Merge branch 'master' into 'develop'

Master

See merge request !303

.gitlab-ci.yml

@@ -2,6 +2,7 @@ before_script:
   - VERSION=`cat ./version`
   - RELDATE=`date '+%Y%m%d%H%M'`
   - mkdir build || true
+  - echo "Host `hostname`, User `id`"
 
 variables:
   SELENIUM_LOGS_PATH: "/scratch/tmp/7/"

CHANGELOG.md

@@ -23,7 +23,7 @@ Release
 =======
 
 
-Version 20.x.x
+Version 21.x.x
 --------------
 
 Date: <date>
@@ -37,6 +37,32 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
+Version 21.2.0
+--------------
+
+Date: 01.02.2021
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^
+
+* #10286 / Download Links: Glyphicon selbst wählen/ausblenden
+* #11878 / Purge extension option config.documentation
+* #6793 / Source files for ZIP archives might now specified with a path/filename how they are called inside the ZIP.
+
+Bug Fixes
+^^^^^^^^^
+
+* #11925 / downloadButton Parameter 'd:Filename'
+* #9355 / Increase column width header & attach
+* #11865 / Form Editor exception when edited after saved
+* #11798 / Use T3 password hashing API instead of hack
+* #11750 / Checkbox does not work together correctly with required fields
+* #11666 / PHP 7.4: Trying to access array offset on value of type int
+* #11245 / If forwardMode column is set to '', set forwardMode to 'auto'
+
 Version 20.11.0
 ---------------
 
@@ -73,10 +99,9 @@ Date: 06.09.2020
 Notes
 ^^^^^
 
-New table 'uniq' to guarantee uniq random strings.
-New SIP protected AJAX calls.
-Report now fires calls to websocket (remote hosts).
-Report now fires REST calls to remote hosts.
+* New SIP protected AJAX calls.
+* Report now fires calls to websocket (remote hosts).
+* Report now fires REST calls to remote hosts.
 
 Features
 ^^^^^^^^
@@ -209,9 +234,9 @@ Notes
 * Add new keyword 'render' in tt-content Report and QFQ config. 'render' will control if a) only Form OR Report will be
   rendered  (render=single) or b) as previous Form AND Report together (render=both).
 
-  Advantage: with 'render=single' no more SELECT ... FROM (SELECT '') AS fake WHERE '{{form:SE}}'=''.
+  * Advantage: with 'render=single' no more SELECT ... FROM (SELECT '') AS fake WHERE '{{form:SE}}'=''.
 
-  Attention: NEW default behaviour in new QFQ installations - render=single. Behaviour in old installations is unchanged.
+  * Attention: NEW default behaviour in new QFQ installations - render=single. Behaviour in old installations is unchanged.
 
 * tt-content records with 'render = api' can stay on the same page as the link to get the content (e.g. Excel Export).
 * Change default doc page to qfq.io/doc.
@@ -338,9 +363,6 @@ Version 19.11.3
 
 Date: 29.11.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -388,7 +410,7 @@ Notes
 
 * Enhance formModeGlobal=requiredOff/-ButMark (temporarily skipRequiredCheck): fill's '{{allRequiredGiven:V}}' before
   save to 1 (all given) else 0.
-  Offers user to save form, even if not all required data are given and offers application logic to check easily if all
+* Offers user to save form, even if not all required data are given and offers application logic to check easily if all
   required fields has been filled.
 
 Features
@@ -575,9 +597,6 @@ Version 19.8.0
 
 Date: 28.08.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -1082,9 +1101,6 @@ Version 19.1.0
 
 Date: 03.01.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -1697,7 +1713,7 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
-* #5706 / Fixed that problematic characters in 'fileDestination' has not been sanatized.
+* #5706 / Fixed that problematic characters in 'fileDestination' has not been sanitized.
 * Fixed problem with buttons clipping trough alert.
 * Client: wrong variable, updated CSS for long errors.
 
