decidim-core 0.28.4 → 0.28.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ec3e95f4dbf1ac0e6178188a46ddf5d702bea045e85d76f64c1193af3c0e2ed
-  data.tar.gz: 684aeb5ae98c9d8fe9fa9488721d153fbc42be5dcd1cd13d1328e34da3ebdef8
+  metadata.gz: 88c7b06f4bb2ad092e2e306434bd645d1f27f8e467bc34ab341093f1213ef70b
+  data.tar.gz: 45be0ca0bc0b4f11581b1e12c931cbc1c9a80a321ed9c7e1822bc79ff7d9d59f
 SHA512:
-  metadata.gz: fee3f0d928f2853e9953dc65e5232aae720997c23d7933e4e08a3154246ae6612a7688e4b9dc0c7af196b9f7043aacd08b7bee72e60ebe69b6b9ce057e17149c
-  data.tar.gz: 02fb38ba880953a3b819f4ff1b3d88d6cde4dcd66a2753ddb5178fa524d73f8e8db14b4bcf4e862651ff16c45c1f6be4044520a6daf8d8f94b1ff9dfae299ec1
+  metadata.gz: 79b66628f6569dd4f570d3388bf185583b5d9fe1edee9545da9948cb8371e9b7722edd651db0805a73aeeb272e8b8c2df4c55b07b9237da062761992e43e8c13
+  data.tar.gz: 969da677904a158b3b7744f58a834162dbc10c6b8d94a609aac305744a6c061b439117793d52d964edcbbfe656476239651ac0d6dc34d32c22fc3da79f0b32b6

data/app/cells/decidim/activity_cell.rb

@@ -106,10 +106,7 @@ module Decidim
       hash << id_prefix
       hash << I18n.locale.to_s
       hash << model.class.name.underscore
-      hash << model.cache_key_with_version
-      if (author_cell = author)
-        hash.push(Digest::MD5.hexdigest(author_cell.send(:cache_hash)))
-      end
+      hash << model.cache_key_with_version if model.respond_to?(:cache_key_with_version)
 
       hash.join(Decidim.cache_key_separator)
     end

data/app/cells/decidim/author/show.erb

@@ -1,6 +1,7 @@
-<% data = has_tooltip? ? { tooltip: render(:profile_minicard).html_safe } : nil %>
-<span class="author" data-author>
-  <%= content_tag :span, class: "author__container#{" is-compact" if layout == :compact}", data: do %>
+<%# If the options hash has the demo key it means we are in the decidim-design engine, so it is not a real-world scenario with actual users %>
+<% tooltip = options.has_key?(:demo) ? { tooltip: render(:profile_minicard).html_safe } : nil %>
+<%= content_tag(:span, class: :author, data: ) do %>
+  <%= content_tag :span, class: "author__container#{" is-compact" if layout == :compact}", data: tooltip do %>
     <% if layout == :compact %>
       <%= render :avatar %>
 
@@ -24,4 +25,4 @@
       <%= render action %>
     <% end %>
   <% end %>
-</span>
+<% end %>

data/app/cells/decidim/author_cell.rb

@@ -49,8 +49,26 @@ module Decidim
       @context_actions_options ||= options[:context_actions].map(&:to_sym)
     end
 
+    def profile_minicard
+      render
+    end
+
     private
 
+    # If the options hash has the demo key it means we are in the decidim-design engine,
+    # so it is not a real-world scenario with actual users
+    def data
+      @data ||= begin
+        internal_data = { author: true }
+        if has_tooltip? && !options.has_key?(:demo)
+          internal_data["remote_tooltip"] = true
+          internal_data["tooltip-url"] = decidim.profile_tooltip_path(raw_model.nickname)
+        end
+
+        internal_data
+      end
+    end
+
     def layout
       @layout ||= LAYOUTS.include?(options[:layout]) ? options[:layout] : :default
     end
@@ -162,5 +180,13 @@ module Decidim
     def resource_name
       @resource_name ||= from_context.class.name.demodulize.underscore
     end
+
+    def has_tooltip?
+      return false if model.deleted?
+      return false if model.respond_to?(:blocked?) && model.blocked?
+      return true if options.has_key?(:tooltip)
+
+      model.has_tooltip?
+    end
   end
 end

