHED

Drivers
Broadcasting: null
Cache: file
Database: sqlite
Logs: stack / single
Mail: smtp
Queue: redis
Session: file

Statamic
Addons: 3
Sites: 1
Stache Watcher: Disabled (auto)
Static Caching: Disabled
Version: 5.46.0 PRO

Statamic Addons
rias/statamic-redirect: 3.9.3
spatie/statamic-responsive-images: 5.2.1
statamic/seo-pro: 6.5.0

Installation

Fresh statamic/statamic site via CLI

Antlers Parser

regex (default)

Package

filament/filament

Package Version

v4.0.18

Laravel Version

v12.30.1

Livewire Version

v3.6.4

PHP Version

PHP 8.3.13

Problem description

There is an intermittent issue with the following error displaying, at least in FireFox. Sometimes it happens sometimes it doesn't. It seems to happen less often in the reproduction repo that I made for this issue report.

I think this might be some kind of race condition. You may have to refresh with the console open a couple times for it to display.

Expected behavior

It just, shouldn't error out. It would work "as expected".

Steps to reproduce

I'm attaching the simplest possible way to replicate this. Also attaching a link to a repo.

Filament Page class

<?php

namespace App\Filament\Pages;

use Filament\Forms\Components\Textarea;
use Filament\Forms\Components\TextInput;
use Filament\Pages\Page;
use Filament\Schemas\Schema;
use Filament\Support\RawJs;

class Test extends Page
{
    protected static string $routePath = '/test';

    protected string $view = 'filament.pages.test';

    public ?array $data = [];

    public function mount(): void
    {
        $this->form->fill([
            'price' => '1234.56',
        ]);
    }

    public function form(Schema $schema): Schema
    {
        return $schema
            ->components([
                TextInput::make('price')
                    ->mask(RawJs::make('$money($input)'))
                    ->live(),
                Textarea::make('description'),
            ])
            ->statePath('data');
    }
}

Filament Page View

<x-filament-panels::page>
    <form wire:submit="create">
        {{ $this->form }}
    </form>

    <x-filament-actions::modals />
</x-filament-panels::page>

Reproduction repository (issue will be closed if this is not valid)

https://github.com/GlitterCakes/filament-bug-report

Relevant log output

Package

filament/filament

Package Version

v4.3.1

Laravel Version

v12

Livewire Version

v3

PHP Version

PHP v8.4

Problem description

The search input in tableSelect is emptied when the table underneath has polling

Expected behavior

polling a table should only affect this table

Steps to reproduce

1. Create two resources with many to many relationships
2. Create a relationManager in one of those, with this table:

return $table
            ->poll()
            ->headerActions([
                AttachAction::make()->tableSelect(AnyTable::class),
            ])

4. Click on "Attach" button in the relation manager
5. Try to search in table select

Detailed instructions in repo readme

Reproduction repository (issue will be closed if this is not valid)

https://github.com/CharlieEtienne/poll-empty-search

Relevant log output

Laravel Version

12.49.0

PHP Version

8.5.2

Database Driver & Version

mysql on gnu/linux

Description

When using Str::isUrl() to validate url, it doesnt support single char domain name, it returns false.

My use case is, i setup an alias l as 127.0.0.1 at /etc/hosts, using livewire v4 it fails to load livewireScripts (depend on this helper at https://github.com/livewire/livewire/blob/95bb36a6fd720d67ccee3adc2ae64864407082e0/src/Mechanisms/FrontendAssets/FrontendAssets.php#L201).

expected: http://l:8000/livewire-1c0eda25/livewire.js?

Steps To Reproduce

Use tinker.

Package

filament/filament

Package Version

v4.2.2

Laravel Version

v12.38.1

Livewire Version

v3.6.4

PHP Version

8.4.14

Problem description

I am filtering widget data by following this guide: https://filamentphp.com/docs/4.x/widgets/overview#filtering-widget-data. The widget data is reloaded before even selecting an option.

I have a Dashboard page with filters form. When opening the select dropdown, it reloads all the widgets available on page and runs all the queries even before showing the select drop down. This delays the select drop down options until all the widget data is reloaded. Once all the queries are run and the request finishes, thats when it populates the options for select field.

I have also tried Filtering widget data using an action modal But same problem with Modal as well, even clicking the Modal action button reloads the data and runs all the queries before even opening the Modal.

Discord Discussion URL: https://discord.com/channels/883083792112300104/1440212167616892999

Expected behavior

Clicking on select field should not reload the widget data unless an option selected.

Steps to reproduce

1. Clone the repo
2. Follow the installation guide in README
3. Open Filament admin panel at /admin
4. Open Up DebugBar. Click on Group select field and you will see that it creates a new Livewire request which shows the query for getting groups but also a query for Users count.

Reproduction repository (issue will be closed if this is not valid)

https://github.com/mansoorkhan96/filament-widget-issue

Relevant log output

I tried the example config from the docs to a Laravel/Inertia/Vue app, and it don't work.

If use the code (HandleInertiaRequests.php): 'messages' => flash()->render([], 'array'),

Error: Flasher\Prime\Flasher::render(): Argument #1 ($presenter) must be of type string, array given, called in D:\Laragon6\www\mobi-care\app\Http\Middleware\HandleInertiaRequests.php on line 36

And changing it to: 'messages' => flash()->render('array'), it loads the page, but, I only see the notifications if i press F5, with its not the desired state.

Immediately after installing php-flasher/flasher-laravel, the application breaks with the following error:

foreach() argument must be of type array|object, bool given Simply installing the package causes this fatal error.

Steps to Reproduce:

Create a fresh Laravel app.

Run:

composer require php-flasher/flasher-laravel

Load any page in the app — no usage of flasher() or flasher_render() yet.

Laravel crashes with a foreach() error.

Currently, for plural rules, the MessageFormatter polyfills uses the English rules for all locales (it ignores the locale). To be consistent with what we do in symfony/intl (used by symfony/polyfill-intl-icu to implement NumberFormatter and DateFormatter), we should rather fail explicitly here (using the English rules for a different locale would not give the right result anyway)

Package

filament/filament

Package Version

v4.0.7

Laravel Version

v12.28.1

Livewire Version

^3.5

PHP Version

PHP 8.4

Problem description

Describe the bug unsavedChangesAlerts() not triggered when reordering a Repeater component. See animated Gif as it shows exactly the issue.

Screenshots ANIMATED GIF

Desktop (please complete the following information): I'm using Desktop

• OS: Windows 11 (updated)
• GPU: NVIDIA RTX 3050]
• Backend: OpenGL
• Google Chrome (updated to latest version)
• Laravel stable 12.28.1
• Filament stable 4.0.7
• Livewire ^3.5 (default with filament)
• PHP 8.4

Additional context Need more context, just ask, but you'd probably be able to find it in the linked repository.

Expected behavior

Expected behavior Expecting the warning to pop-up saying that you will lose changes made in the form when leaving the page without saving first.

Steps to reproduce

To Reproduce Steps to reproduce the behavior:

Using existing code (option 1)

https://github.com/christoferd/filament-bug-demo-2025

1. clone, install, setup .env, migrate, seed
2. go to Customers resource,
3. Edit a Customer
4. then follow steps below from step 3.

DIY (option 2)

1. add ->unsavedChangesAlerts() to the Panel
2. go to a Form/Resource Edit that contains a Repeater component
3. make sure there are at least 2 records in the Repeater component
4. save the form, refresh the page
5. change the order of the Repeated records, do not save
6. click on a navigation link that will take you away from the page (expecting the warning to pop-up)
7. Notice the issue, that the warning did not popup and the next page loaded, losing the changes made in the edit form.

