Commit 469f7dce authored by Carsten  Rose's avatar Carsten Rose
Browse files

Manual.rst: Describe REST authentication

parent 99453749
...@@ -62,17 +62,17 @@ For the `download`_ function, the programs `pdftk` and `file` are necessary to c ...@@ -62,17 +62,17 @@ For the `download`_ function, the programs `pdftk` and `file` are necessary to c
Preparation for Ubuntu 14.04:: Preparation for Ubuntu 14.04::
sudo apt-get install php5-mysqlnd php5-intl sudo apt-get install php5-mysqlnd php5-intl
sudo apt-get install pdftk file # for file upload and PDF sudo apt-get install pdftk file # for file upload and PDF
sudo apt-get install inkscape imagemagick # to render thumbnails sudo apt-get install inkscape imagemagick # to render thumbnails
sudo php5enmod mysqlnd sudo php5enmod mysqlnd
sudo service apache2 restart sudo service apache2 restart
Preparation for Ubuntu 16.04:: Preparation for Ubuntu 16.04::
sudo apt install php7.0-intl sudo apt install php7.0-intl
sudo apt install pdftk libxrender1 file pdf2svg # for file upload, PDF and 'HTML to PDF' (wkhtmltopdf), PDF split sudo apt install pdftk libxrender1 file pdf2svg # for file upload, PDF and 'HTML to PDF' (wkhtmltopdf), PDF split
sudo apt install inkscape imagemagick # to render thumbnails sudo apt install inkscape imagemagick # to render thumbnails
.. _wkhtml: .. _wkhtml:
...@@ -130,17 +130,17 @@ Different browser prints the same page in different variations. To prevent this, ...@@ -130,17 +130,17 @@ Different browser prints the same page in different variations. To prevent this,
Provide a `print this page`-link (replace 'current pageId' ):: Provide a `print this page`-link (replace 'current pageId' )::
<a href="typo3conf/ext/qfq/Source/api/print.php?id={current pageId}">Print this page</a> <a href="typo3conf/ext/qfq/Source/api/print.php?id={current pageId}">Print this page</a>
Any parameter specified after `print.php` will be delivered to `wkhtmltopdf` as part of the URL. Any parameter specified after `print.php` will be delivered to `wkhtmltopdf` as part of the URL.
Typoscript code to implement a print link on every page:: Typoscript code to implement a print link on every page::
10 = TEXT 10 = TEXT
10 { 10 {
wrap = <a href="typo3conf/ext/qfq/Source/api/print.php?id=|&type=99"><span class="glyphicon glyphicon-print" aria-hidden="true"></span> Printview</a> wrap = <a href="typo3conf/ext/qfq/Source/api/print.php?id=|&type=99"><span class="glyphicon glyphicon-print" aria-hidden="true"></span> Printview</a>
data = page:uid data = page:uid
} }
Send Email Send Email
^^^^^^^^^^ ^^^^^^^^^^
...@@ -433,6 +433,8 @@ Extension Manager: QFQ Configuration ...@@ -433,6 +433,8 @@ Extension Manager: QFQ Configuration
| securityGetMaxLength | 50 | GET vars longer than 'x' chars triggers an `attack-recognized`. | | securityGetMaxLength | 50 | GET vars longer than 'x' chars triggers an `attack-recognized`. |
| | | `ExceptionMaxLength`_. | | | | `ExceptionMaxLength`_. |
+-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+ +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
| securityFailedAuthDelay | 3 | If authorization fails, sleep 'x' seconds before answering the request. |
+-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
| Form-Config | | Form-Config |
+-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+ +-----------------------------------+-------------------------------------------------------+----------------------------------------------------------------------------+
| recordLockTimeoutSeconds | 900 | Timeout for record locking. After this time, a record will be replaced. | | recordLockTimeoutSeconds | 900 | Timeout for record locking. After this time, a record will be replaced. |
...@@ -599,7 +601,7 @@ Websites, delivering semester data, school year schedules, or any other type or ...@@ -599,7 +601,7 @@ Websites, delivering semester data, school year schedules, or any other type or
In configuration_: :: In configuration_: ::
fillStoreSystemBySql1: SELECT id AS periodId FROM Period WHERE start<=NOW() ORDER BY start DESC LIMIT 1 fillStoreSystemBySql1: SELECT id AS periodId FROM Period WHERE start<=NOW() ORDER BY start DESC LIMIT 1
a variable 'periodId' will automatically computed and filled in STORE SYSTEM. Access it via `{{periodId:Y0}}`. a variable 'periodId' will automatically computed and filled in STORE SYSTEM. Access it via `{{periodId:Y0}}`.