data/app/cells/decidim/card_s/show.erb

@@ -1,10 +1,12 @@
-<%= link_to resource_path, class: "card__search", id: dom_id(resource) do %>
+<%= content_tag :div, id: dom_id(resource), class: "card__search" do %>
   <%= content_tag title_tag, class: "h4 card__search-title" do %>
-    <%= title %>
+    <%= link_to resource_path, class: "card__search" do %>
+      <%= title %>
+    <% end %>
   <% end %>
   <% if metadata_cell.present? %>
     <div class="card__search-metadata">
-      <%= cell metadata_cell, resource, links: false %>
+     <%= cell metadata_cell, resource, links: false %>
     </div>
   <% end %>
 <% end %>

data/app/cells/decidim/diff_cell.rb

@@ -71,6 +71,10 @@ module Decidim
 
     # DiffRenderer class for the current_version's item; falls back to `BaseDiffRenderer`.
     def diff_renderer_class
+      renderer_class = "#{current_version.item_type}DiffRenderer".safe_constantize
+
+      return renderer_class if renderer_class
+
       if current_version.item_type.deconstantize == "Decidim"
         "#{current_version.item_type.pluralize}::DiffRenderer".constantize
       else

data/app/cells/decidim/newsletter_templates/image_text_cta_cell.rb

@@ -50,7 +50,7 @@ module Decidim
       end
 
       def main_image_url
-        newsletter.template.images_container.attached_uploader(:main_image).url(host: organization.host)
+        newsletter.template.images_container.attached_uploader(:main_image).url
       end
 
       def organization_primary_color

data/app/cells/decidim/participatory_space_dropdown_metadata/show.erb

@@ -3,7 +3,9 @@
     <%= render :metadata %>
     <%= cell "decidim/content_blocks/menu_breadcrumb_last_activity", model, hide_participatory_space: true %>
   </div>
-  <ul class="menu-bar__secondary-dropdown__menu">
-    <%= render :links %>
-  </ul>
+  <nav role="navigation" aria-label="<%= t("decidim.accessibility.secondary_menu") %>">
+    <ul class="menu-bar__secondary-dropdown__menu">
+      <%= render :links %>
+    </ul>
+  </nav>
 </div>

data/app/cells/decidim/resource_types_filter/show.erb

@@ -11,7 +11,7 @@
   <ul id="dropdown-menu-resource">
     <% resource_types.each do |resource_type| %>
       <li role="menuitem">
-        <%= link_to decidim.last_activities_path(filter: { with_resource_type: resource_type[0] } ), class: "filter#{" is-active" if filter_param == resource_type[0]}" do %>
+        <%= link_to filter_url(resource_type[0]), class: "filter#{" is-active" if filter_param == resource_type[0]}" do %>
           <span class="sr-only"><%= resource_type[1] %></span>
           <%= text_with_resource_icon(*resource_type) %>
         <% end %>

data/app/cells/decidim/resource_types_filter_cell.rb

@@ -29,8 +29,12 @@ module Decidim
       options[:id] || "filters"
     end
 
-    def form_path
-      options[:form_path]
+    def filter_url(resource_type)
+      if options[:source] == :last_activities
+        last_activities_path(filter: { with_resource_type: resource_type })
+      else
+        profile_activity_path(nickname: params[:nickname], filter: { resource_type: })
+      end
     end
 
     def filter_param_key
@@ -41,10 +45,6 @@ module Decidim
       @filter_param ||= params.dig(:filter, filter_param_key) || all_types_key
     end
 
-    def filter
-      options[:filter]
-    end
-
     def all_resource_types_option
       [all_types_key, I18n.t("all", scope: "decidim.last_activities")]
     end

data/app/cells/decidim/translation_bar/show.erb

@@ -1,6 +1,6 @@
-<div class="wrapper-mini translation-bar">
-  <div class="row column">
+<div>
+  <div class="pt-4 pb-4 text-center bg-background">
     <%= link %>
-    <span class="translation-button-help"><%= help_text %></span>
+    <span class="translation-button-help ml-4"><%= help_text %></span>
   </div>
 </div>

data/app/cells/decidim/translation_bar_cell.rb

@@ -34,7 +34,7 @@ module Decidim
       parsed_url.query = new_query
       url = parsed_url.to_s
 