@@ -1845,7 +1861,7 @@ Notes
 Features
 ^^^^^^^^
 
-* #5022 / Variable violates sanatize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!".
+* #5022 / Variable violates santize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!".
 * #4813 / Exception during form load: show 'form edit link' if editor is logged in.
 * formEditor.sql: Increas size of Form.title to give more room for SQL statements in.
 * Manual.rst: enhance debug tipps.
@@ -2418,7 +2434,7 @@ Bug Fixes
 ^^^^^^^^^
 
 * #3953 / Radio buttons: Auswahl nicht angezeigt, wenn per itemList definiert.
-* #3982 / Filename Sanatize: remove spaces. Filename not properbly enclosed by double ticks.
+* #3982 / Filename Santize: remove spaces. Filename not properbly enclosed by double ticks.
 
 Version 0.18.6
 --------------
@@ -2612,7 +2628,7 @@ Features
 * #3218, #3600 / download.php / export: QFQ is now able to create PDFs and ZIPs on the fly. The sources might be
   uploaded PDFs or Websites (local or remote) which will be converted to PDFs.
 * Implement 'encode=specialchar' - new option per FormElement which is now the default for every FormElement.
-* Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
+* Santize.php: New function urlDecodeArr(). Decode all _GET vars.
 * Implemented max GET parameter lenght. Default: 50.
 * Implemented new escape class 'mysql' (realEscapeString).
 * LICENSE.txt: Add GPLv3.
@@ -2699,8 +2715,8 @@ Bug Fixes
     new `explodeTemplateGroupElements()`
 
 * TypeAhead.js: Handle <ENTER> key properly.
-* #3462 / FormElement.parameter: requiredList not ok for non numeric content. STORE_FORM had been called without 'sanatize class'.
-  Therefore, all non numeric values has been sanatized by default. New: SANATIZE_ALLOW_ALL.
+* #3462 / FormElement.parameter: requiredList not ok for non numeric content. STORE_FORM had been called without 'santize class'.
+  Therefore, all non numeric values has been sanitized by default. New: SANITIZE_ALLOW_ALL.
 * Corrected error message to use 'itemList' instead of 'itemValues'. Renamed constant too.
 * #2542 / FormElement-Typ 'note' funktioniert nicht mit dynamic update. 'Label' and 'note' are fixed - 'value' is still not updated, open.
 
@@ -2911,7 +2927,7 @@ Features
   * Multiple / Advanced Upload: new logic implements slaveId, sqlInsert, sqlUpdate, sqlDelete.
 
 * FormElement.parameter: sqlBefore / sqlAfter fired during 'Form' save for action elements.
-* STORE FORM: variable 'filename' moved to STORE VAR - sanatize class needs no longer specified.
+* STORE FORM: variable 'filename' moved to STORE VAR - sanitize class needs no longer specified.
 * STORE VAR: two new variables 'filename' and 'fileDestination' valid during processing of current upload FormElement.
 * Default store priority list changed. Old: 'FSRD', New: 'FSRVD'.
 * CODING.md: update doc for FormElement 'upload' and general 'Form' rendering & save (recursive rendering).
@@ -2971,7 +2987,7 @@ Features
 
 * Added STORE_BEFORE, #3146 - Mainly used to compare old and new values during a form 'save' action.
 * Added 'best practice' for defining and using of 'Central configure values' in UserManual.
-* Added accent characters to sanatize class 'alnumx', #3183.
+* Added accent characters to sanitize class 'alnumx', #3183.
 * Set default all QFQ send mails to 'auto-submit'.
 * Added possibility to customize error messages ('data-pattern-error', 'data-rquired-error', 'data-match-error',
   'data-error') if validation fails. Customization can be done on global level (config.qfq.ini), per Form or per FormElement.