To get the name and current period: :: To get the name and current period: ::
...@@ -1221,11 +1223,11 @@ Rules for CheckType Auto (by priority): ...@@ -1221,11 +1223,11 @@ Rules for CheckType Auto (by priority):
* TypeAheadSQL or TypeAheadLDAP defined: **alnumx** * TypeAheadSQL or TypeAheadLDAP defined: **alnumx**
* Table definition * Table definition
* integer type: **digit** * integer type: **digit**
* floating point number: **numerical** * floating point number: **numerical**
* FE Type * FE Type
* 'password', 'note': **all** * 'password', 'note': **all**
* 'editor', 'text' and encode = 'specialchar': **all** * 'editor', 'text' and encode = 'specialchar': **all**
* None of the above: **alnumx** * None of the above: **alnumx**
...@@ -1249,16 +1251,16 @@ manipulate FE user passwords via QFQ. See `setFeUserPassword`_ ...@@ -1249,16 +1251,16 @@ manipulate FE user passwords via QFQ. See `setFeUserPassword`_
The following `escape` and `hashing` types are available: The following `escape` and `hashing` types are available:
* 'm' - `real_escape_string() <http://php.net/manual/en/mysqli.real-escape-string.php>`_ (m = mysql) * 'm' - `real_escape_string() <http://php.net/manual/en/mysqli.real-escape-string.php>`_ (m = mysql)
* 'l' - LDAP search filter values: `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_FILTER). * 'l' - LDAP search filter values: `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_FILTER).
* 'L' - LDAP DN values. `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_DN). * 'L' - LDAP DN values. `ldap-escape() <http://php.net/manual/en/function.ldap-escape.php>`_ (LDAP_ESCAPE_DN).
* 's' - Single ticks ' will be escaped against \\'. * 's' - Single ticks ' will be escaped against \\'.
* 'd' - double ticks " will be escaped against \\". * 'd' - double ticks " will be escaped against \\".
* 'C' - colon ':' will be escaped against \\:. * 'C' - colon ':' will be escaped against \\:.
* 'c' - config - the escape type configured in `configuration`_. * 'c' - config - the escape type configured in `configuration`_.
* 'p' - password hashing: depends on the hashing type in the Typo3 installation, includes salting if configured. * 'p' - password hashing: depends on the hashing type in the Typo3 installation, includes salting if configured.
* '' - the escape type configured in `configuration`_. * '' - the escape type configured in `configuration`_.
* '-' - no escaping. * '-' - no escaping.
* The `escape` type is defined by the fourth parameter of the variable. E.g.: `{{name:FE:alnumx:m}}` (m = mysql). * The `escape` type is defined by the fourth parameter of the variable. E.g.: `{{name:FE:alnumx:m}}` (m = mysql).
* It's possible to combine different `escape` types, they will be processed in the order given. E.g. `{{name:FE:alnumx:Ls}}` (L, s). * It's possible to combine different `escape` types, they will be processed in the order given. E.g. `{{name:FE:alnumx:Ls}}` (L, s).
...@@ -1333,7 +1335,7 @@ Database index ...@@ -1333,7 +1335,7 @@ Database index
To access different databases in a `multi-database`_ setup, the database index can be specified after the opening curly To access different databases in a `multi-database`_ setup, the database index can be specified after the opening curly
braces. :: braces. ::
{{[1]SELECT ... }} {{[1]SELECT ... }}
For using the indexData and indexQfq (configuration_), it's a good practice to specify the variable name For using the indexData and indexQfq (configuration_), it's a good practice to specify the variable name
instead of the numeric index. :: instead of the numeric index. ::
...@@ -1385,11 +1387,11 @@ Link column variables ...@@ -1385,11 +1387,11 @@ Link column variables
These variables return a link, completely rendered in HTML. The syntax and all features of `column-link`_ are available. These variables return a link, completely rendered in HTML. The syntax and all features of `column-link`_ are available.
