1. 24 May, 2017 1 commit
  2. 23 May, 2017 2 commits
  3. 22 May, 2017 1 commit
  4. 18 May, 2017 2 commits
  5. 12 May, 2017 2 commits
  6. 09 May, 2017 1 commit
    • Carsten  Rose's avatar
      #3679, Automatic DB update - Schema & FormEditor · 05b32a30
      Carsten Rose authored
      For updates of QFQ prior to 0.17.0, do:   ALTER TABLE  `Form` COMMENT =  'Version=<your old QFQ version>'
      DatabaseUpdate.php, DatabaseUpdateData.php: new class.
      QuickFormQuery.php: Add DB UpdateCheck
      Database.php: moved to new subdirectory `database`. Add 'ALTER' as a new SQL command.
      FormAction.php, TypeAhead.php, Report.php, Sendmail.php, FillStoreForm.php, Store.php, AbstractBuild.php, Delete.php, Evaluate.php: Update path to Database.php.
      05b32a30
  7. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Encoding and Honepot vars. · bd606a8f
      Carsten Rose authored
      Manual.rst: small abstract about implemented security enhancements in QFQ.
      Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
      AbstractBuildForm.php, BuildFormBootstrap.php: form head now contains the honeypot vars.
      bd606a8f
  8. 23 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      Implement 'encode=specialchar' - new option per formElement. · 434cac36
      Carsten Rose authored
      Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
      Play: formEditor.sql
      
      Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.
      
      FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
      AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
      formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.
      434cac36
  9. 13 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3573 / TypeaheadLdap: Prefetch funktioniert nicht · d645dee0
      Carsten Rose authored
      Manual.rst: Prefetch doc enhanced.
      Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
      AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed
      d645dee0
  10. 12 Apr, 2017 1 commit
  11. 10 Apr, 2017 1 commit
  12. 09 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3536 / a) Datum (datetime / timestamp) werden nicht angezeigt, b) Angezeigte... · 502efdb9
      Carsten Rose authored
      #3536 / a) Datum (datetime / timestamp) werden nicht angezeigt, b) Angezeigte Datumsformat String und aktzeptierte Eingabe matchen nicht
      Neu wird bei QFQ date/time/datetime kein HTML INPUT type=date|time|datetime-local mehr generiert, sondern ein 'text' - damit verlieren wir die Browserinternen Datepicker (Chrome, Opera) aber gewinnen die Kontrolle die Datumsformateingabe zurueck.
      502efdb9
  13. 05 Apr, 2017 1 commit
  14. 04 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3502 / TemplateGroups: Checkboxen werden beim ersten Speichern (insert) nicht... · 246aeeab
      Carsten Rose authored
      #3502 / TemplateGroups: Checkboxen werden beim ersten Speichern (insert) nicht geschrieben - ein anschliessendes Update ist ok
      Das Problem tritt nur auf bei MultiCheckboxen. Neu werden im Store  STORE_ADDITIONAL_FORM_ELEMENTS (ist bereits frueher, extra fuer Checkboxen, eingefuehrt worden) fuer alle TemplateGroup FEs (type=checkbox) die Fake Elemente angelegt. Dazu wird neu NAME_TG_COPIES in dem FEs gefuellt mit dem 'TG max copies'-Wert.
      246aeeab
  15. 03 Apr, 2017 1 commit
  16. 02 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3385 / templateGroup: insert/update/delete non primary records · 8db50d60
      Carsten Rose authored
      Manual.rst: update doc how to insert/update/delete non primary templateGroup records.
      FormAction.php: removed $templateGroupIndex - solved implicit by defining a LIMIT on 'slaveId' . Implemented '%D' (one below %d). Implemented FE_SQL_HONOR_FORM_ELEMENTS - reduces unecassary SQL queries.
      HelperFormElement.php: moved function 'explodeTemplateGroupElements()' to 'QuickFormQuery.php'
      Database.php: remove call to explodeTemplateGroupElements() - not necessary at that place.
      QuickFormQuery.php: fill STORE_RECORD during Formload - to read templateGroup records very early. Local copy of `getNativeFormElements()`, new `explodeTemplateGroupElements()`
      8db50d60
  17. 30 Mar, 2017 1 commit
  18. 29 Mar, 2017 2 commits
    • Carsten  Rose's avatar
      #3463 / form.mode=readonly · d84dad1a
      Carsten Rose authored
      Implemented the option to make a form `readonly`. this can be done statically or dynamically via variable (e.g. SIP).
      QuickFormQuery.php, AbstractBuildForm.php: Force 'readonly' by overwriting FormElement individual 'mode' setting.
      BuildFormBootstrap.php: Introduced new variable F_SHOW_BUTTON.
      d84dad1a
    • Carsten  Rose's avatar
      #3447 / Icons das man im FrontEnd direkt das gewaehlte FormElement im... · e96bb108
      Carsten Rose authored
      #3447 / Icons das man im FrontEnd direkt das gewaehlte FormElement im Formulareditor bearbeiten kann.
      AbstractBuildForm.php: Add checkbox left to the 'EditForm'-Button to toogle the 'FormElemnt'-Icons -as the regular 'Form Edit'-Pencil, the 'FormElement Checkbox' is only displayed if the user is logged in BE.
      BuildFormBootstrap.php: new function 'buildEditFormElementCheckbos()'
      e96bb108
  19. 28 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3456 / LDAP: with Credentials to access 'webpass' · 8cb94e92
      Carsten Rose authored
      Manual.rst: Updated doc for a) config.qfq.ini: LDAP_1_RDN, LDAP_1_PASSWORD, b) Form.parameter|FormElement.parameter: ldapUseBindCredentials
      ErrorHandler.php: removed details - the end user should not too many details.
      FormAction.php, Ldap.php, QuickFormQuery.php: implement 'ldapUseBindCredentials'
      Ldap.php: set_error_handler() to catch ldap_bind() problems. Always set LDAP_OPT_PROTOCOL_VERSION=3 - this might cause problems with som LDAP Servers - we will see.
      8cb94e92
  20. 27 Mar, 2017 3 commits
  21. 26 Mar, 2017 2 commits
  22. 25 Mar, 2017 5 commits
  23. 23 Mar, 2017 2 commits
  24. 20 Mar, 2017 1 commit
  25. 19 Mar, 2017 2 commits
  26. 17 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      Typeahead (#3369): Parameternames has changed, configuration is possible on... · f287852c
      Carsten Rose authored
      Typeahead (#3369): Parameternames has changed, configuration is possible on the Form and on the FormElement.
      typeahead.php: if there is an exception, the message body is sent as regular 'content' for the dropdownbox. At the moment this is the only way to transmit any error messages.
      Ldap.php: missing FE_TYPEAHEAD_LDAP_KEY_PRINTF, FE_TYPEAHEAD_LDAP_VALUE_PRINTF will be substituted by the other. If both missing, an exception is thrown.
      f287852c