Documentation-develop/NewVersion.md

@@ -20,8 +20,8 @@ Neue Versionsnummer
    * **All commits since last tag**:
      git log $(git describe --tags --abbrev=0)..HEAD --oneline | cut -c9- > /tmp/out; pluma  /tmp/out
 
-       * All commits since tag 'v19.12.0'
-         git log v19.12.0..HEAD --oneline
+       * All commits since tag 'v20.11.0'
+         git log v20.11.0..HEAD --oneline
 
        * complicated:
          git log | grep -v -e '^commit ' -e  '^Author: ' -e '^Date: ' -e '^Merge: ' > /tmp/out; pluma  /tmp/out
@@ -44,7 +44,7 @@ Neue Versionsnummer
 
    **Achtung**: die Release Minor darf KEINE fuehrenden Nullen enthalten!!! Ansonsten funktioniert die Verteilung vie TER nicht.
 
-   **Auto**: ./setVersion.sh 20.11.0
+   **Auto**: ./setVersion.sh 21.2.0
 
    Manuell:
      * extension/Documentation/_make/conf.py: release, version-
@@ -59,12 +59,12 @@ Neue Versionsnummer
 
    * Commit & Push new version changes to master branch:
 
-     New version 20.11.0
+     New version 21.2.0
 
 7) **New Tag**:
 
-   git tag v20.11.0
-   git push -u origin v20.11.0
+   git tag v21.2.0
+   git push -u origin v21.2.0
 
 8) **Merge 'master' into 'develop'**
 

Documentation/Release.rst

@@ -23,7 +23,7 @@ Release
 =======
 
 
-Version 20.x.x
+Version 21.x.x
 --------------
 
 Date: <date>
@@ -37,6 +37,32 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
+Version 21.2.0
+--------------
+
+Date: 01.02.2021
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^
+
+* #10286 / Download Links: Glyphicon selbst wählen/ausblenden
+* #11878 / Purge extension option config.documentation
+* #6793 / Source files for ZIP archives might now specified with a path/filename how they are called inside the ZIP.
+
+Bug Fixes
+^^^^^^^^^
+
+* #11925 / downloadButton Parameter 'd:Filename'
+* #9355 / Increase column width header & attach
+* #11865 / Form Editor exception when edited after saved
+* #11798 / Use T3 password hashing API instead of hack
+* #11750 / Checkbox does not work together correctly with required fields
+* #11666 / PHP 7.4: Trying to access array offset on value of type int
+* #11245 / If forwardMode column is set to '', set forwardMode to 'auto'
+
 Version 20.11.0
 ---------------
 

Documentation/Report.rst

@@ -1506,24 +1506,40 @@ Most of the other Link-Class attributes can be used to customize the link. ::
 
     10.sql = SELECT "[options]" AS _pdf, "[options]" AS _file, "[options]" AS _zip
 
-    with: [options] = [d:<exportFilename][|p:<params>][|U:<params>][|u:<url>][|F:file][|t:<text>][|a:<message>][|o:<tooltip>][|c:<class>][|r:<render mode>]
+    with: [options] = [d:<exportFilename][|p:<params>][|U:<params>][|u:<url>][|F:file[:path/file in zip]][|t:<text>][|a:<message>][|o:<tooltip>][|c:<class>][|r:<render mode>]
 
 
 * Parameter are position independent.
 * *<params>*: see :ref:`download-parameter-files`
 * For column `_pdf` and `_zip`, the element sources `p:...`, `U:...`, `u:...`, `F:...` might repeated multiple times.
+* For column `_zip`, an optional parameter might define the path and filename inside the ZIP: `F:<orig filename>:<inside ZIP path and filename>`
 * To only render the page content without menus add the parameter `type=2`. For example: `U:id=pageToPrint&type=2&_sip=1&r=', r.id`
 * Example::
 