-      link_to button_text, url, class: "button small hollow"
+      link_to button_text, url, class: "button button__sm button__transparent-secondary"
     end
 
     def button_text

data/app/cells/decidim/user_activity/show.erb

@@ -1,5 +1,5 @@
 <div class="profile__activity">
-  <%= cell "decidim/resource_types_filter", resource_types, form_path: url_for, filter: %>
+  <%= cell "decidim/resource_types_filter", resource_types, source: :profile_activity %>
   <div class="profile__activity__container" id="activities-container">
     <% if activities.length == 0 %>
       <%= cell "decidim/announcement", t("decidim.user_activity.index.no_activities_warning") %>

data/app/commands/decidim/create_omniauth_registration.rb

@@ -45,6 +45,8 @@ module Decidim
 
     attr_reader :form, :verified_email
 
+    REGEXP_SANITIZER = /[<>?%&\^*#@()\[\]=+:;"{}\\|]/
+
     def create_or_find_user
       @user = User.find_or_initialize_by(
         email: verified_email,
@@ -63,16 +65,11 @@ module Decidim
         @user.save!
       else
         @user.email = (verified_email || form.email)
-        @user.name = form.name
+        @user.name = form.name.gsub(REGEXP_SANITIZER, "")
         @user.nickname = form.normalized_nickname
         @user.newsletter_notifications_at = nil
         @user.password = SecureRandom.hex
-        if form.avatar_url.present?
-          url = URI.parse(form.avatar_url)
-          filename = File.basename(url.path)
-          file = url.open
-          @user.avatar.attach(io: file, filename:)
-        end
+        attach_avatar(form.avatar_url) if form.avatar_url.present?
         @user.skip_confirmation! if verified_email
         @user.tos_agreement = "1"
         @user.save!
@@ -81,6 +78,15 @@ module Decidim
       end
     end
 
+    def attach_avatar(avatar_url)
+      url = URI.parse(avatar_url)
+      filename = File.basename(url.path)
+      file = url.open
+      @user.avatar.attach(io: file, filename:)
+    rescue OpenURI::HTTPError, Errno::ECONNREFUSED
+      # Do not attach the avatar, as it fails to fetch it.
+    end
+
     def create_identity
       @user.identities.create!(
         provider: form.provider,
@@ -126,7 +132,7 @@ module Decidim
         provider: form.provider,
         uid: form.uid,
         email: form.email,
-        name: form.name,
+        name: form.name.gsub(REGEXP_SANITIZER, ""),
         nickname: form.normalized_nickname,
         avatar_url: form.avatar_url,
         raw_data: form.raw_data

data/app/commands/decidim/destroy_account.rb

@@ -35,6 +35,9 @@ module Decidim
       @user.name = ""
       @user.nickname = ""
       @user.email = ""
+      @user.personal_url = ""
+      @user.about = ""
+      @user.notifications_sending_frequency = "none"
       @user.delete_reason = @form.delete_reason
       @user.admin = false if @user.admin?
       @user.deleted_at = Time.current

data/app/commands/decidim/search.rb

@@ -37,6 +37,12 @@ module Decidim
                     klass.order_by_id_list(result_ids.take(HIGHLIGHTED_RESULTS_COUNT))
                   end
 
+        uncommentable_resources = uncommentable_resources(results) if results.present?
+        if uncommentable_resources.present?
+          results -= uncommentable_resources
+          results_count -= uncommentable_resources.count
+        end
+
         results_by_type.update(class_name => {
                                  count: results_count,
                                  results:
@@ -89,5 +95,13 @@ module Decidim
       query = query.global_search(I18n.transliterate(term)) if term.present?
       query
     end
+
+    def uncommentable_resources(results)
+      results.where(id: results.select { |obj| related_uncommentable_resources?(obj) }.map(&:id))
+    end
+
+    def related_uncommentable_resources?(object)
+      object.respond_to?(:commentable) && !object.commentable.commentable?
+    end
   end
 end

data/app/controllers/decidim/doorkeeper/credentials_controller.rb

@@ -28,7 +28,7 @@ module Decidim
       end
 
       def avatar_url
-        avatar_url = current_resource_owner.attached_uploader(:avatar).url(host: current_resource_owner.organization.host)
+        avatar_url = current_resource_owner.attached_uploader(:avatar).url
         return unless avatar_url
 
         unless %r{^https?://}.match? avatar_url

data/app/controllers/decidim/links_controller.rb

@@ -41,7 +41,7 @@ module Decidim
     end
 
     def escape_url(external_url)
-      before_fragment, fragment = external_url.split("#", 2)
+      before_fragment, fragment = URI.decode_www_form_component(external_url).split("#", 2)
       escaped_before_fragment = URI::Parser.new.escape(before_fragment)
 
       if fragment

data/app/controllers/decidim/profiles_controller.rb

@@ -24,7 +24,11 @@ module Decidim
     def show
       return redirect_to profile_members_path if profile_holder.is_a?(Decidim::UserGroup)
 
-      redirect_to profile_activity_path(nickname: params[:nickname])
+      redirect_to profile_activity_path(nickname: params[:nickname].downcase)
+    end
+
+    def tooltip
+      render json: { data: cell("decidim/author", profile_holder.presenter).profile_minicard }
     end
 
     def following
@@ -112,7 +116,7 @@ module Decidim
     def profile_holder
       return if params[:nickname].blank?
 