The following code will render a 'new person' button:: The following code will render a 'new person' button::
{{p:form&form=Person|s|N|t:new person AS link}} {{p:form&form=Person|s|N|t:new person AS link}}
For better reading, the format string might be wrapped in single or double quotes (this is optional): :: For better reading, the format string might be wrapped in single or double quotes (this is optional): ::
{{"p:form&form=Person|s|N|t:new person" AS link}} {{"p:form&form=Person|s|N|t:new person" AS link}}
These variables are especially helpful in: These variables are especially helpful in:
...@@ -1509,9 +1511,9 @@ To offer download of those files, use the reserved column name '_download' (see ...@@ -1509,9 +1511,9 @@ To offer download of those files, use the reserved column name '_download' (see
**Important**: To protect the installation against executing of uploaded malicious script code, disable PHP for the final **Important**: To protect the installation against executing of uploaded malicious script code, disable PHP for the final
upload directory. E.g. `fileadmin` (Apache): :: upload directory. E.g. `fileadmin` (Apache): ::
<Directory "/var/www/html/fileadmin"> <Directory "/var/www/html/fileadmin">
php_admin_flag engine Off php_admin_flag engine Off
</Directory> </Directory>
This is in general a good security improvement for directories with user supplied content. This is in general a good security improvement for directories with user supplied content.
...@@ -1685,7 +1687,9 @@ Store: *CLIENT* - C ...@@ -1685,7 +1687,9 @@ Store: *CLIENT* - C
+=========================+==========================================================================================================================================+ +=========================+==========================================================================================================================================+
| s | =SIP | | s | =SIP |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| r | record id. Typically stored in SIP, rarely specified on the URL | | r | record id. Only if specified as GET parameter - typically stored in SIP (=STORE_SIP) |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| form | Name of form to load. Only if specified as GET parameter - typically stored in SIP (=STORE_SIP) |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| HTTP_HOST | current HTTP HOST | | HTTP_HOST | current HTTP HOST |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
...@@ -1693,7 +1697,7 @@ Store: *CLIENT* - C ...@@ -1693,7 +1697,7 @@ Store: *CLIENT* - C
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| '$_SERVER[*]' | All other variables accessible by *$_SERVER[]*. Only the often used have a pre-defined sanitize class. | | '$_SERVER[*]' | All other variables accessible by *$_SERVER[]*. Only the often used have a pre-defined sanitize class. |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
| form | Unique name of current form | | Authorization | Value of the HTTP Header 'Authorization'. This is typically not set. Mostly used for authentication of REST requests |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+ +-------------------------+------------------------------------------------------------------------------------------------------------------------------------------+
.. _STORE_TYPO3: .. _STORE_TYPO3:
...@@ -2536,10 +2540,10 @@ Optional it might be defined via *Form.parameter* :: ...@@ -2536,10 +2540,10 @@ Optional it might be defined via *Form.parameter* ::
The following shows the same *Form* in the `regular`, `readonly` and `requiredOff` mode:: The following shows the same *Form* in the `regular`, `readonly` and `requiredOff` mode::
10.sql = SELECT CONCAT('p:{{pageAlias:T}}&form=person&r=', p.id, '|Regular') as _pagee, 10.sql = SELECT CONCAT('p:{{pageAlias:T}}&form=person&r=', p.id, '|Regular') as _pagee,
CONCAT('p:{{pageAlias:T}}&form=person&formModeGlobal=readonly&r=', p.id, '|Readonly') as _pagee, CONCAT('p:{{pageAlias:T}}&form=person&formModeGlobal=readonly&r=', p.id, '|Readonly') as _pagee,
CONCAT('p:{{pageAlias:T}}&form=person&formModeGlobal=requiredOff&r=', p.id, '|Required off') as _pagee CONCAT('p:{{pageAlias:T}}&form=person&formModeGlobal=requiredOff&r=', p.id, '|Required off') as _pagee
FROM Person AS p FROM Person AS p
.. ..