-    10.sql = SELECT "F:fileadmin/test.pdf" as _pdf,  "F:fileadmin/test.pdf" as _file,  "F:fileadmin/test.pdf" as _zip
-    10.sql = SELECT "p:id=export&r=1" as _pdf,  "p:id=export&r=1" as _file,  "p:id=export&r=1" as _zip
+    # ... AS _file
+    10.sql = SELECT "F:fileadmin/test.pdf" as _pdf
+    20.sql = SELECT "p:id=export&r=1" as _pdf
+    30.sql = SELECT "t:Download PDF|F:fileadmin/test.pdf" as _pdf
+    40.sql = SELECT "t:Download PDF|p:id=export&r=1" as _pdf
+    50.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _pdf
+    60.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test.pdf|p:id=export&r=1|u:www.example.com" AS _pdf
+
+    # ... AS _file
+    100.sql = SELECT "F:fileadmin/test.pdf" as _file
+    110.sql = SELECT "p:id=export&r=1" as _file
+    120.sql = SELECT "t:Download PDF|F:fileadmin/test.pdf" as _file
+    130.sql = SELECT "t:Download PDF|p:id=export&r=1" as _file
+
+    # ... AS _zip
+    200.sql = SELECT "F:fileadmin/test.pdf" as _zip
+    210.sql = SELECT "p:id=export&r=1" as _zip
+    220.sql = SELECT "t:Download ZIP|F:fileadmin/test.pdf" as _zip
+    230.sql = SELECT "t:Download ZIP|p:id=export&r=1" as _zip
+    # Several files
+    240.sql = SELECT "d:complete.zip|t:Download ZIP|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _zip
+    # Several files with new path/filename
+    250.sql = SELECT "d:complete.zip|t:Download ZIP|F:fileadmin/test1.pdf:data/file-1.pdf|F:fileadmin/test2.pdf:data/file-2.pdf" as _zip
 
-    10.sql = SELECT "t:Download PDF|F:fileadmin/test.pdf" as _pdf,  "t:Download PDF|F:fileadmin/test.pdf" as _file,  "t:Download ZIP|F:fileadmin/test.pdf" as _zip
-    10.sql = SELECT "t:Download PDF|p:id=export&r=1" as _pdf,  "t:Download PDF|p:id=export&r=1" as _file,  "t:Download ZIP|p:id=export&r=1" as _zip
-
-    10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _pdf, "d:complete.zip|t:Download ZIP|F:fileadmin/test1.pdf|F:fileadmin/test2.pdf" as _zip
-
-    10.sql = SELECT "d:complete.pdf|t:Download PDF|F:fileadmin/test.pdf|p:id=export&r=1|u:www.example.com" AS _pdf
 
 .. _column-save-pdf:
 

Documentation/Settings.cfg

@@ -21,8 +21,8 @@
 ; you can use in 'conf.py'
 
 project = QFQ - Quick Form Query
-version = 20.11
-release = 20.11.0
+version = 21.2
+release = 21.2.0
 t3author = Carsten Rose
 copyright = since 2017 by the author
 

Documentation/conf.py

@@ -62,9 +62,9 @@ author = 'Carsten Rose, Benjamin Baer, Marc Egger'
 # built documents.
 #
 # The short X.Y version.
-version = '20.11'
+version = '21.2'
 # The full version, including alpha/beta/rc tags.
-release = '20.11.0'
+release = '21.2.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

Documentation/index.rst

@@ -87,8 +87,8 @@ This documentation is for the TYPO3 extension **qfq**.
    ApplicationTest
    GeneralTips
    CodingGuideline
-   Release
    License
    Sitemap
    SearchDocs
+   Release
 

extension/Classes/Core/Database/DatabaseUpdateData.php

@@ -194,7 +194,7 @@ $UPDATE_ARRAY = array(
         "ALTER TABLE `FormElement` CHANGE `label` `label` VARCHAR(1023) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';",
     ],
 