-      @profile_holder ||= Decidim::UserBaseEntity.find_by("LOWER(nickname) = ? AND decidim_organization_id = ?", params[:nickname].downcase, current_organization.id)
+      @profile_holder ||= Decidim::UserBaseEntity.find_by("nickname = ? AND decidim_organization_id = ?", params[:nickname].downcase, current_organization.id)
     end
   end
 end

data/app/controllers/decidim/reports_controller.rb

@@ -16,7 +16,7 @@ module Decidim
       CreateReport.call(@form, reportable, current_user) do
         on(:ok) do
           flash[:notice] = I18n.t("decidim.reports.create.success")
-          redirect_back fallback_location: root_path
+          redirect_to reportable.reload.reported_content_url
         end
 
         on(:invalid) do

data/app/controllers/decidim/user_activities_controller.rb

@@ -22,7 +22,7 @@ module Decidim
     def user
       return unless params[:nickname]
 
-      @user ||= current_organization.users.find_by("LOWER(nickname) = ?", params[:nickname].downcase)
+      @user ||= current_organization.users.find_by("nickname = ?", params[:nickname].downcase)
     end
 
     def activities

data/app/forms/decidim/account_form.rb

@@ -21,7 +21,10 @@ module Decidim
 
     validates :name, presence: true, format: { with: Decidim::User::REGEXP_NAME }
     validates :email, presence: true, "valid_email_2/email": { disposable: true }
-    validates :nickname, presence: true, format: { with: Decidim::User::REGEXP_NICKNAME }
+    validates :nickname,
+              presence: true,
+              format: { with: Decidim::User::REGEXP_NICKNAME, message: :format },
+              length: { maximum: Decidim::User.nickname_max_length }
 
     validates :nickname, length: { maximum: Decidim::User.nickname_max_length, allow_blank: true }
     validates :password, password: { name: :name, email: :email, username: :nickname }, if: -> { password.present? }
@@ -66,7 +69,7 @@ module Decidim
 
     def unique_nickname
       return true if Decidim::UserBaseEntity.where(
-        "decidim_organization_id = ? AND LOWER(nickname) = ? ",
+        "decidim_organization_id = ? AND nickname = ? ",
         context.current_organization.id,
         nickname.downcase
       ).where.not(id: context.current_user.id).empty?

data/app/helpers/concerns/decidim/user_role_checker.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Decidim
+  module UserRoleChecker
+    # Shared behaviour for signed_in admins
+    extend ActiveSupport::Concern
+
+    private
+
+    def user_has_any_role?(user, participatory_space = nil, broad_check: false)
+      return false unless user
+
+      [
+        user.admin,
+        user.roles.any?,
+        participatory_process_user_role?(user, participatory_space, broad_check:),
+        assembly_user_role?(user, participatory_space, broad_check:),
+        conference_user_role?(user, participatory_space, broad_check:)
+      ].any?
+    end
+
+    def participatory_process_user_role?(user, participatory_process = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:participatory_processes)
+      return Decidim::ParticipatoryProcessUserRole.exists?(user:) if broad_check
+      return false unless participatory_process.is_a?(Decidim::ParticipatoryProcess)
+
+      Decidim::ParticipatoryProcessUserRole.exists?(user:, participatory_process:)
+    end
+
+    def assembly_user_role?(user, assembly = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:assemblies)
+      return Decidim::AssemblyUserRole.exists?(user:) if broad_check
+      return false unless assembly.is_a?(Decidim::Assembly)
+
+      Decidim::AssemblyUserRole.exists?(user:, assembly:)
+    end
+
+    def conference_user_role?(user, conference = nil, broad_check: false)
+      return false unless Decidim.module_installed?(:conferences)
+      return Decidim::ConferenceUserRole.exists?(user:) if broad_check
+      return false unless conference.is_a?(Decidim::Conference)
+
+      Decidim::ConferenceUserRole.exists?(user:, conference:)
+    end
+  end
+end