...@@ -2687,11 +2691,11 @@ Add an *action* record, type='afterSave', and assign the record to the given *te ...@@ -2687,11 +2691,11 @@ Add an *action* record, type='afterSave', and assign the record to the given *te
In the parameter field define: :: In the parameter field define: ::
slaveId = {{SELECT id FROM Address WHERE personId={{id}} ORDER BY id LIMIT %D,1}} slaveId = {{SELECT id FROM Address WHERE personId={{id}} ORDER BY id LIMIT %D,1}}
sqlHonorFormElements = city%d, street%d sqlHonorFormElements = city%d, street%d
sqlUpdate = {{UPDATE Address SET city='{{city%d:FE:alnumx:s}}', street='{{street%d:FE:alnumx:s}}' WHERE id={{slaveId}} LIMIT 1}} sqlUpdate = {{UPDATE Address SET city='{{city%d:FE:alnumx:s}}', street='{{street%d:FE:alnumx:s}}' WHERE id={{slaveId}} LIMIT 1}}
sqlInsert = {{INSERT INTO Address (`personId`, `city`, `street`) VALUES ({{id}}, '{{city%d:FE:alnumx:s}}' , '{{street%d:FE:alnumx:s}}') }} sqlInsert = {{INSERT INTO Address (`personId`, `city`, `street`) VALUES ({{id}}, '{{city%d:FE:alnumx:s}}' , '{{street%d:FE:alnumx:s}}') }}
sqlDelete = {{DELETE FROM Address WHERE id={{slaveId}} LIMIT 1}} sqlDelete = {{DELETE FROM Address WHERE id={{slaveId}} LIMIT 1}}
The `slaveId` needs attention: the placeholder `%d` starts always at 1. The `LIMIT` directive starts at 0 - therefore The `slaveId` needs attention: the placeholder `%d` starts always at 1. The `LIMIT` directive starts at 0 - therefore
use `%D` instead of `%d`, cause `%D` is always one below `%d` - but can **only** be used on the action element. use `%D` instead of `%d`, cause `%D` is always one below `%d` - but can **only** be used on the action element.
...@@ -3480,11 +3484,11 @@ will be rendered inside the form as a HTML table. ...@@ -3480,11 +3484,11 @@ will be rendered inside the form as a HTML table.
* *subrecordTableClass*: Optional. Default: 'table table-hover qfq-subrecord-table'. If given, the default will be * *subrecordTableClass*: Optional. Default: 'table table-hover qfq-subrecord-table'. If given, the default will be
overwritten. Example: :: overwritten. Example: ::
subrecordTableClass = table table-hover qfq-subrecord-table qfq-table-50 subrecordTableClass = table table-hover qfq-subrecord-table qfq-table-50
* Tablesorter in Subrecord: * Tablesorter in Subrecord:
subrecordTableClass = table table-hover qfq-subrecord-table tablesorter tablesorter-pager tablesorter-filter subrecordTableClass = table table-hover qfq-subrecord-table tablesorter tablesorter-pager tablesorter-filter
* *subrecordColumnTitleEdit*: Optional. Will be rendered as the column title for the new/edit column. * *subrecordColumnTitleEdit*: Optional. Will be rendered as the column title for the new/edit column.
* *subrecordColumnTitleDelete*: Optional. Will be rendered as the column title for the delete column. * *subrecordColumnTitleDelete*: Optional. Will be rendered as the column title for the delete column.
...@@ -3553,8 +3557,8 @@ and will be processed after saving the primary record and before any action Form ...@@ -3553,8 +3557,8 @@ and will be processed after saving the primary record and before any action Form
* *FormElement.value* = `<string>` - By default, the full path of any already uploaded file is shown. To show something * *FormElement.value* = `<string>` - By default, the full path of any already uploaded file is shown. To show something
different, e.g. only the filename, define: :: different, e.g. only the filename, define: ::
a) {{filenameBase:V}} a) {{filenameBase:V}}
b) {{SELECT SUBSTRING_INDEX( '{{pathFileName:R}}', '/', -1) }} b) {{SELECT SUBSTRING_INDEX( '{{pathFileName:R}}', '/', -1) }}
See also `downloadButton`_ to offer a download of an uploaded file. See also `downloadButton`_ to offer a download of an uploaded file.