Reproduction repository (issue will be closed if this is not valid)

https://github.com/christoferd/filament-bug-demo-2025

Relevant log output

**Logs**
I didn't see anything in the Browser Console Log, and there are no Laravel error logs.
If there are logs to produce then let me know.

Laravel Version

12.41.1

PHP Version

8.5.0

Database Driver & Version

PostgreSQL 18.1 (pdo_pgsql, libpq 18.1) on ARM64 Docker

Description

Laravel crashes with SIGSEGV (exit code 139) when using SESSION_DRIVER=database with PostgreSQL on PHP 8.5. The crash occurs during session regeneration after Auth::attempt() or Auth::login().

Important: A standalone custom PDO session handler does NOT crash. The issue is specific to Illuminate\Session\DatabaseSessionHandler.

Server Logs

laravel.test-1 | WARN exited: php (exit status 139; not expected) laravel.test-1 | INFO reaped unknown pid 228 (terminated by SIGSEGV)

What Works

• SESSION_DRIVER=redis with PostgreSQL
• SESSION_DRIVER=file with PostgreSQL
• Custom PDO session handler (standalone)
• All regular PDO PostgreSQL queries

What Doesn't Work

• Illuminate\Session\DatabaseSessionHandler with PostgreSQL on PHP 8.5

Possible Cause

In DatabaseSessionHandler::getDefaultPayload(), the handler resolves Guard::class to get user_id. During session regeneration after auth, this may create a problematic interaction that triggers segfault in PHP 8.5's pdo_pgsql.

Environment

• Ubuntu 24.04.3 LTS (Docker)
• Architecture: ARM64 (Apple Silicon)
• Laravel Sail

Steps To Reproduce

1. Fresh Laravel 12 + PostgreSQL setup
2. Configure .env: DB_CONNECTION=pgsql SESSION_DRIVER=database
3. Run php artisan session:table && php artisan migrate
4. Create a user
5. Implement login:

if (Auth::attempt($credentials)) {
    session()->regenerate();  // SIGSEGV here
    return redirect('/dashboard');
}
6. Submit login form → PHP crashes with exit code 139

Workaround: Use SESSION_DRIVER=redis

Is LDAP support planned? I saw there was a lot of interest in this with version 2. Would be nice to have this onboard for v3. There is a package available https://github.com/DirectoryTree/LdapRecord-Laravel https://chrispian.com/laravel-filament-tutorial-customize-login-to-use-ldap

Laravel Version

12.*

PHP Version

8.*

Database Driver & Version

No matter

Description

As we all know, whereBetween method may accept CarbonPeriod as $values argument. Lets look inside:

    public function whereBetween($column, iterable $values, $boolean = 'and', $not = false)
    {
        $type = 'between';

        if ($values instanceof CarbonPeriod) {
            $values = [$values->getStartDate(), $values->getEndDate()];
        }

        $this->wheres[] = compact('type', 'column', 'values', 'boolean', 'not');

        $this->addBinding(array_slice($this->cleanBindings(Arr::flatten($values)), 0, 2), 'where');

        return $this;
    }

But CarbonPeriod may not have end date! We can construct DatePeriod two ways: passing end-date or passing number of intervals:

$period1 = new \DatePeriod(now(), new \DateInterval('P2M'), now()->addMonths(2));
$period2 = new \DatePeriod(now(), new \DateInterval('P2M'), 2);

$period1 has end-date, but $period2 hasn't.

So I think that in such case method should calculate end-date itself.

Next problem is how between works. Mysql documentation says that between is equivalent to the expression (min <= expr AND expr <= max). Now look at DatePeriod documentation. The fourth argument is an $options, it may accept DatePeriod::EXCLUDE_START_DATE and DatePeriod::INCLUDE_END_DATE.

If DatePeriod excludes start-date, the query should be (min < expr AND expr <= max). If DatePeriod excludes end-date, the query should be (min <= expr AND expr < max). If DatePeriod excludes both dates, the query should be (min < expr AND expr < max).

So at the moment Eloquent is not absolutely correct.

And the last but not the least: why this method accepts CarbonPeriod and not accepts base DatePeriod?

I think, that whereBetween

• should accept DatePeriod
• should evaluate end-date when required
• should respect EXCLUDE_START_DATE and INCLUDE_END_DATE options

Steps To Reproduce

No steps required

Hello, When using php-flasher-toastr with Laravel 11, I encounter a TypeError: array_replace_recursive(): Argument #2 must be of type array, int given error in Illuminate\Translation\FileLoader at line 130. My environment:

• PHP: 8.3.7
• Laravel: 11.4.2
• php-flasher/flasher-toastr-laravel: 2.1
• php-flasher/flasher-laravel: 2.1 The error disappears when I uninstall php-flasher/flasher-toastr-laravel and php-flasher/flasher-laravel. Alternatively, ensuring that the value passed to with() is always a string (e.g., with('success', 'Message')) prevents the error.

Describe the bug

When you attempt to dump a binary string or anything containing one (like an array or an object), Ray does not dump anything. It just fails silently.

Versions

Ray version (you can see this in "About Ray"): 2.8.1

You can use composer show to get the version numbers of:

• spatie/ray package version: 1.41.2
• spatie/laravel-ray package version (if applicable): 1.37.1

PHP version: 8.2.17 Laravel version (if applicable): 11.18.1

To Reproduce

Add this in your code:

ray(hex2bin('ae0f3d'));

Expected behavior

Ray should display this (like the console when dump is used):

b"®\x0F="

Desktop (please complete the following information):

• OS: MacOs
• Version: 14.6.1

Package

filament/filament

Package Version

3.3.28

Laravel Version

12.19.3

Livewire Version

3.6.3

PHP Version

8.4.8

Problem description

For a Filament Panel Page that includes a child Livewire component, a Filament Notification fired by that child component is rendered twice by Filament's notifications.blade.php if a Livewire event is fired at the same time. If an event is not fired, the notification renders only once.

Expected behavior

The Filament Notification blade should be rendered only once for any call to the Notification object.

Steps to reproduce

Given the provided repo.

composer install
php artisan migrate
php artisan make:filament-user

In vendor/filament/notifications/resources/views/notifications.blade.php log out the $notifications variable:

@php
    use Filament\Support\Enums\Alignment;
    use Filament\Support\Enums\VerticalAlignment;

    \Log::info($notifications);
@endphp

Navigate to /admin/foobar .

Click "With Event" button. Refresh.

Click "Without Event" button. Refresh.

Checking laravel.log, the "With Event" log is proceeded by two renders of a notification with the same ID. The "Notification without Event" is proceeded by just one.