-    '21.1.0' => [
+    '21.2.0' => [
         "ALTER TABLE `Form` ADD `fileStats` VARCHAR(255) NOT NULL DEFAULT '' AFTER `deleted`;",
         "ALTER TABLE `MailLog` CHANGE `header` `header` VARCHAR(2048) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';",
         "ALTER TABLE `MailLog` CHANGE `attach` `attach` VARCHAR(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';",

extension/Classes/Core/Report/Download.php

@@ -356,7 +356,7 @@ class Download {
     /**
      * Interprets $element and fetches corresponding content, either as a file or the content in a variable.
      *
-     * @param string $element - U:id=myExport&r=12, u:http://www.nzz.ch/issue?nr=21, f:fileadmin/sample.pdf
+     * @param string $element - U:id=myExport&r=12, u:http://www.nzz.ch/issue?nr=21, F:fileadmin/sample.pdf
      *
      * @param string $downloadMode - DOWNLOAD_MODE_EXCEL | ....
      * @param string $rcData - With $downloadMode=DOWNLOAD_MODE_EXCEL, this contains the rendered code from the given T3 page.
@@ -498,15 +498,17 @@ class Download {
 
         $len = strlen(TMP_FILE_PREFIX);
         $ii = 1;
-        foreach ($files as $filename) {
-            $localName = substr($filename, strrpos($filename, '/') + 1);
+        foreach ($files as $item) {
+            $arr = explode(PARAM_TOKEN_DELIMITER, $item);
+            $filename = $arr[0] ?? '';
+            $localName = ($arr[1] == '') ? substr($filename, strrpos($filename, '/') + 1) : $arr[1];
 
             if (substr($localName, 0, $len) == TMP_FILE_PREFIX) {
                 $localName = 'file-' . $ii;
                 $ii++;
             }
 
-            $zip->addFile($filename, $localName);
+            $zip->addFile($filename, Sanitize::safeFilename($localName, false, true));
         }
         $zip->close();
 

extension/RELEASE.txt

@@ -23,7 +23,7 @@ Release
 =======
 
 
-Version 20.x.x
+Version 21.x.x
 --------------
 
 Date: <date>
@@ -37,6 +37,32 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
+Version 21.2.0
+--------------
+
+Date: 01.02.2021
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^
+
+* #10286 / Download Links: Glyphicon selbst wählen/ausblenden
+* #11878 / Purge extension option config.documentation
+* #6793 / Source files for ZIP archives might now specified with a path/filename how they are called inside the ZIP.
+
+Bug Fixes
+^^^^^^^^^
+
+* #11925 / downloadButton Parameter 'd:Filename'
+* #9355 / Increase column width header & attach
+* #11865 / Form Editor exception when edited after saved
+* #11798 / Use T3 password hashing API instead of hack
+* #11750 / Checkbox does not work together correctly with required fields
+* #11666 / PHP 7.4: Trying to access array offset on value of type int
+* #11245 / If forwardMode column is set to '', set forwardMode to 'auto'
+
 Version 20.11.0
 ---------------
 
@@ -73,10 +99,9 @@ Date: 06.09.2020
 Notes
 ^^^^^
 
-New table 'uniq' to guarantee uniq random strings.
-New SIP protected AJAX calls.
-Report now fires calls to websocket (remote hosts).
-Report now fires REST calls to remote hosts.
+* New SIP protected AJAX calls.
+* Report now fires calls to websocket (remote hosts).
+* Report now fires REST calls to remote hosts.
 
 Features
 ^^^^^^^^
@@ -209,9 +234,9 @@ Notes
 * Add new keyword 'render' in tt-content Report and QFQ config. 'render' will control if a) only Form OR Report will be
   rendered  (render=single) or b) as previous Form AND Report together (render=both).
 
-  Advantage: with 'render=single' no more SELECT ... FROM (SELECT '') AS fake WHERE '{{form:SE}}'=''.
+  * Advantage: with 'render=single' no more SELECT ... FROM (SELECT '') AS fake WHERE '{{form:SE}}'=''.
 