...@@ -4051,7 +4055,7 @@ Parameter ...@@ -4051,7 +4055,7 @@ Parameter
`pId` in the link who calls the address form. The following creates a 'new' button for an address for all persons, and `pId` in the link who calls the address form. The following creates a 'new' button for an address for all persons, and
the pId will be automatically saved in the address table: :: the pId will be automatically saved in the address table: ::
SELECT CONCAT('p:{{pageAlias:T}}&form=address&r=0&pId=', p.id) AS _pagen FROM Person AS p SELECT CONCAT('p:{{pageAlias:T}}&form=address&r=0&pId=', p.id) AS _pagen FROM Person AS p
Such parameter, which the form expects to be in the SIP url, should be specified in Form.permitNew and/or Form.permitEdit. Such parameter, which the form expects to be in the SIP url, should be specified in Form.permitNew and/or Form.permitEdit.
It's only a check for the webmaster, not to forgot a parameter in a SIP url. It's only a check for the webmaster, not to forgot a parameter in a SIP url.
...@@ -4108,11 +4112,11 @@ Assuming the Typo3 page has the ...@@ -4108,11 +4112,11 @@ Assuming the Typo3 page has the
Configuration in configuration_: :: Configuration in configuration_: ::
formLanguageAId = 1 formLanguageAId = 1
formLanguageALabel = English formLanguageALabel = English
formLanguageBId = 2 formLanguageBId = 2
formLanguageBLabel = Spanish formLanguageBLabel = Spanish
The default language is not covered in configuration_. The default language is not covered in configuration_.
...@@ -4122,31 +4126,31 @@ missing definition means 'take the default'. E.g.: ...@@ -4122,31 +4126,31 @@ missing definition means 'take the default'. E.g.:
* Form: 'person' * Form: 'person'
+--------------------+--------------------------+ +--------------------+--------------------------+
| Column | Value | | Column | Value |
+====================+==========================+ +====================+==========================+
| title | Eingabe Person | | title | Eingabe Person |
+--------------------+--------------------------+ +--------------------+--------------------------+
| languageParameterA | title=Input Person | | languageParameterA | title=Input Person |
+--------------------+--------------------------+ +--------------------+--------------------------+
| languageParameterB | title=Persona de entrada | | languageParameterB | title=Persona de entrada |
+--------------------+--------------------------+ +--------------------+--------------------------+
* FormElement 'firstname' in Form 'person': * FormElement 'firstname' in Form 'person':
+--------------------+------------------------------------------------+ +--------------------+------------------------------------------------+
| Column | Value | | Column | Value |
+====================+================================================+ +====================+================================================+
| title | Vorname | | title | Vorname |
+--------------------+------------------------------------------------+ +--------------------+------------------------------------------------+
| note | Bitte alle Vornamen erfassen | | note | Bitte alle Vornamen erfassen |
+--------------------+------------------------------------------------+ +--------------------+------------------------------------------------+
| languageParameterA | | title=Firstname | | languageParameterA | | title=Firstname |
| | | note=Please give all firstnames | | | | note=Please give all firstnames |
+--------------------+------------------------------------------------+ +--------------------+------------------------------------------------+
| languageParameterB | | title=Persona de entrada | | languageParameterB | | title=Persona de entrada |
| | | note=Por favor, introduzca todos los nombres | | | | note=Por favor, introduzca todos los nombres |
+--------------------+------------------------------------------------+ +--------------------+------------------------------------------------+
The following fields are possible: The following fields are possible:
...@@ -4948,8 +4952,8 @@ Table: Person ...@@ -4948,8 +4952,8 @@ Table: Person
# Typeahead # Typeahead
typeAheadLdapSearch = (|(cn=*?*)(mail=*?*)) typeAheadLdapSearch = (|(cn=*?*)(mail=*?*))
typeAheadLdapValuePrintf ‘%s / %s’, cn, email typeAheadLdapValuePrintf ‘%s / %s’, cn, email
typeAheadLdapIdPrintf ‘%s’, email typeAheadLdapIdPrintf ‘%s’, email
# dynamicUpdate: show note # dynamicUpdate: show note
fillStoreLdap fillStoreLdap
...@@ -5100,9 +5104,9 @@ Only SELECT and SHOW queries will fire subqueries. ...@@ -5100,9 +5104,9 @@ Only SELECT and SHOW queries will fire subqueries.