(See log output below)

Reproduction repository (issue will be closed if this is not valid)

https://github.com/jasonlund/filament-notification

Relevant log output

[2025-06-23 16:36:13] local.INFO: []  
[2025-06-23 16:36:42] local.INFO: []  
[2025-06-23 16:36:43] local.INFO: Notification with Event  
[2025-06-23 16:36:43] local.INFO: {"9f3994ea-cbdd-429b-9202-1c2aa6582117":{"id":"9f3994ea-cbdd-429b-9202-1c2aa6582117","actions":[],"body":null,"color":null,"duration":6000,"icon":"heroicon-o-check-circle","iconColor":"success","status":"success","title":"With Event","view":"filament-notifications::notification","viewData":[]}}  
[2025-06-23 16:36:43] local.INFO: {"9f3994ea-cbdd-429b-9202-1c2aa6582117":{"id":"9f3994ea-cbdd-429b-9202-1c2aa6582117","actions":[],"body":null,"color":null,"duration":6000,"icon":"heroicon-o-check-circle","iconColor":"success","status":"success","title":"With Event","view":"filament-notifications::notification","viewData":[]}}  
[2025-06-23 16:36:44] local.INFO: []  
[2025-06-23 16:36:46] local.INFO: Notification without Event  
[2025-06-23 16:36:46] local.INFO: {"9f3994ee-65f6-434d-95b4-e1c266b15e85":{"id":"9f3994ee-65f6-434d-95b4-e1c266b15e85","actions":[],"body":null,"color":null,"duration":6000,"icon":"heroicon-o-check-circle","iconColor":"success","status":"success","title":"Without Event","view":"filament-notifications::notification","viewData":[]}}  
[2025-06-23 16:36:52] local.INFO: []

Package

filament/tables

Package Version

v3.3.45

Laravel Version

v12.42.0

Livewire Version

v3.7.1

PHP Version

8.3.22

Problem description

when i delete a record from a filament table i get this error in the screenshot below

i noticed the error first on an old filament 3 project and i created a fresh laravel project with a fresh filament 3 installation to confirm the problem and it happend also in the fresh project

Expected behavior

i expect the record to be deleted with no console errors

Steps to reproduce

1. Clone the repo
2. Migrate the database
3. Create a filament user
4. Run the seeders
5. Login to the dashboard
6. Go to the posts resource and open the browser console
7. Delete a post from the filament table and you will see the browser console errors

Reproduction repository (issue will be closed if this is not valid)

https://github.com/tabatii/filament-bug

Relevant log output

While working on the new version of https://github.com/symfony/stimulus-bridge, I noticed some dead code from https://github.com/symfony/webpack-encore/pull/1062:

Hello,

I noticed that there is an incompatibility with the mbstring polyfill and PHP 8.1 / Alpine Linux, which breaks a lot of my projects as soon as the php81-mbstring is not installed, but php81-iconv is installed:

Example:

Warning: iconv(): Wrong encoding, conversion from "ASCII" to "UTF-8//IGNORE" is not allowed in phar:///var/www/localhost/htdocs/phpstan.phar/vendor/symfony/polyfill-mbstring/Mbstring.php on line 736

It looks like //IGNORE is not accepted since echo iconv('UTF-8', 'UTF-8', 'test'); works, while echo iconv('UTF-8', 'UTF-8//IGNORE', 'test'); doesn't

Package

filament/filament

Package Version

3.0.60

Laravel Version

10.2.6

Livewire Version

No response

PHP Version

8.2

Problem description

The tooltips for the dark / light mode switcher stay on screen on mobile.

Expected behavior

They shouldn’t stay on screen after the switcher has closed.

Steps to reproduce

Visit https://demo.filamentphp.com/ on a mobile device. I’m using an iPhone X.

Reproduction repository

https://github.com/filamentphp/demo

Relevant log output

No response

Laravel Version

12.43

PHP Version

8.3

Database Driver & Version

No response

Description

When using Redis-native rate limiting (via ThrottleRequestsWithRedis), the throttle middleware generates Redis keys without a stable namespace.

The key generation logic lives in ThrottleRequests::handle() and produces keys based on the request signature (hashed identifier), which results in raw, unhaspaced Redis keys (e.g. SHA-1 hashes).

While this works in unrestricted Redis environments, it breaks in Redis installations where ACLs are enforced using key patterns (common in managed Redis / Valkey services).

In such environments, Redis-native throttling fails with:

NOPERM No permissions to access a key

even when all required Redis commands (including EVAL) are explicitly allowed.

This behavior is inconsistent with other Redis-backed features in Laravel (cache, queue, session), which always use namespaced keys (laravel:, queues:*).

Additional context

The throttle middleware already supports a $prefix argument, which is concatenated to the generated key in ThrottleRequests::handle().

However, this prefix is designed for logical separation of rate limiters at the route level (e.g. distinguishing different limits on the same endpoint), not as a stable infrastructure-level namespace.

Because the prefix is optional, route-specific, and user-provided, it cannot be reliably used to ensure compatibility with Redis ACLs based on key patterns.

For comparison, using the cache-based throttle middleware (ThrottleRequests) with Redis configured as the cache driver works correctly in the same ACL-restricted Redis environments, as cache keys are properly namespaced via the cache prefix.

Possible improvement

Providing a stable, overrideable namespace for Redis-based rate limiter keys would make the middleware compatible with Redis ACLs while preserving backward compatibility.

For example, this could be achieved by introducing a protected method that returns an optional infrastructure-level key prefix (defaulting to an empty string), which would be prepended to the generated throttle key.

This approach would preserve existing behavior by default, while allowing applications running in ACL-restricted Redis environments to safely namespace rate limiter keys.

Steps To Reproduce

1. Create a new Laravel application.

2. Configure Redis as the backend for rate limiting and enable Redis-native throttling (i.e. use ThrottleRequestsWithRedis).

3. Configure Redis/Valkey with ACLs that restrict access by key pattern, for example:

   • Allow all commands required by Redis-based throttling (including EVAL).
   • Allow access only to keys matching a specific prefix (e.g. throttle:* or laravel:*).

4. Apply the throttle middleware to a route:

   Route::middleware('throttle:5,1')->get('/test', fn () => 'ok');
   

5. Send a request to the route.

6. Observe that Redis immediately returns the following error: NOPERM No permissions to access a key

7. Inspect the Redis key used by the throttle middleware: it is a raw hash without a namespace and therefore does not match the allowed ACL key patterns.

Discussed in https://github.com/spatie/schema-org/discussions/202

Originally posted by indyjonesnl January 10, 2024

$lodgingBusiness = Schema::lodgingBusiness()
  ->openingHours(
    Schema::openingHoursSpecification()
      ->dayOfWeek([Schema::dayOfWeek()::Monday])
      ->opens(new DateTime('09:00:00'))
      ->closes(new DateTime('17:00:00'))
  )
  ->checkinTime(new DateTime('14:00:00'))
  ->checkoutTime(new DateTime('11:00:00'))

This results in the current date + time being included in the output "opens":"2024-01-10T09:00:00+00:00","closes":"2024-01-10T17:00:00+00:00" and ..."checkinTime":"2024-01-10T14:00:00+00:00","checkoutTime":"2024-01-10T11:00:00+00:00"...

While the Schema should contain only the time, formatted as 14:30:00+08:00.

Can someone point me in the right direction?

Package

filament/forms

Package Version

3.2.80

Laravel Version

11.7.0

Livewire Version

3.4.12

PHP Version

8.2.18

Problem description

The behavior of clicking on submit vs pressing the registered keyBinding() is different. Clicking will clear the form. (correct) Pressing the shortcut key does not. (incorrect)

Expected behavior

Pressing the shortcut key should also clear the form.

Steps to reproduce

1. Type something into the markdown editor at /admin/issue
2. Press ctrl + enter

Reproduction repository

https://github.com/bilogic/filament-issue/tree/click-different-from-keyBindings

Relevant log output

https://github.com/filamentphp/filament/assets/946010/fb144bf9-802f-4003-8dcd-ec4c2148e742

No response

Octane Version

2.8.1

Laravel Version

10.48.28

PHP Version

8.3.16

What server type are you using?

Swoole

Server Version

6.0.1

Database Driver & Version

No response

Description

I'm using Envoyer to deploy a Laravel Octane application, taking advantage of its zero-downtime deployment features.

However, Octane currently does not support zero-downtime deployment because it does not follow symlink directories. It always remains in the actual directory (instead of the symlinked one) where the Octane server was initially started. When the outdated release directory is deleted, Octane continues running in that location, causing errors on every request and resulting in 500 response codes on the live application.

