Merge branch 'master' into punktetool

916e539c · Carsten Rose · 7e13b24e · 2b414f75 · 916e539c · 916e539c
Commit 916e539c authored Mar 14, 2018 by Carsten Rose
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -34,9 +34,37 @@ Features
 ^^^^^^^^

 Bug Fixes
+^^^^^^^^^
+
+
+Version 0.25.13
+---------------
+
+Date: 08.03.18
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^

+* AutoCron: Added doc for autocron. Extend AutoCron.php to be MultiDB aware. Update der AutoCron form.
+* #4720 / Separate Database for Form & FormElement - Multi DB - fixed problem that 'Quick Edit Form / FormElement' has been broken in MultiDB Setup.
+* #5603 / Report: final value of report columns (special column name)
+* Fabric / delete now triggers form.changed / emojis work again
+* #5571 / File Upload: save filesize and mimetype automatically in 'upload mode simple',if those columns exist.
+* #5423 / two new column names 'filesize', 'mimetype'
+* #5571 / File Upload: save filesize and mimetype
+
+  * STORE_VARS contains now 'mimeType' and 'fileSize'.
+  * sqlBefore and sqlAfter will be fired in Upload Advanced and new in Upload Simple as well.
+  * STORE_VARS contains now `filenameOnly`. It can be used in downloadButton=....
+
+Bug Fixes
 ^^^^^^^^^

+* Fabric: Corrected resizing with changed width in editor
+* #5640 / UTF8 encoded strings: MAX LENGTH wrong

 Version 0.25.12
 ---------------

--- a/doc/NewVersion.md
+++ b/doc/NewVersion.md
@@ -47,8 +47,8 @@ Neue Versionsnummer

 6) **New Tag**: 

-   git tag v0.25.12
-   git push -u origin v0.25.12
+   git tag v0.25.13
+   git push -u origin v0.25.13

 7) PhpStorm: **Sync** all files to VM qfq.


--- a/extension/Documentation/Release.rst
+++ b/extension/Documentation/Release.rst
@@ -34,9 +34,37 @@ Features
 ^^^^^^^^

 Bug Fixes
+^^^^^^^^^
+
+
+Version 0.25.13
+---------------
+
+Date: 08.03.18
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^

+* AutoCron: Added doc for autocron. Extend AutoCron.php to be MultiDB aware. Update der AutoCron form.
+* #4720 / Separate Database for Form & FormElement - Multi DB - fixed problem that 'Quick Edit Form / FormElement' has been broken in MultiDB Setup.
+* #5603 / Report: final value of report columns (special column name)
+* Fabric / delete now triggers form.changed / emojis work again
+* #5571 / File Upload: save filesize and mimetype automatically in 'upload mode simple',if those columns exist.
+* #5423 / two new column names 'filesize', 'mimetype'
+* #5571 / File Upload: save filesize and mimetype
+
+  * STORE_VARS contains now 'mimeType' and 'fileSize'.
+  * sqlBefore and sqlAfter will be fired in Upload Advanced and new in Upload Simple as well.
+  * STORE_VARS contains now `filenameOnly`. It can be used in downloadButton=....
+
+Bug Fixes
 ^^^^^^^^^

+* Fabric: Corrected resizing with changed width in editor
+* #5640 / UTF8 encoded strings: MAX LENGTH wrong

 Version 0.25.12
 ---------------

--- a/extension/Documentation/Settings.cfg
+++ b/extension/Documentation/Settings.cfg
@@ -3,7 +3,7 @@

 project     = QFQ - Quick Form Query
 version     = 0.25
-release     = 0.25.12
+release     = 0.25.13
 t3author    = Carsten Rose
 copyright   = since 2017 by the author


--- a/extension/Documentation/_make/conf.py
+++ b/extension/Documentation/_make/conf.py
@@ -59,7 +59,7 @@ copyright = u'2017, Carsten Rose'
 # The short X.Y version.
 version = '0.25'
 # The full version, including alpha/beta/rc tags.
-release = '0.25.12'
+release = '0.25.13'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

--- a/extension/RELEASE.txt
+++ b/extension/RELEASE.txt
@@ -34,9 +34,37 @@ Features
 ^^^^^^^^

 Bug Fixes
+^^^^^^^^^
+
+
+Version 0.25.13
+---------------
+
+Date: 08.03.18
+
+Notes
+^^^^^
+
+Features
+^^^^^^^^

