Alexander Schranz
Core Developer – Sulu GmbH
Core developer and support king. So dedicated to his work that we couldn't find a hobby to mention.

SuluFormBundle 2.0 stable release — with honey-pot spam protection and even easier theming

After releasing the SuluArticleBundle 2.1, we are happy to announce the release of the SuluFormBundle 2.0 — which will bring easy form management to Sulu 2.

What is the SuluFormBundle?

The Sulu Form Bundle provides an additional Admin UI to create custom forms for your website. It is mostly used for basic contact forms. The form bundle handles not only rendering and saving of the form, but also sends emails. The content manager has full control of the form, can use a basic grid to design it and position form fields, and can configure if and how the email is sent.

In the next sections we will have a look at what is new in the 2.0 version of the bundle.

New feature: honey pot field

Spam is the most annoying thing when you have a form on your website. In addition to  the existing recaptcha, the community requested an alternative form of spam protection by implementing a honeypot field.

A honeypot field is a field which exists in the page’s HTML and is just hidden with CSS for real users. As most spam bots do not interpret CSS, they will enter data into that field so in the backend we can detect this and handle this as spam.

As this needs to be hidden with CSS, it needs to be activated in the Sulu form configuration file:

        field: "FieldName"
        strategy: spam # no_save, no_email, spam

By default, the data is always saved, and a notification email is sent to the content manager’s address, if this has been configured.

There are different strategies to determine what should happen when spam is detected via the honey pot field:

spam: This suffixes the subject line of the notification email with (SPAM). Use this when you want to check if the spam protection is working and whether you hid the honeypot field from your users correctly.

no_email: Saves the form data but will not send you an email notification. This is used if you want to save all data, including spam.

no_save: Discards the data without sending an email. Use this if you want to completely avoid saving any detected spam without being notified.

We hope we will have more spam-free websites online with this new feature.

New feature: easier theming

The new version of the form bundle is also shipped with a new basic theme. The new theme allows for easier customization. Common examples, like setting specific classes on containers and integrating your own grid, can be found in the theming documentation.

New feature: ‘generate form’ command

To improve the developer experience, a new command was added to the SuluFormBundle.

bin/console sulu:form:generate-form

This command generates a "Test Form" containing all types provided by the bundle, so the developer can focus on theming the form, instead of creating a form in the administration themselves.

Upgrade from older version

When upgrading from an older version, have a look at the UPGRADE file to avoid any problems. First the packagist name was renamed to be similar to other bundles, so the new name is sulu/form-bundle. The biggest change is the database schema. In older versions it was never clear if a field is stored directly on the entity or in a single data JSON field. So we decided to change this to make it easier for developers to access the data and avoid looking for it in two different places.

Your feedback is important!

If you have any problems installing, upgrading the SuluFormBundle or have new ideas feel free to contact us.

Stay tuned to hear more about our other bundles that will be compatible with Sulu 2.0 in the near future.

If you like the bundle, don’t hesitate to give it a ⭐ on Github.