Error thrown:

Warning: require(/var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/bootstrap.php): Failed to open stream: No such file or directory in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server on line 18
Fatal error: Uncaught Error: Failed opening required '/var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/bootstrap.php' (include_path='.:/usr/bin/[email protected]/8.3.16/share/[email protected]/pear') in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server:18
Stack trace:
#0 /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server(95): {closure}(Array)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 0)
#2 /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server(170): Swoole\Server->start()
#3 {main}
  thrown in /var/www/domain.com/releases/202502010200023/vendor/laravel/octane/bin/swoole-server on line 18
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 1)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 3)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 2)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 4)
#1 [internal function]: {closure}(Object(Swoole\Http\Server), 5)

Steps To Reproduce

Use any 0-downtime deployment or test it manually using the following instructions:

1. Use the Swoole driver as an example.
2. cd one directory up from the project's base path.
3. Create a current symlink directory for your project using the command: ln -nsf ./octane-project-test ./current
4. Start the Octane server: php ./current/artisan octane:start
5. Copy your project to another directory: cp -R ./octane-project-test ./octane-project-test-new
6. Activate the new release: ln -nsf ./octane-project-test-new ./current
7. Reload the Octane server: php ./current/artisan octane:reload
8. Remove the original project directory: rm -rf ./octane-project-test

When encountering nested tokens, they are parsed only during formatting, not when compiling the pattern. And the type of tokens are validated only during the rendering as well. But the native implementation detects such error during the instantiation: https://3v4l.org/Sf69D This means that the error handling required for the polyfill is not the same than for the native implementation.

The friendly-errors-webpack-plugin has a built-in transformer/formatter for when a module is missing. To see the behavior, try (in any JavaScript file):

require('foo'); // foo is not a module that is installed

The error is:

This dependency was not found:

• foo in ./app/Resources/assets/js/app.js To install it, you can run: npm install --save foo

The problem is the npm install part... which should be yarn add to avoid confusion with our users. There is an issue about this: https://github.com/geowarin/friendly-errors-webpack-plugin/issues/33

Package

filament/filament

Package Version

^3.0-stable

Laravel Version

^10.10

Livewire Version

^3.0

PHP Version

8.2.6

Problem description

Hi,

First and foremost, I just wanted to say what an impressive package this is! As a blind person, this is the easiest way I've found so far to develop UIs without having to worry too much about what it looks like.

I have come across a couple of accessibility issues however. One has to do with form labels and the other involves modals.

When using a screen reader to interact with a Filament form, the screen reader sometimes fails to pick up the label. This is incredibly strange as usually an element is either accessible or it isn't, but here, every time you refresh the exact same form, it appears completely random whether a given form label will be readable or not. Though this might be due at least in part to a bug in either Chromium and/or Microsoft's accessibility stack, the issue appears to stem from the fact that the text of a label is not a direct child of the element itself.

This can be solved either by adding aria-label="{{$label}}" to the element directly, or by rendering the "hidden" label unconditionally. In either case, you would then want to mark the visual label aria-hidden="true" to avoid any conflicts.

The other issue has to do with modals. When a modal is opened, the rest of the page contents should be marked using the aria-hidden attribute. It should also have either role="dialog" or role="alertdialog" which cause screen readers to issue a special notification that a dialog has opened. Otherwise, the user can interact with page contents that are supposed to be hidden by the modal. We also don't realize that a modal has opened up unless we manually scroll to the bottom of the page. Please note: I am providing the live demo as a repository link as all of this is demonstrable using the demo.

Thank you for your attention to this.

Kind regards,

Jordan.

Expected behavior

Screen readers should always be able to identify form labels. Screen readers should not be able to see content that's supposed to be hidden by modal dialogs, and should notify users when a dialog has appeared.

Steps to reproduce

1. Navigate to the live demo and log in.
2. Navigate to a create or edit form (such as blog posts).
3. Load up a screen reader (such as Jaws or NVDA on Windows).
4. Read the page using your arrow keys (if you get trapped in an input field, press escape to get out).
5. Refresh the page several times and repeat attempting to read it with your arrow keys.
6. Observe that some form labels are missed by the reader seemingly at random.
7. Navigate to a confirmation modal (such as for deletion of a record) (you can perform this step using mouse navigation).
8. Attempt to read the page with your arrow keys and screen reader.
9. Observe that you are interacting with content that is supposed to be obstructed by the modal. Also note that you were given no indication that the modal appeared.

Reproduction repository

https://github.com/filamentphp/demo

Relevant log output

No response

Provide updates to new functionalities in the v2 of the package.

Sulu CMS separates its assets into assets/admin and assets/website, this means when installing Encore within a Sulu CMS install you will have to change a bunch of paths: https://docs.sulu.io/en/latest/cookbook/webpack-encore.html

This isn't my main issue, I think this is acceptable for an initial setup. But I do think we can improve what happens when you composer require a symfony bundle that provides stimulus controllers.

In the Sulu + Encore setup, the controllers.json file lives in assets/website/controllers.json. But since this path is hardcoded here:

https://github.com/symfony/flex/blob/441f671b86a1b651e969dbc380bfee05e004780f/src/PackageJsonSynchronizer.php#L166-L170

The controllers.json is not updated automatically and there's no output telling you to manually do this either. So you're left a little lost in what is still missing. Also, figuring out what to manually add in controllers.json is quite tricky since most existing UX bundles don't document this manual setup.

Before I start hacking away at a PR, any suggestions how we can solve this properly? Or do we accept that this is not configurable and those who use custom paths just have to deal with it?

Thank you in advance.

Hello,

Is it possible to close a flash message by clicking on it and not just on clicking on the cross? If so, how to achieve it?

Regards, Fred

Hi Developer,

I appreciate your work on this project—it's really well-built and helpful for developers like me. I recently implemented it and found it working great.

However, I noticed that the .fl-wrappe class currently has z-index: 10, which causes it to appear under the header when using a fixed or sticky header. I suggest updating it to z-index: 99999 to ensure proper visibility.

Thanks for your efforts and for sharing this project!

Best regards, Md. Jahangir Alam Rohan.

Package

filament/filament

Package Version

v3.3.4

Laravel Version

v11.44.2

Livewire Version

v3.6.2

PHP Version

PHP 8.3.17

Problem description

Since release 3.2.134 the datepicker in TextInputColumn stopped working when used as TextInputColumn::make('load_date')->type('date'). The datepicker doesn't open.

It is caused by https://github.com/filamentphp/filament/pull/15340, specifically this change, when reverted, the column works fine.

Expected behavior

When user clicks on the calendar icon, a datepicker should open.

Steps to reproduce

1. add TextInputColumn::make('date')->type('date') to your Filament table
2. composer require filament/filament:3.2.133 -W
3. the datepicker opens and inline editing works
4. composer require filament/filament:3.2.134 -W
5. the datepicker doesn't open

Reproduction repository (issue will be closed if this is not valid)

https://github.com/jvitasek/app-filament-issue-3.x

Relevant log output

Hello,

if you plan an scheduled maintenance with an START and END date it will never appear on the dashboard. Only if you create them with an START date only it will appear. I think this is a bit confusing, because if i plan an schedule an weekly update, i want to declare an timeslot and dont want to enter again the cachet-scheduled-maintenance to enter an date at the end of my maintenance.

Can this function be controlled or changed?

Thanks

This will probably be a component to search and select an image from unsplash.

Description: I am using Flasher 2.0.1 in my Laravel 11 project and would like to know how to properly use the Flasher library in JavaScript. Additionally, I want to ensure that the JavaScript configuration is consistent with the settings defined in the flasher.php configuration file.

