Merge tag '1.10.50' into develop

Release v1.10.50

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwbiolRD/eEYBHGp5nyzziuvbCuAFAmkXTbEACgkQnyzziuvb
# CuDW5BAArQLCnU/02r4r73WQ50FfojJOnH8+i0K2zTVVtheNvUsbOEbYTokCPrrQ
# 5udhL1Psd004g3M0uiKYAv10D3GmRuBi+q8LZaI+AMDRY1dDURjDSzKL70FTqgUa
# TEQX5snT0tuPRUzS27hJi3l7P27WNQwK29Pl0m+JDAUcqzoqFZZzJoawQRBRnfeH
# AnmhocPNOYIV23RsQzE5XzO0Y0SAz8DbFLoUVyVMP+Cr2YuP7wqd0cSjkqFh+FS4
# eLGjPj7OA+oBHDoiaITlAMXCAH7mpmCnxPqjOKLdR9S6C7/btAWa1p+j3nLLv1od
# h2nM/e5K+pxg7eb3BHK0Xs2j5YNl7RfgKspg3BeSVueOTCniaPC8lzexp0MlIaKn
# Aulc7g7egb75LEknDpgt7vM636Vbv/noxMeqgwyxMnhJ60iojq6Hsxtk9u/699kL
# /1s+a4VjkGPgxQHqErNu4ig9gFPA1nHNwwW2ngXU+5F44lKD+025bgMPqjEutGaR
# waYEp6t8hp6IUJM3CI8NidxPlnU82kSHUAhem16k9cDxhsau8DsST91enqdREt4G
# xdqxyBLOQDLlPhtlMNfdh1ojrbUQx+UUdVcMnmPWpO4y+BHRqRmFIhb0W+wPdxCt
# PwIt/55ICTR57HzVXvAX4k0nkFCj4Go5x0Gj6sPbGCOql/zyTwg=
# =elGV
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri Nov 14 15:41:37 2025 GMT
# gpg:                using RSA key C1B8A89510FF7846011C6A799F2CF38AEBDB0AE0
# gpg: Good signature from "Andy Miller <rhuk@mac.com>" [ultimate]

CHANGELOG.md

@@ -1,3 +1,16 @@
+# v1.10.50
+## 11/14/2025
+
+1. [](#new)
+    * Support for 'safe-upgrade' installation
+    * Support for safe-upgrade restore functionality in Tools
+1. [](#improved)
+    * Improved session expiration/logout handling
+    * Various minor CSS fixes
+1. [](#bugfix)   
+    * Fix for deeply nested sortable fields (at last!)
+    * Restore admin session timeout modal by returning 401 for timed-out AJAX requests
+
 # v1.10.49.1
 ## 09/03/2025
 

blueprints.yaml

@@ -1,7 +1,7 @@
 name: Admin Panel
 slug: admin
 type: plugin
-version: 1.10.49.1
+version: 1.10.50
 description: Adds an advanced administration panel to manage your site
 icon: empire
 author:

classes/plugin/AdminBaseController.php

@@ -96,6 +96,8 @@ class AdminBaseController
 
         // Make sure that user is logged into admin.
         if (!$this->admin->authorize()) {
+            $this->respondUnauthorizedIfAjax();
+
             return false;
         }
 
@@ -236,6 +238,31 @@ class AdminBaseController
         $this->close($response);
     }
 
+    /**
+     * Return a JSON 401 response when an unauthenticated request was clearly triggered via AJAX.
+     *
+     * @return void
+     */
+    protected function respondUnauthorizedIfAjax(): void
+    {
+        $uri = $this->grav['uri'] ?? null;
+        $extension = $uri ? $uri->extension() : null;
+        $accept = $_SERVER['HTTP_ACCEPT'] ?? '';
+        $requestedWith = $_SERVER['HTTP_X_REQUESTED_WITH'] ?? '';
+
+        $acceptsJson = is_string($accept) && (stripos($accept, 'application/json') !== false || stripos($accept, 'text/json') !== false);
+        $isAjax = ($extension === 'json') || $acceptsJson || (is_string($requestedWith) && strtolower($requestedWith) === 'xmlhttprequest');
+
+        if (!$isAjax) {
+            return;
+        }
+
+        $this->sendJsonResponse([
+            'status' => 'unauthenticated',
+            'message' => Admin::translate('PLUGIN_ADMIN.SESSION_EXPIRED_DESC')
+        ], 401);
+    }
+
     /**
      * @param ResponseInterface $response
      * @return never-return

themes/grav/app/utils/keepalive.js

@@ -26,6 +26,9 @@ class KeepAlive {
 
         return fetch(`${config.base_url_relative}/task${config.param_sep}keepAlive`, {
             credentials: 'same-origin',
+            headers: {
+                'Accept': 'application/json'
+            },
             method: 'post',
             body: data
         })

themes/grav/js/admin.min.js

@@ -1064,6 +1064,9 @@ var KeepAlive = /*#__PURE__*/function () {
       data.append('admin-nonce', external_GravAdmin_namespaceObject.config.admin_nonce);
       return fetch("".concat(external_GravAdmin_namespaceObject.config.base_url_relative, "/task").concat(external_GravAdmin_namespaceObject.config.param_sep, "keepAlive"), {
         credentials: 'same-origin',
+        headers: {
+          'Accept': 'application/json'
+        },
         method: 'post',
         body: data
       }).then(function (response) {