-  Attention: NEW default behaviour in new QFQ installations - render=single. Behaviour in old installations is unchanged.
+  * Attention: NEW default behaviour in new QFQ installations - render=single. Behaviour in old installations is unchanged.
 
 * tt-content records with 'render = api' can stay on the same page as the link to get the content (e.g. Excel Export).
 * Change default doc page to qfq.io/doc.
@@ -338,9 +363,6 @@ Version 19.11.3
 
 Date: 29.11.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -388,7 +410,7 @@ Notes
 
 * Enhance formModeGlobal=requiredOff/-ButMark (temporarily skipRequiredCheck): fill's '{{allRequiredGiven:V}}' before
   save to 1 (all given) else 0.
-  Offers user to save form, even if not all required data are given and offers application logic to check easily if all
+* Offers user to save form, even if not all required data are given and offers application logic to check easily if all
   required fields has been filled.
 
 Features
@@ -575,9 +597,6 @@ Version 19.8.0
 
 Date: 28.08.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -1082,9 +1101,6 @@ Version 19.1.0
 
 Date: 03.01.2019
 
-Notes
-^^^^^
-
 Features
 ^^^^^^^^
 
@@ -1697,7 +1713,7 @@ Features
 Bug Fixes
 ^^^^^^^^^
 
-* #5706 / Fixed that problematic characters in 'fileDestination' has not been sanatized.
+* #5706 / Fixed that problematic characters in 'fileDestination' has not been sanitized.
 * Fixed problem with buttons clipping trough alert.
 * Client: wrong variable, updated CSS for long errors.
 
@@ -1845,7 +1861,7 @@ Notes
 Features
 ^^^^^^^^
 
-* #5022 / Variable violates sanatize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!".
+* #5022 / Variable violates santize class: 'msg' instead of empty string - new identifier "!!<sanitize class>!!".
 * #4813 / Exception during form load: show 'form edit link' if editor is logged in.
 * formEditor.sql: Increas size of Form.title to give more room for SQL statements in.
 * Manual.rst: enhance debug tipps.
@@ -2418,7 +2434,7 @@ Bug Fixes
 ^^^^^^^^^
 
 * #3953 / Radio buttons: Auswahl nicht angezeigt, wenn per itemList definiert.
-* #3982 / Filename Sanatize: remove spaces. Filename not properbly enclosed by double ticks.
+* #3982 / Filename Santize: remove spaces. Filename not properbly enclosed by double ticks.
 
 Version 0.18.6
 --------------
@@ -2612,7 +2628,7 @@ Features
 * #3218, #3600 / download.php / export: QFQ is now able to create PDFs and ZIPs on the fly. The sources might be
   uploaded PDFs or Websites (local or remote) which will be converted to PDFs.
 * Implement 'encode=specialchar' - new option per FormElement which is now the default for every FormElement.
-* Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
+* Santize.php: New function urlDecodeArr(). Decode all _GET vars.
 * Implemented max GET parameter lenght. Default: 50.
 * Implemented new escape class 'mysql' (realEscapeString).
 * LICENSE.txt: Add GPLv3.
@@ -2699,8 +2715,8 @@ Bug Fixes
     new `explodeTemplateGroupElements()`
 
 * TypeAhead.js: Handle <ENTER> key properly.
-* #3462 / FormElement.parameter: requiredList not ok for non numeric content. STORE_FORM had been called without 'sanatize class'.
-  Therefore, all non numeric values has been sanatized by default. New: SANATIZE_ALLOW_ALL.
+* #3462 / FormElement.parameter: requiredList not ok for non numeric content. STORE_FORM had been called without 'santize class'.
+  Therefore, all non numeric values has been sanitized by default. New: SANITIZE_ALLOW_ALL.
 * Corrected error message to use 'itemList' instead of 'itemValues'. Renamed constant too.
 * #2542 / FormElement-Typ 'note' funktioniert nicht mit dynamic update. 'Label' and 'note' are fixed - 'value' is still not updated, open.
 