Details: Flasher Version: 2.0.1 Laravel Version: 11 Problem: Need guidance on using the Flasher library with JavaScript in a way that mirrors the configuration set in flasher.php.

This polyfill should be implemented in 2 places:

• in symfony/polyfill-intl-grapheme
• in symfony/polyfill-php85, only when the intl extension is loaded (to cover the case of using intl on older PHP versions that won't have this function)

Calling for help from Docker experts. We need to create the best possible docker-compose.yml file for this project. The application requirements are well defined (we use env vars, Webpack Encore, PHP 7.1, Symfony 4.1, SQLite database, etc.) so it should be possible to create that file.

using prompt engineering techniques provide enhancement to the Gemini service class in the Gemini prompt class, creating functions commonly used in Laravel applications.

Hi! If I use this package with my project I has a problem. My package.json has a "git dependency" like this:

{
  "peerDependencies": {
    "package": "git+ssh://[email protected]/team/project.git"
  }
}

And npm-install-peers breaks.

NotOrm Package

The goal is to make abstract code based on the package notorm to build a new orm system

Hi 👋🏼!

I am coming here to gather some feedback on my idea before starting working on it.

Background

I wanted to create a POC of https://github.com/symfony/skeleton made for Sylius. I created a simple recipe for sylius/core-bundle, then an example skeleton repo and I have found out my recipes does not work as another recipe already write files with the same name. Then, I noticed symfony/framework-bundle is always put as the first recipe to be executed, and this is a thing I wish to be able to configure.

Goal

Somehow allow myself to make (in this POC case) sylius/core-bundle as a first recipe to be executed. Of course, I can fork symfony/flex, but it would be perfect to avoid this way.

Idea

The idea is simple, we allow configuring such list for example in this way:

{
    ...
    "extra": {
        "flex": {
            "prioritized-recipes": [
                "sylius/core-bundle",
                "another/sylius-package",
                ...
            ]
        }
    }
    ...
}

In Flex we could implement this +/- this way:

        // symfony/framework-bundle recipe should always be applied first after the metapackages
        // however, we allow to override it with a list of prioritized recipes
        $recipes = $this->getPrioritizedRecipes();
        $recipes = array_merge($recipes, [
            'symfony/framework-bundle' => null,
        ]);
        $packRecipes = [];
        $metaRecipes = [];

instead current

        // symfony/framework-bundle recipe should always be applied first after the metapackages
        $recipes = [
            'symfony/framework-bundle' => null,
        ];
        $packRecipes = [];
        $metaRecipes = [];

Why?

• In some projects, we may want to load our recipes before the Symfony's ones
• In frameworks based on Symfony (like Sylius) we need to set up the whole project in our own way, so framework-bundle as a first recipe to be executed makes it unable for us

Other options

I have not checked it yet, but I believe we can achieve the similar feature using Composer's Event Dispatcher. But first, I would like to hear if such a feature is welcomed. Or maybe you have a better idea how to solve this. I am open to provide such feature right after we agree on some solution.

When attempting to filter tests by test or file name pressing the "Enter" key has no effect.

Pressing "Enter" at the default screen correctly triggers a "test run" where all tests are run.

using prompt engineering techniques provide enhancement to the Claude service class in the Claude prompt class, creating functions commonly used in Laravel applications. For example, brand builder, seo product optimizer, video and or image captioner, automated chatbots #goodfirstissue

Octane Version

2.6.1

Laravel Version

11.41.3

PHP Version

8.3

What server type are you using?

Roadrunner

Server Version

2024.3.2

Database Driver & Version

No response

Description

ok this is in the borderline to be a bug but i write it anyway.

i am deploying using deployer , i suppose will happen for any Zero Downtime Deployments.

/releases/99/
/releases/100/
/releases/101/ 

and then a symbolic link from the latest release to /current , all pretty standard.

the problem come when running artisan octane:start vendor/laravel/octane/src/Commands/StartRoadRunnerCommand.php

will set roadrunner server with '-o', 'server.command='.(new PhpExecutableFinder)->find().','.base_path(config('octane.roadrunner.command', 'vendor/bin/roadrunner-worker')),

where base_path(...) will resolve to /releases/101/ not to /current

so in next deployment e.g. (/releases/102/) , when we run artisan octane:reload it will still use old /releases/101/ source code (i checked and yes if i go back to /releases/101/ and make a change it will be present after artisan octane:reload).

the solution is very simple, in config/octane.php you just need to add:

    'roadrunner'=>[
        'command' => env('OCTANE_ROADRUNNER_WORKER_PATH', base_path('vendor/bin/roadrunner-worker')),
    ]

OCTANE_ROADRUNNER_WORKER_PATH=../../current

would be nice is this added to config/octane.php , and maybe don't use base_path

or even better a option to provide the path in octane:start

Steps To Reproduce

deploy a octane laravel app using deployer , octane:reload will not work as expected

Laravel Version

12

PHP Version

8

Database Driver & Version

No response

Description

not sure which update caused this (as it used to be fine), but vscode complains unless i explicitly tell it what type $response is.

for example, this causes a type error:

use Illuminate\Support\Facades\Http;

$response = Http::asForm()
    ->post('https://login.procore.com/oauth/token', [
        'client_id' => config('services.procore.client_id'),
        'client_secret' => config('services.procore.client_secret'),
        'grant_type' => 'client_credentials',
    ]);

and if i try and call $response->json() it tells me the method is undefined.

but if i tell it what type it actually is, it works fine:

use Illuminate\Support\Facades\Http;

/** @var \Illuminate\Http\Client\Response $response */
$response = Http::asForm()
    ->post('https://login.procore.com/oauth/token', [
        'client_id' => config('services.procore.client_id'),
        'client_secret' => config('services.procore.client_secret'),
        'grant_type' => 'client_credentials',
    ]);

im using intelephense and the laravel extension in vscode. like i said it used to be fine.

Steps To Reproduce

see description

There's no Expectation to expect a class to use HasRequestPagination rather than HasPagination.

What happened?

I just installed package and complement for AI powered solution. When I create an issue to test it I get :

I had to change the links function like this to make it work for me:

public function links(): array
{
    $rawText = Str::finish($this->rawText, 'ENDLINKS');

    $textLinks = $this->between('LINKS', 'ENDLINKS', $rawText);

    $textLinks = explode(PHP_EOL, $textLinks);

    $links = [];

    foreach ($textLinks as $textLink) {
        $textLink = str_replace('\\', '\\\\', $textLink);
        $textLink = str_replace('\\\\\\', '\\\\', $textLink);

        $decodedLink = json_decode($textLink, true);

        if ($decodedLink !== null) {
            $links[$decodedLink['title']] = $decodedLink['url'];
        }
    }

    return $links;
}

How to reproduce the bug

When I install the package in my project and use it with AI powered

Package Version

1.0

PHP Version

8.2.14

Laravel Version

11.14

Which operating systems does with happen with?

Windows

Notes

No response

Octane Version

2.13.1

Laravel Version

12.38.1

PHP Version

8.4.14

What server type are you using?

Swoole

Server Version

nginx

Database Driver & Version

No response

Description

When registering a singleton via AppServiceProvider, the constructor is triggered only once per worker, as expected. However, when using the attribute-based singleton registration (https://laravel.com/docs/12.x/container#singleton-attribute ), the constructor appears to be triggered once per request scope, behaving more like a scoped service. This may be due to the sandbox being registered earlier.

Steps To Reproduce

Check running this part

namespace App\TestService;

use Illuminate\Container\Attributes\Singleton;

#[Singleton]
class TestService
{
    public function __construct()
    {
        echo("__construct TestService");
        echo(spl_object_id($this));
    }
}

in some controler use

app(\App\TestService\TestService::class);
app(\App\TestService\TestService::class);
app(\App\TestService\TestService::class);

Octane Version

2.11.0

Laravel Version

12.20.0

PHP Version

8.3.23

What server type are you using?