Processing of the resulting rows and columns: Processing of the resulting rows and columns:
* In general, all columns of all rows will be printed out sequentially. * In general, all columns of all rows will be printed out sequentially.
* On a per column base, printing of columns can be suppressed by starting the column name with an underscore '_'. E.g. * On a per column base, printing of columns can be suppressed by starting the column name with an underscore '_'. E.g.
`SELECT id AS _id`. `SELECT id AS _id`.
This might be useful to store values, which will be used later on in another query via the `{{id:R}}` or This might be useful to store values, which will be used later on in another query via the `{{id:R}}` or
`{{<level>.columnName}}` variable. To suppress printing of a column, use a underscore as column name prefix. E.g. `{{<level>.columnName}}` variable. To suppress printing of a column, use a underscore as column name prefix. E.g.
...@@ -5250,9 +5254,9 @@ Leading / trailing spaces ...@@ -5250,9 +5254,9 @@ Leading / trailing spaces
By default, leading or trailing whitespaces are removed from strings behind '='. E.g. 'rend = test ' becomes 'test' for By default, leading or trailing whitespaces are removed from strings behind '='. E.g. 'rend = test ' becomes 'test' for
rend. To prevent any leading or trailing spaces, surround them by using single or double ticks. Example: :: rend. To prevent any leading or trailing spaces, surround them by using single or double ticks. Example: ::
10.sql = SELECT name FROM Person 10.sql = SELECT name FROM Person
10.rsep = ' ' 10.rsep = ' '
10.head = "Names: " 10.head = "Names: "
Braces character for nesting Braces character for nesting
...@@ -6081,23 +6085,23 @@ Optional any number of sources can be concatenated to a single PDF file: 'C|F:<f ...@@ -6081,23 +6085,23 @@ Optional any number of sources can be concatenated to a single PDF file: 'C|F:<f
Examples in Report:: Examples in Report::
# One file attached. # One file attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf" AS _sendmail
# Two files attached. # Two files attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf|F:fileadmin/detail.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf|F:fileadmin/detail.pdf" AS _sendmail
# Two files and a webpage (converted to PDF) are attached. # Two files and a webpage (converted to PDF) are attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf|F:fileadmin/detail.pdf|p:?id=export&r=123|d:person.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|F:fileadmin/summary.pdf|F:fileadmin/detail.pdf|p:?id=export&r=123|d:person.pdf" AS _sendmail
# Two webpages (converted to PDF) are attached. # Two webpages (converted to PDF) are attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|p:?id=export&r=123|d:person123.pdf|p:?id=export&r=234|d:person234.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|p:?id=export&r=123|d:person123.pdf|p:?id=export&r=234|d:person234.pdf" AS _sendmail
# One file and two webpages (converted to PDF) are *concatenated* to one PDF and attached. # One file and two webpages (converted to PDF) are *concatenated* to one PDF and attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|C|F:fileadmin/summary.pdf|p:?id=export&r=123|p:?id=export&r=234|d:complete.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|C|F:fileadmin/summary.pdf|p:?id=export&r=123|p:?id=export&r=234|d:complete.pdf" AS _sendmail
# One T3 webpage, protected by a SIP, are attached. # One T3 webpage, protected by a SIP, are attached.
10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|p:?id=export&r=123&_sip=1|d:person123.pdf" AS _sendmail 10.sql = SELECT "t:john.doe@example.com|f:company@example.com|s:Latest News|b:The new version is now available.|p:?id=export&r=123&_sip=1|d:person123.pdf" AS _sendmail
.. _column_img: .. _column_img:
...@@ -6212,15 +6216,15 @@ Most of the other Link-Class attributes can be used to customize the link. :: ...@@ -6212,15 +6216,15 @@ Most of the other Link-Class attributes can be used to customize the link. ::
* For column `_pdf` and `_zip`, the element sources `p:...`, `U:...`, `u:...`, `F:...` might repeated multiple times. * For column `_pdf` and `_zip`, the element sources `p:...`, `U:...`, `u:...`, `F:...` might repeated multiple times.