+* AutoCron: Added doc for autocron. Extend AutoCron.php to be MultiDB aware. Update der AutoCron form.
+* #4720 / Separate Database for Form & FormElement - Multi DB - fixed problem that 'Quick Edit Form / FormElement' has been broken in MultiDB Setup.
+* #5603 / Report: final value of report columns (special column name)
+* Fabric / delete now triggers form.changed / emojis work again
+* #5571 / File Upload: save filesize and mimetype automatically in 'upload mode simple',if those columns exist.
+* #5423 / two new column names 'filesize', 'mimetype'
+* #5571 / File Upload: save filesize and mimetype
+
+  * STORE_VARS contains now 'mimeType' and 'fileSize'.
+  * sqlBefore and sqlAfter will be fired in Upload Advanced and new in Upload Simple as well.
+  * STORE_VARS contains now `filenameOnly`. It can be used in downloadButton=....
+
+Bug Fixes
 ^^^^^^^^^

+* Fabric: Corrected resizing with changed width in editor
+* #5640 / UTF8 encoded strings: MAX LENGTH wrong

 Version 0.25.12
 ---------------

--- a/extension/ext_emconf.php
+++ b/extension/ext_emconf.php
@@ -10,6 +10,6 @@ $EM_CONF[$_EXTKEY] = array(
    'dependencies' => 'fluid,extbase',
    'clearcacheonload' => true,
    'state' => 'alpha',
-    'version' => '0.25.12'
+    'version' => '0.25.13'
 );

--- a/extension/qfq/api/delete.php
+++ b/extension/qfq/api/delete.php
@@ -87,7 +87,7 @@ try {
    switch ($modeAnswer) {
        case MODE_JSON:
            if ($flagSuccess) {
-                $answer[API_MESSAGE] = 'delete: success';
+                $answer[API_MESSAGE] = 'Delete';
                $answer[API_REDIRECT] = API_ANSWER_REDIRECT_CLIENT;
                $answer[API_STATUS] = API_ANSWER_STATUS_SUCCESS;
            } else {

--- a/extension/qfq/api/save.php
+++ b/extension/qfq/api/save.php
@@ -63,7 +63,7 @@ try {
    $answer[API_REDIRECT_URL] = $arr[API_REDIRECT_URL];

    $answer[API_STATUS] = API_ANSWER_STATUS_SUCCESS;
-    $answer[API_MESSAGE] = 'save: success';
+    $answer[API_MESSAGE] = 'Save';
    if (isset($data[API_ELEMENT_UPDATE])) {
        $answer[API_ELEMENT_UPDATE] = $data[API_ELEMENT_UPDATE];
    }

--- a/extension/qfq/qfq/AbstractBuildForm.php
+++ b/extension/qfq/qfq/AbstractBuildForm.php
@@ -1102,7 +1102,7 @@ abstract class AbstractBuildForm {

        if ($formElement[FE_MAX_LENGTH] > 0 && $value !== '') {
            // crop string only if it's not empty (substr returns false on empty strings)
-            $value = substr($value, 0, $formElement[FE_MAX_LENGTH]);
+            $value = mb_substr($value, 0, $formElement[FE_MAX_LENGTH]);
        }
        // 'maxLength' needs an upper 'L': naming convention for DB tables!
        if ($formElement[FE_MAX_LENGTH] > 0) {

--- a/extension/qfq/qfq/Evaluate.php
+++ b/extension/qfq/qfq/Evaluate.php
@@ -212,7 +212,7 @@ class Evaluate {
        $dbIndex = $this->dbIndex;

        // Check if the $token starts with '[<int>]...' - yes: open the necessary database.
-        if ($token[0] === '[') {
+        if (strlen($token) > 2 && $token[0] === '[') {
            if ($token[2] !== ']') {
                throw new UserFormException("Missing token ']' in '$token' on position 3", ERROR_TOKEN_MISSING);
            }
@@ -224,6 +224,10 @@ class Evaluate {
            }
        }

+        if ($token === '') {
+            return '';
+        }
+
        if ($token[0] === '!') {
            $token = trim(substr($token, 1));
            $sqlMode = ROW_REGULAR;