FrankenPHP

Server Version

1.8.0

Database Driver & Version

No response

Description

I have an octane app running inside a docker container and use a bind mount for the application code. When editing files, fs events are not sent across the bind mount to the container, so the watcher does not detect them. I have the same issue reported in #487. There is also an open issue on the frankenphp repository https://github.com/php/frankenphp/issues/1616.

A potential solution would be to add an option to octane:frankenphp, like --chokidar to use chokidar instead of frankenphp's watcher.

Steps To Reproduce

Same as #487, but using frankenphp.

What about allowing displaying post-install messages again, eg when running this?

composer recipes the/package

Package

filament/filament

Package Version

v3.2.86

Laravel Version

v11.10.0

Livewire Version

v3.5.0

PHP Version

PHP 8.3.11

Problem description

Hi,

I've got a Filament resource, and in the create page I have a form with some reactive text fields that perform calculations, and update values on the form. For a little while I was getting odd behaviour like characters being removed, and other 'glitches' as I typed, esp. typing quickly, or deleting characters quickly. I managed to get this under control by using a debounce value of circa 1000ms. This makes sense to me, given the possible clashing of state updates coming from the server if the debounce is too low.

However I've now noticed if I change a reactive text field with the debounce set to 1000ms, and then hit the 'create' or 'save changes' buttons very quickly - as in during that debounce period, I end up not saving the latest data / state. It's fine if I wait over the 1000ms and save but obviously a user will expect to just hit save and all be well.

Is there a way to either force the state on the server to get the latest user entered data and perform any recalculations (things in afterStateUpdated for e.g.) before saving to DB? Or even temp disable the 'create' / 'save changes' buttons on forms until the latest server state is calculated and in the form thus ensuring I always capture the most up-to-date state?

Many thanks!

Lots of love for Filament by the way ❤️

Expected behavior

Always re-calculate the latest state the user can see or disable saving until the state is recalculated.

Steps to reproduce

Here's a little resource form example showing the issue (from the example repo here). The debounce is increased to 10 seconds to more easily show the problem. If you change the text in field 'test' and press save in a FilamentPHP resource before 10 seconds elapse, you will notice no values are saved. If you try again and wait 10 seconds this time, both 'test' and 'test2' fields are saved as expected with 'test2' being a simple copy of 'test' produced from the code in afterStateUpdated.

    public static function form(Form $form): Form
    {
        return $form
            ->schema([
                Forms\Components\TextInput::make('test')
                    ->afterStateUpdated(fn(Set $set, $state) => $set('test2',$state))
                    ->live(debounce: 10000),
                Forms\Components\TextInput::make('test2'),
            ]);
    }

Reproduction repository (issue will be closed if this is not valid)

https://github.com/appymedia/filament-issue

Relevant log output

Not PHPUnit 11 because we still need to support for PHP 8.1

e.g. at the moment we have stuff like:

1. Symfony\Flex\Tests\Configurator\CopyFromPackageConfiguratorTest::testConfigureAndOverwriteFiles The at() matcher has been deprecated. It will be removed in PHPUnit 10. Please refactor your test to not rely on the order in which methods are invoked.

Help wanted 🙏

If a pack lists things in its "replace" section, unpacking this pack should copy these rules into the "replace" section of the root composer.json.

I think that implementing this requires patching the Unpacker class only.

Anyone up to give it a try?

Package

filament/filament

Package Version

4-beta6

Laravel Version

12

Livewire Version

3

PHP Version

8.4

Problem description

Not sure if I'm doing something wrong, but I can't get charts in nested non-active tabs to render properly on page load, or update properly. The video shows the problem using the reproduction repo.

I'm using this to render the chart in 3 places:

Livewire::make(StatChartWidget::class, fn ($record) => [
        'record' => $record,
    ])
    ->key(Str::random(10))

In the video, the following happens:

1. Page load

• Chart in the body loads ✅
• Chart in the visible tab loads ✅
• Chart in the non-visible nested "Data" tab is empty ❌

2. "Refresh data" to update the model's data attribute while the 'Data' tab is not active

• Chart in the body refreshes ✅
• Chart in the visible tab refreshes ✅
• Chart in the non-visible nested "Data" tab is not refreshed ❌

2. "Refresh data" to update the model's data attribute while the 'Data' tab is active

• Chart in the body refreshes ✅
• Chart in the visible tab refreshes ✅
• Chart in the non-visible nested "Data" tab refreshes ✅

I'm using #[Reactive] but I also tried refreshing via an event, and tried ->lazy(). Neither helped.

https://github.com/user-attachments/assets/6cb1cb43-8c9b-4f3e-ab62-face3931473a

Expected behavior

Charts / Livewire components in a page should render and update correctly regardless of what tab they're in.

Steps to reproduce

1. Clone repo
2. Run migrate:fresh --seed to seed statistics table
3. Go to Statistics resource
4. See video and steps outlined in description to reproduce

Reproduction repository (issue will be closed if this is not valid)

https://github.com/binaryfire/filament-bug-reproduction

Relevant log output

I would love to see support for oAuth in Catchet. I know there are some other (closed) issues requesting the same functionality, but I think this would be a great addition for Catchet.

These messages aren't displayed: https://github.com/symfony/flex/blob/1.x/src/Configurator/DockerComposeConfigurator.php#L51

Hi,

With the polyfill, var_dump(mb_strlen(chr(254))) return 0. With the php8.0-mbstring extension, var_dump(mb_strlen(chr(254))) return 1;

versions : * v1.26.0

Thanks, Alex

When you install a UX package, if you have AssetMapper installed, we importmap:require the packages you need. We should also importmap:remove those when the package is uninstalled.

https://github.com/symfony/recipes/issues/1089#issuecomment-1885459144

Octane Version

v2.3.10

Laravel Version

v11.6.0

PHP Version

v8.3.6

What server type are you using?

FrankenPHP

Server Version

v1.1.4 PHP 8.3.6 Caddy v2.7.6

Database Driver & Version

Postgress

Description

Last week we updated our app previously using php-fpm running on Forge to use Laravel Octane with FrankenPHP. Our site is mostly an API that handles analytics events (Like google analytics). It uses the default Laravel api throttling.

In staging our app worked fine (30 req/sec same IP), but when deploying to production (1400 req/sec, different IPs) it started to fail, giving a lot of 429 Too Many Requests.

I quickly rolled back to php-fpm and after a few hours tried again with the same problem. Rolled back and the next day I switched to Swoole and it worked perfectly without changing a single line of code nor having to redeploy anything. So I can confidently say that is NOT a bug in my code, but rather a bug with FrankenPHP or the Octane integration with FrankenPHP.

My theory is that the RateLimiter is not reseting between requests so it's shared between different users. So multiple different users trigger the rate limiter:

This is my Rate limiter configuration:

// AppServiceProvider

RateLimiter::for('api', function (Request $request) {
    return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
});

our production CACHE_STORE is redis. Throttling worked perfectly fine without octane and with octane but using Swoole. It failed with hundred of 429 Too Many Requests after installing FrankenPHP.