data/app/helpers/decidim/cta_button_helper.rb

@@ -16,7 +16,7 @@ module Decidim
     # Finds the CTA button path to reuse it in other places.
     def cta_button_path
       if current_organization.cta_button_path.present?
-        current_organization.cta_button_path
+        "/#{current_organization.cta_button_path}"
       elsif Decidim::ParticipatoryProcess.where(organization: current_organization).published.any?
         decidim_participatory_processes.participatory_processes_path
       elsif current_user

data/app/helpers/decidim/map_helper.rb

@@ -35,7 +35,12 @@ module Decidim
             data: { "external-link": "text-only" }
           }.merge(map_html_options)
           return link_to(map_url, html_options) do
-            image_tag decidim.static_map_path(sgid: resource.to_sgid.to_s), alt: "#{map_service_brand} - #{address_text}"
+            # We also add the latitude and the longitude to prevent the Workbox cache to be overly aggressive when updating a map
+            image_tag decidim.static_map_path(
+              sgid: resource.to_sgid.to_s,
+              latitude: resource.latitude,
+              longitude: resource.longitude
+            ), alt: "#{map_service_brand} - #{address_text}"
           end
         end
       end

data/app/helpers/decidim/orders_helper.rb

@@ -13,7 +13,8 @@ module Decidim
     def order_selector(orders, options = {})
       render partial: "decidim/shared/orders", locals: {
         orders:,
-        i18n_scope: options[:i18n_scope]
+        i18n_scope: options[:i18n_scope],
+        css_class: options[:css_class]
       }
     end
 

data/app/helpers/decidim/participatory_space_helpers.rb

@@ -28,7 +28,7 @@ module Decidim
     end
 
     def participatory_space_floating_help
-      return if help_section.blank?
+      return if help_section.blank? || strip_tags(translated_attribute(help_section).html_safe).blank?
 
       floating_help(help_id) { translated_attribute(help_section).html_safe }
     end

data/app/helpers/decidim/sanitize_helper.rb

@@ -37,13 +37,22 @@ module Decidim
       end
     end
 
+    # Converts the blob and blob variant references to blob URLs.
+    def decidim_rich_text(html, options = {})
+      renderer = Decidim::ContentProcessor.renderer_klass(:blob).constantize.new(html)
+      renderer.render(options)
+    end
+
     def decidim_sanitize_editor(html, options = {})
       content_tag(:div, decidim_sanitize(html, options), class: %w(rich-text-display))
     end
 
     def decidim_sanitize_editor_admin(html, options = {})
       html = Decidim::IframeDisabler.new(html, options).perform
-      decidim_sanitize_editor(html, { scrubber: Decidim::AdminInputScrubber.new }.merge(options))
+      decidim_sanitize_editor(
+        decidim_rich_text(html),
+        { scrubber: Decidim::AdminInputScrubber.new }.merge(options)
+      )
     end
 
     def decidim_html_escape(text)
@@ -51,7 +60,7 @@ module Decidim
     end
 
     def decidim_url_escape(text)
-      decidim_html_escape(text).sub(/^javascript:/, "")
+      decidim_html_escape(text).sub(/^\s*javascript:/, "")
     end
 
     def decidim_sanitize_translated(text)

data/app/models/decidim/attachment.rb

@@ -65,7 +65,7 @@ module Decidim
     #
     # Returns String.
     def file_type
-      url&.split(".")&.last&.downcase
+      url&.split(".")&.last&.split("&")&.first&.downcase
     end
 
     def url

data/app/models/decidim/user.rb

@@ -13,8 +13,6 @@ module Decidim
     include Decidim::UserReportable
     include Decidim::Traceable
 
-    REGEXP_NICKNAME = /\A[\w-]+\z/
-
     class Roles
       def self.all
         Decidim.config.user_roles
@@ -51,8 +49,6 @@ module Decidim
 
     has_one_attached :download_your_data_file
 
-    scope :not_deleted, -> { where(deleted_at: nil) }
-
     scope :managed, -> { where(managed: true) }
     scope :not_managed, -> { where(managed: false) }
 

data/app/models/decidim/user_base_entity.rb

@@ -21,11 +21,13 @@ module Decidim
 
     # Regex for name & nickname format validations
     REGEXP_NAME = /\A(?!.*[<>?%&\^*#@()\[\]=+:;"{}\\|])/
+    REGEXP_NICKNAME = /\A[a-z0-9_-]+\z/
 
     has_one_attached :avatar
     validates_avatar :avatar, uploader: Decidim::AvatarUploader
 
     validates :name, format: { with: REGEXP_NAME }
+    validates :nickname, format: { with: REGEXP_NICKNAME }, unless: -> { deleted? || managed? }
 
     scope :confirmed, -> { where.not(confirmed_at: nil) }
     scope :not_confirmed, -> { where(confirmed_at: nil) }
@@ -34,6 +36,8 @@ module Decidim
     scope :not_blocked, -> { where(blocked: false) }
     scope :available, -> { where(deleted_at: nil, blocked: false, managed: false) }
 