--- a/extension/qfq/qfq/database/DatabaseUpdate.php
+++ b/extension/qfq/qfq/database/DatabaseUpdate.php
@@ -116,6 +116,8 @@ class DatabaseUpdate {
        if ($dbUpdate === SYSTEM_DB_UPDATE_ALWAYS || ($dbUpdate === SYSTEM_DB_UPDATE_AUTO && $new != $old)) {
            $this->dbUpdateStatements($old, $new);
            $this->db->playSqlFile(__DIR__ . '/../../sql/formEditor.sql');
+
+            // Finally write the latest version number.
            $this->setDatabaseVersion($new);
        }
    }
@@ -167,6 +169,8 @@ class DatabaseUpdate {
                foreach ($sqlStatements as $sql) {
                    $this->db->sql($sql);
                }
+                // Remember already applied updates - in case something breaks and the update has to be repeated.
+                $this->setDatabaseVersion($new);
            }
        }
    }

--- a/extension/qfq/qfq/report/Report.php
+++ b/extension/qfq/qfq/report/Report.php
@@ -620,7 +620,6 @@ class Report {
                $assoc[REPORT_TOKEN_FINAL_VALUE . $keyAssoc] = $renderedColumn;
            }

-
            if ($flagOutput) {
                //prints
                $content .= $this->variables->doVariables($fsep);
@@ -659,10 +658,16 @@ class Report {
        $flagOutput = true;
        $dummy = false;

-        // Empty column names are allowed: check with isset
+        // Special column name:  '_...'? Empty column names are allowed: check with isset
        if (isset($columnName[0]) && $columnName[0] === TOKEN_COLUMN_CTRL) {
            $flagControl = true;
            $columnName = substr($columnName, 1);
+
+            // Special column name and hide output: '__...'? (double '_' at the beginning)
+            if (isset($columnName[0]) && $columnName[0] === TOKEN_COLUMN_CTRL) {
+                $flagOutput = false;
+                $columnName = substr($columnName, 1);
+            }
        }

        //TODO: reserved names,not starting with '_' will be still accepted - stop this!

--- a/extension/qfq/qfq/store/Session.php
+++ b/extension/qfq/qfq/store/Session.php
@@ -23,23 +23,31 @@ class Session {
     * @throws CodeException
     */
    private function __construct($phpUnit = false) {
+
        if (self::$phpUnit !== null) {
            throw new CodeException("Try to set flag phpunit again - that should not happen.", ERROR_CODE_SHOULD_NOT_HAPPEN);
        }

        self::$phpUnit = $phpUnit;
+
        if (self::$phpUnit === true) {
            self::$sessionLocal = array();
        } else {
            ini_set('session.cookie_httponly', 1);

+            $lifetime = 86400; // one day
+
            $path = $this->getSitePath();
-            session_set_cookie_params(0, $path);
+            session_set_cookie_params($lifetime, $path);
+            $currentCookieParams = session_get_cookie_params();

            session_name(SESSION_NAME);

            session_start();

+            // Currently, setcookie() is only called to really extend the lifetime. All other parameter needs to be given again.
+            setcookie(SESSION_NAME, session_id(), time() + $lifetime, $path, $currentCookieParams['domain'], $currentCookieParams['secure'], true);
+
            self::$sessionId = session_id();
        }

@@ -62,6 +70,7 @@ class Session {

        $path = $_SERVER['SCRIPT_NAME'];
        $pos = strrpos($path, '/');
+
        if ($pos === false) {
            throw new CodeException("Broken _SERVER[SCRIPT_NAME]: $path", ERROR_SESSION_BROKEN_SCRIPT_PATH);
        }
@@ -97,6 +106,7 @@ class Session {
     * Destroy a session - this is only needed in case of attacks
     */
    public static function destroy() {
+
        session_destroy();
        $_SESSION = array();

@@ -116,6 +126,7 @@ class Session {
     *
     */
    public static function open() {
+
        if (self::$sessionOpen != true && self::$sessionId != null) {
            session_id(self::$sessionId);
            session_start();
@@ -148,9 +159,9 @@ class Session {
            $feUidLoggedIn = $feUserUidSession;
        }

-        if ($feUidLoggedIn !== $feUserUidSession) {
+        if ($feUidLoggedIn != $feUserUidSession) {
            // destroy existing session store
-            Session::clearAll();
+//            Session::clearAll(); // #5668 / Broken SIP after login - is it really a security improvement to destroy the SIP store in case the feUser changes? Probably not.

            // save new feUserUid, feUserName
            Session::set(SESSION_FE_USER_UID, $feUidLoggedIn);

--- a/version
+++ b/version
-0.25.12
+0.25.13