This is our bootstrap/app.php:

<?php

use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
use Illuminate\Support\Facades\App;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        commands: __DIR__.'/../routes/console.php',
        health: '/up',
        then: function () {
            Route::middleware('api')
                ->prefix('api')
                ->as('api.')
                ->domain(config('app.domain'))
                ->group(base_path('routes/api.php'));

            Route::middleware('web')
                ->domain(config('app.domain'))
                ->group(base_path('routes/web.php'));

            Route::middleware('web')
                ->domain(config('playsaurus.ads.domain'))
                ->group(base_path('routes/ads.php'));
        }
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->throttleApi();

        $middleware->redirectTo(
            guests: '/login',
            users: '/',
        );

        $middleware->web(append: [
            \App\Http\Middleware\HandleInertiaRequests::class,
            \Illuminate\Http\Middleware\AddLinkHeadersForPreloadedAssets::class,
        ]);

        $middleware->api(append: [
            \App\Http\Middleware\ConfigureLocale::class,
        ]);

        $middleware->alias([
            'localize' => \App\Http\Middleware\ConfigureLocale::class,
            'embed' => \App\Http\Middleware\AllowsEmbeding::class,
        ]);
    })
    ->withExceptions(function (Exceptions $exceptions) {
        $exceptions->dontReport([
            \App\Services\Announcements\InvalidVariantKey::class,
            \App\Exceptions\CouponRedeemException::class,
        ]);
    })->create();

Steps To Reproduce

It's difficult to reproduce. Because I can't test it in production because that would mean a lot of downtime for our users.

My theory is that it would be possible to reproduce from multiple different IPs. But since I don't have the means to test it, I don't know.

Package

filament/filament

Package Version

3

Laravel Version

11

Livewire Version

V3

PHP Version

php 8

Problem description

When I upload multiple files, some of the files are missing.

Expected behavior

All the files should be present in the desired folder.

Steps to reproduce

Section::make('') ->relationship('result_files') ->schema([ FileUpload::make('attachments') ->columnSpan(12) ->multiple() ->maxSize(100000) ->disk('uploads') ->directory('result_files') ->acceptedFileTypes(["application/pdf"]) ->getUploadedFileNameForStorageUsing(function ($file): string { $fileName = str($file->getClientOriginalName()); $fileName_str = preg_replace('/[^a-zA-Z0-9.]/','',iconv('UTF-8', 'ASCII//TRANSLIT', $fileName)); return (string) str($fileName_str)->prepend(now() . '-'); }) ->downloadable() ->rules([ new MalwareFile] ) ->label(__('application.resource.result_documents')) ]),

FileUpload::make('attachments') ->columnSpan(12) ->multiple() ->maxSize(100000) ->disk('uploads') ->visibility('private') ->directory('application_files') ->getUploadedFileNameForStorageUsing(function ($file): string { $fileName = str($file->getClientOriginalName()); $fileName_str = preg_replace('/[^a-zA-Z0-9.]/','',iconv('UTF-8', 'ASCII//TRANSLIT', $fileName)); return (string) str($fileName_str)->prepend(now() . '-'); }) ->downloadable() ->rules([ new MalwareFile] ) ->label(__('application.resource.application_documents')),

livewire.php

'temporary_file_upload' => [ 'disk' => 'tmp', // Example: 'local', 's3' | Default: 'default' "rules" => "file|mimes:pdf,jpg,jpeg,png,doc,docx,svg,mp4,mp3 | max:100000", // 'rules' => 'max:100000', // Example: ['file', 'mimes:png,jpg'] | Default: ['required', 'file', 'max:12288'] (12MB) 'directory' => null, // Example: 'tmp' | Default: 'livewire-tmp' 'middleware' => null, // Example: 'throttle:5,1' | Default: 'throttle:60,1' 'preview_mimes' => [ // Supported file types for temporary pre-signed file URLs... 'png', 'gif', 'bmp', 'svg', 'wav', 'mp4', 'mov', 'avi', 'wmv', 'mp3', 'm4a', 'jpg', 'jpeg', 'mpga', 'webp', 'wma', 'pdf' ], 'max_upload_time' => 5, // Max duration (in minutes) before an upload is invalidated... ],

Reproduction repository (issue will be closed if this is not valid)

https://github.com/guma-005/Filament-issue.git

Relevant log output

No response

When calling mb_convert_encoding() with $fromEncoding === 'HTML-ENTITIES', the polyfill does not return functionally equivalent strings to the native function. This is because mb_convert_encoding() uses html_entity_decode() when $fromEncoding === 'HTML-ENTITIES' and that function does not return characters for many numeric entities 0-31 and 127-159. For example:

<?php

require "vendor/symfony/polyfill-mbstring/Mbstring.php";

use Symfony\Polyfill\Mbstring as p;

for($i = 0; $i < 1024; $i++) {
	$string = "&#" . $i . ";";
	$mbstring = mb_convert_encoding($string, 'UTF-8', 'HTML-ENTITIES');
	$polyfill = p\Mbstring::mb_convert_encoding($string, 'UTF-8', 'HTML-ENTITIES');
	if($mbstring != $polyfill) {
		echo "Mismatch: $string - mbstring: $mbstring; polyfill: $polyfill\n";
	}
}

outputs:

Mismatch: � - mbstring: ; polyfill: �
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring:; polyfill: 
Mismatch:  - mbstring:
                            ; polyfill: 
Mismatch:  - mbstring:
                            ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring:  polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch: ' - mbstring: '; polyfill: '
Mismatch:  - mbstring: ; polyfill: 
Mismatch: € - mbstring: €; polyfill: €
Mismatch:  - mbstring: ; polyfill: 
Mismatch: ‚ - mbstring: ‚; polyfill: ‚
Mismatch: ƒ - mbstring: ƒ; polyfill: ƒ
Mismatch: „ - mbstring: „; polyfill: „
Mismatch: … - mbstring: …; polyfill: …
Mismatch: † - mbstring: †; polyfill: †
Mismatch: ‡ - mbstring: ‡; polyfill: ‡
Mismatch: ˆ - mbstring: ˆ; polyfill: ˆ
Mismatch: ‰ - mbstring: ‰; polyfill: ‰
Mismatch: Š - mbstring: Š; polyfill: Š
Mismatch: ‹ - mbstring: ‹; polyfill: ‹
Mismatch: Œ - mbstring: Œ; polyfill: Œ
Mismatch:  - mbstring: ; polyfill: 
Mismatch: Ž - mbstring: Ž; polyfill: Ž
Mismatch:  - mbstring: ; polyfill: 
Mismatch:  - mbstring: ; polyfill: 
Mismatch: ‘ - mbstring: ‘; polyfill: ‘
Mismatch: ’ - mbstring: ’; polyfill: ’
Mismatch: “ - mbstring: “; polyfill: “
Mismatch: ” - mbstring: ”; polyfill: ”
Mismatch: • - mbstring: •; polyfill: •
Mismatch: – - mbstring: –; polyfill: –
Mismatch: — - mbstring: —; polyfill: —
Mismatch: ˜ - mbstring: ˜; polyfill: ˜
Mismatch: ™ - mbstring: ™; polyfill: ™
Mismatch: š - mbstring: š; polyfill: š
Mismatch: › - mbstring: ›; polyfill: ›
Mismatch: œ - mbstring: œ; polyfill: œ
Mismatch:  - mbstring: ; polyfill: 
Mismatch: ž - mbstring: ž; polyfill: ž
Mismatch: Ÿ - mbstring: Ÿ; polyfill: Ÿ

While many of these are control characters (and the native function does return them), the single quote (dec 39) is particularly problematic.

In raising this issue, I confirm the following (please check boxes):

• I have read and understood the contributors guide.
• I have checked the pull requests tab for existing solutions/implementations to my issue/suggestion.
• I have checked that the bug-fix I am reporting can be replicated.