@@ -2911,7 +2927,7 @@ Features
   * Multiple / Advanced Upload: new logic implements slaveId, sqlInsert, sqlUpdate, sqlDelete.
 
 * FormElement.parameter: sqlBefore / sqlAfter fired during 'Form' save for action elements.
-* STORE FORM: variable 'filename' moved to STORE VAR - sanatize class needs no longer specified.
+* STORE FORM: variable 'filename' moved to STORE VAR - sanitize class needs no longer specified.
 * STORE VAR: two new variables 'filename' and 'fileDestination' valid during processing of current upload FormElement.
 * Default store priority list changed. Old: 'FSRD', New: 'FSRVD'.
 * CODING.md: update doc for FormElement 'upload' and general 'Form' rendering & save (recursive rendering).
@@ -2971,7 +2987,7 @@ Features
 
 * Added STORE_BEFORE, #3146 - Mainly used to compare old and new values during a form 'save' action.
 * Added 'best practice' for defining and using of 'Central configure values' in UserManual.
-* Added accent characters to sanatize class 'alnumx', #3183.
+* Added accent characters to sanitize class 'alnumx', #3183.
 * Set default all QFQ send mails to 'auto-submit'.
 * Added possibility to customize error messages ('data-pattern-error', 'data-rquired-error', 'data-match-error',
   'data-error') if validation fails. Customization can be done on global level (config.qfq.ini), per Form or per FormElement.

extension/Tests/Unit/Core/Helper/TokenTest.php

@@ -18,6 +18,33 @@ use PHPUnit\Framework\TestCase;
  */
 class TokenTest extends TestCase {
 
+    public function testExplodeTokenString() {
+
+        // Edge cases: flagAssoc=true
+        $this->assertEquals(array(), Token::explodeTokenString(''));
+        $this->assertEquals(['   ' => ''], Token::explodeTokenString('   '));
+
+        $this->assertEquals(['' => ''], Token::explodeTokenString(':'));
+        $this->assertEquals(['' => '::'], Token::explodeTokenString(':::'));
+
+        $this->assertEquals(array(), Token::explodeTokenString('|'));
+        $this->assertEquals(array(), Token::explodeTokenString('|||'));
+
+        $this->assertEquals(['1' => ''], Token::explodeTokenString('1'));
+        $this->assertEquals(['T' => ''], Token::explodeTokenString('T:'));
+
+        $this->assertEquals(['T' => '', 'W' => ''], Token::explodeTokenString('T|W'));
+
+        $this->assertEquals(['T' => '', 'W' => ''], Token::explodeTokenString('||T|W||'));
+
+        // Regular
+        $this->assertEquals(['T' => 'arg1'], Token::explodeTokenString('T:arg1'));
+        $this->assertEquals(['T' => 'arg1', 'W' => 'arg2'], Token::explodeTokenString('T:arg1|W:arg2'));
+        $this->assertEquals(['T' => 'arg1:arg1.1', 'W' => 'arg2'], Token::explodeTokenString('T:arg1:arg1.1|W:arg2'));
+        $this->assertEquals(['T' => ':arg1:arg1.1::', 'W' => 'arg2'], Token::explodeTokenString('T::arg1:arg1.1::|W:arg2'));
+    }
+
+
     public function testExplodeDimension() {
 
         $this->assertEquals('', Token::explodeDimension(''));

extension/ext_emconf.php

@@ -12,7 +12,7 @@ $EM_CONF['qfq'] = array(
     'dependencies' => 'fluid,extbase',
     'clearcacheonload' => true,
     'state' => 'stable',
-    'version' => '20.11.0',
+    'version' => '21.2.0',
     'constraints' => [
         'depends' => [
             'typo3' => '7.0.0-10.9.99',

version

-20.11.0
+21.2.0