1. 20 May, 2017 2 commits
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
      c11f75ad
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
      4b0d1413
  2. 19 May, 2017 4 commits
  3. 18 May, 2017 3 commits
  4. 12 May, 2017 4 commits
  5. 10 May, 2017 2 commits
  6. 09 May, 2017 1 commit
    • Carsten  Rose's avatar
      #3679: Automatic DB Update · d1b203dd
      Carsten Rose authored
      Fixed: unnecessary exception if there is no Form / FormElement table
      Database.php: New function playSqlFile().
      DatabaseUpdate.php: missing table Form won't throw an exception anymore.
      Manual.rst: note that formEditor.sql will be played automatically.
      d1b203dd
  7. 04 May, 2017 2 commits
  8. 03 May, 2017 3 commits
  9. 01 May, 2017 1 commit
  10. 30 Apr, 2017 1 commit
  11. 26 Apr, 2017 1 commit
  12. 24 Apr, 2017 3 commits
    • Carsten  Rose's avatar
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Encoding and Honepot vars. · bd606a8f
      Carsten Rose authored
      Manual.rst: small abstract about implemented security enhancements in QFQ.
      Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
      AbstractBuildForm.php, BuildFormBootstrap.php: form head now contains the honeypot vars.
      bd606a8f
  13. 23 Apr, 2017 5 commits
  14. 22 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3218 / download.php / export · e10937b6
      Carsten Rose authored
      * Recode the '_link' notation for download
      * Add 'ZIP' as export format
      * Add 'parameter' to wkhtmltopdf
      * Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
      * Report/Columntype '_dDownload' broken!
      Coding.md: described `download` from a coding point of view.
      Manual.rst: Update '_link' to latest notation of 'download'.
      download.php: implemented catching of 'Undefined index'. Added further exceptions.
      Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
      Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
      Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
      Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
      Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
      QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      e10937b6
  15. 20 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3218 / download.php / export · d46e131a
      Carsten Rose authored
      Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
      Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.
      d46e131a
    • Carsten  Rose's avatar
      #3218 / download.php / export · 4e01a68b
      Carsten Rose authored
      Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
      download.php: API Interface
      DownloadException.php: New exception class for downloads - might be extended for better error handling.
      OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
      Download.php: Main class.
      Link.php, Report.php: implemented new link type 'd' (=download)
      4e01a68b
  16. 13 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3573 / TypeaheadLdap: Prefetch funktioniert nicht · d645dee0
      Carsten Rose authored
      Manual.rst: Prefetch doc enhanced.
      Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
      AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed
      d645dee0
  17. 12 Apr, 2017 3 commits
  18. 08 Apr, 2017 1 commit