Description of the problem

One of the important reasons for using hyperscript is that it handles escaping of characters which are reserved in html. Which prevents XSS.

spatie/html-element does not do this. Mainly because it uses strings as intermediate format instead of an object representation of the DOM.

Package

filament/tables

Package Version

v3.0.19

Laravel Version

v10.18.0

Livewire Version

v3.0.0-beta.7

PHP Version

PHP 8.2

Problem description

Just a follow up. PR #7636 introduced a slight difference between classic tables and grid tables hover/select appearance in dark mode.

Expected behavior

Both "tables" should look the same.

Steps to reproduce

• Install Filament v3.0.18
• Create a table with and without Grid Layout (e.g. Stack/Split columns)
• Upgrade to Filament v3.0.19 (which includes the mentioned PR).

Reproduction repository

https://github.com/ajnsn/filament-demo-borders

Relevant log output

No response

AST, or "abstract syntax tree", creates the expectation of a nested tree structure. In the case of a query string, the AST will only ever be one level deep; as multi nodes are combined into one.

If anyone wants to suggest a better, more clear name: you're welcome.

Dashboard showing Operational

Front end showing no issues, but the status seems to still be linked to the incident even if it's closed as fixed

Package

filament/filament

Package Version

v3.2.93

Laravel Version

v10.48.16

Livewire Version

v3.5.2

PHP Version

v8.2.12

Problem description

When a column in the database is of type geometry, the Filament panel feature breaks (it's not possible to visualize the record).

When I fill the column with NULL value, it works fine, but when I fill it with the POINT value containing Latitude and Longitude, it stops working.

Expected behavior

I expected to be able to visualize the record.

View record in table

Steps to reproduce

Create Model and Migration

php82 artisan make:model Coleta --migration

Migration

<?php

use Illuminate\Database\Migrations\Migration;
use Illuminate\Database\Schema\Blueprint;
use Illuminate\Support\Facades\Schema;

return new class extends Migration
{
    /**
     * Run the migrations.
     */
    public function up(): void
    {
        Schema::create('coletas', function (Blueprint $table) {
            $table->id();

            $table->string('name');

            $table->geometry('geo')->nullable();

            $table->timestamps();
        });
    }

    /**
     * Reverse the migrations.
     */
    public function down(): void
    {
        Schema::dropIfExists('coletas');
    }
};

Model

<?php

namespace App\Models;

use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;

class Coleta extends Model
{
    use HasFactory;

    protected $table = 'coletas';

    protected $fillable = [
        'id',
	'name',
        'geo'
    ];

}

Seeder

$coleta = new \App\Models\Coleta();
$coleta->name = 'Test';
$coleta->geo = \Illuminate\Support\Facades\DB::raw('POINT(46.646748, 24.562727)');
$coleta->save();

Create Resource

php artisan make:filament-resource Coleta --generate

Resource

<?php

namespace App\Filament\Resources;

use App\Filament\Resources\ColetaResource\Pages;
use App\Filament\Resources\ColetaResource\RelationManagers;
use App\Models\Coleta;
use Filament\Forms;
use Filament\Forms\Form;
use Filament\Resources\Resource;
use Filament\Tables;
use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\SoftDeletingScope;

class ColetaResource extends Resource
{
    protected static ?string $model = Coleta::class;

    protected static ?string $navigationIcon = 'heroicon-o-chevron-double-right';

    protected static ?string $navigationLabel = 'Coletas';

    protected static ?string $navigationGroup = 'Reciclagem';

    protected static ?string $modelLabel = 'Coleta';

    protected static ?string $pluralModelLabel = 'Coletas';

    public static function form(Form $form): Form
    {
        return $form
            ->schema([
                Forms\Components\TextInput::make('name')
                    ->label('Name')
                    ->required(),
            ])->columns(1);
    }

    public static function table(Table $table): Table
    {
        return $table
            ->columns([
                Tables\Columns\TextColumn::make('id')
                    ->label("#")
                    ->sortable(),
                Tables\Columns\TextColumn::make('name')
                    ->label('name'),
                Tables\Columns\TextColumn::make('created_at')
                    ->label("Criado em")
                    ->dateTime("d/m/Y H:i:s")
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: false),
                Tables\Columns\TextColumn::make('updated_at')
                    ->label("Atualizado em")
                    ->dateTime("d/m/Y H:i:s")
                    ->sortable()
                    ->toggleable(isToggledHiddenByDefault: true),
            ])
            ->filters([
                //
            ])
            ->actions([
                Tables\Actions\ActionGroup::make([
                    Tables\Actions\ViewAction::make(),
                    Tables\Actions\EditAction::make(),
                    //Tables\Actions\DeleteAction::make(),
                ]),
            ])
            ->bulkActions([
                /*Tables\Actions\BulkActionGroup::make([
                    Tables\Actions\DeleteBulkAction::make(),
                ]),*/]);
    }

    public static function getRelations(): array
    {
        return [
            //
        ];
    }

    public static function getPages(): array
    {
        return [
            'index' => Pages\ListColetas::route('/'),
            'create' => Pages\CreateColeta::route('/create'),
            'edit' => Pages\EditColeta::route('/{record}/edit'),
        ];
    }

}

Record in Table

Console Browser Error

Column geo in MySQL PhpMyAdmin

Column geo with value POINT (lat, lng) in MySQL PhpMyAdmin

Reproduction repository (issue will be closed if this is not valid)

https://github.com/matheusjohannaraujo/bug-template-laravel-filament/

Relevant log output

No error appears in laravel.log

What happened?

After installation, I noticed that in the browser console it outputs an error of wireEl is undefined.

How to reproduce the bug

Just install this package in a livewire project, preferable with Filament's admin package. And see the browser console.

composer create-project laravel/laravel test;
composer require filamentphp/filament;
composer require spatie/laravel-blade-comments;

Then go through the browser console and see the error

Package Version

1.0.1

PHP Version

8.2.0

Laravel Version

10.13.0

Which operating systems does with happen with?

macOS

Notes

Filament ......................................................
Packages ...... filament, forms, notifications, support, tables
Version .............................................. v2.17.44
Views ..................................... PUBLISHED: filament

Package

filament/filament

Package Version

v3.2.130

Laravel Version

v.11.35.0

Livewire Version

No response

PHP Version

PHP 8.3

Problem description

When you have an attribute named length in the database and you use the ->searchable(isIndividual: true) in the tables of filament you get a zero in the search field and the search field is not working. When deleting the zero to filter, the zero keeps coming back.

Expected behavior

That the zero is not there and that I am able to filter individual on an attribute named length.

Steps to reproduce

1. Create a table with a column that is named length with type integer or float
2. Create a standard resource of the model
3. Make the column length individual searchable

public static function table(Table $table): Table
    {
        return $table
            ->columns([
                Tables\Columns\TextColumn::make('id')
                    ->label('ID'),
                Tables\Columns\TextColumn::make('length')
                    ->suffix(' mm')
                    ->searchable(isIndividual: true)
                    ->sortable(),
                Tables\Columns\TextColumn::make('total_meters')
                    ->suffix(' m')
                    ->sortable(),
                Tables\Columns\TextColumn::make('supplier_reference')
                    ->label('Reference')
                    ->sortable(),
            ])
            ->filters([
                //
            ])
            ->actions([
                Tables\Actions\EditAction::make(),
            ])
            ->bulkActions([
                Tables\Actions\BulkActionGroup::make([
                    Tables\Actions\DeleteBulkAction::make(),
                ]),
            ]);
    }

Reproduction repository (issue will be closed if this is not valid)

https://github.com/Geoffry304/filament-length-attribute-issue

Relevant log output

No response

Add in PHP 7.3 as Normalizer::normalize() argument for NFKC_Casefold normalization.