* Example: :: * Example: ::
10.sql = SELECT "F:fileadmin/test.pdf" as _pdf, "F:fileadmin/test.pdf" as _file, "F:fileadmin/test.pdf" as _zip 10.sql = SELECT "F:fileadmin/test.pdf" as _pdf, "F:fileadmin/test.pdf" as _file, "F:fileadmin/test.pdf" as _zip
10.sql = SELECT "p:id=export&r=1" as _pdf, "p:id=export&r=1" as _file, "p:id=export&r=1" as _zip 10.sql = SELECT "p:id=export&r=1" as _pdf, "p:id=export&r=1" as _file, "p:id=export&r=1" as _zip
10.sql = SELECT "t:Download PDF|F:fileadmin/test.pdf" as _pdf, "t:Download PDF|F:fileadmin/test.pdf" as _file, "t:Download ZIP|F:fileadmin/test.pdf" as _zip 10.sql = SELECT "t:Download PDF|F:fileadmin/test.pdf" as _pdf, "t:Download PDF|F:fileadmin/test.pdf" as _file, "t:Download ZIP|F:fileadmin/test.pdf" as _zip
10.sql = SELECT "t:Download PDF|p:id=export&r=1" as _pdf, "t:Download PDF|p:id=export&r=1" as _file, "t:Download ZIP|p:id=export&r=1" as _zip 10.sql = SELECT "t:Download PDF|p:id=export&r=1" as _pdf, "t:Download PDF|p:id=export&r=1" as _file, "t:Download ZIP|p:id=export&r=1" as _zip
10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _pdf, "d:complete.zip|t:Download ZIP|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _zip 10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _pdf, "d:complete.zip|t:Download ZIP|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _zip
10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test.pdf|p:id=export&r=1|u:www.example.com" AS _pdf 10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test.pdf|p:id=export&r=1|u:www.example.com" AS _pdf
.. _column-save-pdf: .. _column-save-pdf:
...@@ -6242,8 +6246,8 @@ Tips: ...@@ -6242,8 +6246,8 @@ Tips:
Examples: :: Examples: ::
SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf" AS _savePdf SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf" AS _savePdf
SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf|U:id=test&--orientation=landscape" AS _savePdf SELECT "d:fileadmin/result.pdf|F:fileadmin/_temp_/test.pdf|U:id=test&--orientation=landscape" AS _savePdf
.. _column-thumbnail: .. _column-thumbnail:
...@@ -6289,17 +6293,17 @@ tag. Something like `<body style="background-image:url(bgimage.jpg)">` could be ...@@ -6289,17 +6293,17 @@ tag. Something like `<body style="background-image:url(bgimage.jpg)">` could be
Example: :: Example: ::
# SIP protected, IMG tag, thumbnail width 150px # SIP protected, IMG tag, thumbnail width 150px
10.sql = SELECT 'T:fileadmin/file3.pdf' AS _thumbnail 10.sql = SELECT 'T:fileadmin/file3.pdf' AS _thumbnail
# SIP protected, IMG tag, thumbnail width 50px # SIP protected, IMG tag, thumbnail width 50px
20.sql = SELECT 'T:fileadmin/file3.pdf|W:50' AS _thumbnail 20.sql = SELECT 'T:fileadmin/file3.pdf|W:50' AS _thumbnail
# No SIP protection, IMG tag, thumbnail width 150px # No SIP protection, IMG tag, thumbnail width 150px
30.sql = SELECT 'T:fileadmin/file3.pdf|s:0' AS _thumbnail 30.sql = SELECT 'T:fileadmin/file3.pdf|s:0' AS _thumbnail
# SIP protected, only the URL to the image, thumbnail width 150px # SIP protected, only the URL to the image, thumbnail width 150px
40.sql = SELECT 'T:fileadmin/file3.pdf|s:1|r:7' AS _thumbnail 40.sql = SELECT 'T:fileadmin/file3.pdf|s:1|r:7' AS _thumbnail
Dimension Dimension
...@@ -6314,7 +6318,7 @@ Cleaning ...@@ -6314,7 +6318,7 @@ Cleaning
By default, the thumbnail directories are never cleaned. It's a good idea to install a cronjob which purges all files By default, the thumbnail directories are never cleaned. It's a good idea to install a cronjob which purges all files
older than 1 year: :: older than 1 year: ::