+    scope :not_deleted, -> { where(deleted_at: nil) }
+
     # Public: Returns a collection with all the public entities this user is following.
     #
     # This cannot be done as with a `has_many :following, through: :following_follows`

data/app/packs/src/decidim/append_redirect_url_to_modals.js

@@ -53,10 +53,18 @@ $(() => {
   }
 
   $(document).on("click.zf.trigger", (event) => {
-    const target = `#${$(event.target).data("dialogOpen")}`;
-    const redirectUrl = $(event.target).data("redirectUrl");
+    // Try to get the <a> directly or find the closest parent <a>
+    const $target = $(event.target).closest("a");
 
-    if (!target || !redirectUrl) {
+    // Check if an <a> was found
+    if (!$target) {
+      return;
+    }
+
+    const dialogTarget = `#${$target.data("dialog-open")}`;
+    const redirectUrl = $target.data("redirectUrl");
+
+    if (!dialogTarget || !redirectUrl) {
       return;
     }
 
@@ -64,10 +72,10 @@ $(() => {
       attr("id", "redirect_url").
       attr("name", "redirect_url").
       attr("value", redirectUrl).
-      appendTo(`${target} form`);
+      appendTo(`${dialogTarget} form`);
 
-    $(`${target} a`).attr("href", (index, href) => {
-      const querystring = jQuery.param({ "redirect_url": redirectUrl });
+    $(`${dialogTarget} a`).attr("href", (index, href) => {
+      const querystring = jQuery.param({"redirect_url": redirectUrl});
       return href + (href.match(/\?/) ? "&" : "?") + querystring;
     });
   });

data/app/packs/src/decidim/direct_uploads/upload_field.js

@@ -21,6 +21,7 @@ const updateActiveUploads = (modal) => {
   const files = document.querySelector(`[data-active-uploads=${modal.modal.id}]`)
   const previousId = Array.from(files.querySelectorAll("[type=hidden][id]"))
   const isMultiple = modal.options.multiple
+  const isTitled = modal.options.titled
 
   // fastest way to clean children nodes
   files.textContent = ""
@@ -34,16 +35,26 @@ const updateActiveUploads = (modal) => {
     let hidden = ""
     if (file.hiddenField) {
       // if there is hiddenField, this file is new
-      const fileField = isMultiple
-        ? `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][file]`
-        : `${modal.options.resourceName}[${modal.options.addAttribute}]`
+      let fileField = null;
+      if (isMultiple) {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][file]`
+      } else if (isTitled) {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}][file]`
+      } else {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}]`;
+      }
 
       hidden = `<input type="hidden" name="${fileField}" value="${file.hiddenField}" />`
     } else {
       // otherwise, we keep the attachmentId
-      const fileField = isMultiple
-        ? `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][id]`
-        : `${modal.options.resourceName}[${modal.options.addAttribute}]`
+      let fileField = null;
+      if (isMultiple) {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][id]`;
+      } else if (isTitled) {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}][id]`;
+      } else {
+        fileField = `${modal.options.resourceName}[${modal.options.addAttribute}]`;
+      }
 
       // convert all node attributes to string
       const attributes = Array.from(previousId.find(({ id }) => id === file.attachmentId).attributes).reduce((acc, { name, value }) => `${acc} ${name}="${value}"`, "")
@@ -51,10 +62,12 @@ const updateActiveUploads = (modal) => {
       hidden += `<input type="hidden" name="${fileField}" value="${file.attachmentId}" />`
     }
 
-    if (modal.options.titled) {
+    if (isTitled) {
       const titleValue = modal.modal.querySelectorAll('input[type="text"]')[ix].value
       // NOTE - Renaming the attachment is not supported when multiple uploader is disabled
-      const titleField = `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][title]`
+      const titleField = isMultiple
+        ? `${modal.options.resourceName}[${modal.options.addAttribute}][${ix}][title]`
+        : `${modal.options.resourceName}[${modal.options.addAttribute}][title]`
       hidden += `<input type="hidden" name="${titleField}" value="${escapeQuotes(titleValue)}" />`
 
       title = titleValue