find /path/to/files -type f -mtime +365 -delete find /path/to/files -type f -mtime +365 -delete
Render Render
'''''' ''''''
...@@ -6337,7 +6341,7 @@ The secure path needs to be protected against direct file access by the webmaste ...@@ -6337,7 +6341,7 @@ The secure path needs to be protected against direct file access by the webmaste
QFQ returns a HTML 'img'-tag: :: QFQ returns a HTML 'img'-tag: ::
<img src="api/download.php?s=badcaffee1234"> <img src="api/download.php?s=badcaffee1234">
Thumbnail: public Thumbnail: public
''''''''''''''''' '''''''''''''''''
...@@ -6490,49 +6494,49 @@ Parameter and (element) sources ...@@ -6490,49 +6494,49 @@ Parameter and (element) sources
the key/value tuple in `p:...`, `u:...` or `U:...` has to be separated by '='. Please see last example below. the key/value tuple in `p:...`, `u:...` or `U:...` has to be separated by '='. Please see last example below.
* If an option contains an '&' it must be escaped with double '\\'. See example. * If an option contains an '&' it must be escaped with double '\\'. See example.
Most of the other Link-Class attributes can be used to customize the link as well. Most of the other Link-Class attributes can be used to customize the link as well.
Example `_link`: :: Example `_link`: ::
# single `file`. Specifying a popup message window text is not necessary, cause a file directly accessed is fast. # single `file`. Specifying a popup message window text is not necessary, cause a file directly accessed is fast.
SELECT "d:file.pdf|s|t:Download|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:file.pdf|s|t:Download|F:fileadmin/pdf/test.pdf" AS _link
# single `file`, with mode # single `file`, with mode
SELECT "d:file.pdf|M:pdf|s|t:Download|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:file.pdf|M:pdf|s|t:Download|F:fileadmin/pdf/test.pdf" AS _link
# three sources: two pages and one file # three sources: two pages and one file
SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1|F:fileadmin/pdf/test.pdf" AS _link
# three sources: two pages and one file # three sources: two pages and one file
SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1|F:fileadmin/pdf/test.pdf" AS _link
# three sources: two pages and one file, parameter to wkhtml will be SIP encoded # three sources: two pages and one file, parameter to wkhtml will be SIP encoded
SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1&_sip=1|p:id=detail2&r=1&_sip=1|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1&_sip=1|p:id=detail2&r=1&_sip=1|F:fileadmin/pdf/test.pdf" AS _link
# three sources: two pages and one file, the second page will be in landscape and pagesize A3 # three sources: two pages and one file, the second page will be in landscape and pagesize A3
SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1&--orientation=Landscape&--page-size=A3|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail&r=1|p:id=detail2&r=1&--orientation=Landscape&--page-size=A3|F:fileadmin/pdf/test.pdf" AS _link
# One source and a header file. Note: the parameter to the header URL is escaped with double backslash. # One source and a header file. Note: the parameter to the header URL is escaped with double backslash.
SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail2&r=1&--orientation=Landscape&--header={{URL:R}}?indexp.php?id=head\\&L=1|F:fileadmin/pdf/test.pdf" AS _link SELECT "d:complete.pdf|s|t:Complete PDF|p:id=detail2&r=1&--orientation=Landscape&--header={{URL:R}}?indexp.php?id=head\\&L=1|F:fileadmin/pdf/test.pdf" AS _link
.. ..
Example `_pdf`, `_zip`: :: Example `_pdf`, `_zip`: ::
# File 1: p:id=1&--orientation=Landscape&--page-size=A3