GitLab

modifiedRecord.pu: State Diagram
Dirty.php: implement $recordHashMd5 to detect modified records.
OnArray.php: new getMd5()
AbstractBuildForm.php: implemented but not working update of hidden input 'recordHashMd5'. Add hidden input 'recordHashMd5'.
BuildFormBootstrap:  Add hidden input 'recordHashMd5'.
formEditor.sql: Rename 'Dirty.recordModified' to 'Dirty.recordHashMd5'.

AbstractBuildForm.php: Removed some unused comments. Bug fix: do htmlspecialchar_decode() always when FE_ENCODE is set to encodeSpecialchar.
QuickFormQuery.php: mv necessary systemStoreUpdate() closer to instantiating of classs Store.

Store.php: change function getNonSystemSipParam() from private to public
AbstractBuildForm.php, BuildFormBootstrap.php, BuildFormTable.php: use of getNonSystemSipParam() in deriveNewRecordUrlFromExistingSip() and createDeleteUrl()..

AbstractBuildForm.php: if a datetime / timestamp has the string 'CURRENT_TIMESTAMP' it will be replaced by the current date/time.

Fixed. Problem was a comparison on equal value  AND equal type: '==='. Bug happened (probably) only for numeric items.

Implemented by using a new class ''.required-field'. The class has to be applied to the label. Not implemented is the option, to render the asterix directly on/beside the input (not the label) - probably solved later.
qfq-bs.css.les: New CSS class required-field
AbstractBuildForm.php: extended buildLable() with new parameter $addClass.
BuildFormBootstrap.php: Assign class 'required-field' to label for required fields.

QFQ complains that the given SIP parameter is already defined. Problem is the pre filling of Store SIP, which normally happens only during form load. But the new 'saving a new record (r=0) and redirecting the browser to the same page with the new record id', requires a new SIP. That SIP is calculated before form-load and causes the exception. Fix: defined parameter in a store, which will be redefined with the same value, wont' throw an exception anymore.
Store.php: compare old and new value and only if they differ throw an exception.

Current fix is just a workaround. Further implications might exist. E.g. 'text' and 'date' should be fine, but 'select' / 'checkbox' / 'radios' / ... are not tested and probably won't work.
Support.php: set flags for 'row' / '/row'.
AbstractBuildForm.php, BuildFormBootstrap.php: $flagRowUpdate switches logic between full 'row update' (only one FE in the row) and 'per element'. In 'per element'-Mode, not all input types are updated properly.

First implementation: Show / Hide via dynamicUpdate for a second element, wrapped in an own 'col-md' div.

Effekt tritt auf seit dem Status 'hidden' aus 'form-update' entfernt wurde und durch 'element-update' ersetzt wurde. Aktuell ist nicht klar warum es Zeile 2589/AbstractBuildForm.php gibt. Auskommentiert.

Manual.rst: add 'hideZero' to doc.
AbstractBuildForm.php, Support.php: implement to suppress '0' if showZero=1

Fix problem that also non-'note' FE's has been updated.

With API 'update-element' & 'content' also the 'input' column for FE.type='note' will be updated.

AbstractBuildForm.php: added 'elseif()' to accept missing set/enum/sql1 definition for checkbox is 'checked' is given.

3612 / Konflikt typeAheadLdap mit dynamic modesql: the problematic HTML input element, added with typeahead functionality, is completely JS controlled by a Twitter library. For hiding / showing elements via dynamicUpdate, QFQ uses now API_ELEMENT_UPDATE on the outer row element.
AbstractBuildForm.php: add function elementUpdateAttrClassOnRow().
BuildFormBootstrap.php: split the class definition in an extra var.

AbstractbuildFrom.php: an empty value leads to a missing atrribute 'value'. Now the attribute 'value' is always generated, even if the string is empty. For Bootstrap Radio Buttons, an empty value looks bad. To fix it, a ' ' is now rendered.

Database.php, QuickFormQuery.php: Initializing of native FormElements: _tgIndex
HelperFormElement.php: new function formElementSetDefault(). Add '%d' to id's of extraButtonInfo text elements.
Manual.rst: minor typos fixed

Implemented: date,time,datetime,editor,radio,select,upload

Implemented Checkbox

Fixed bad wrapping with character count and help text. Still open: info button goes down after help text displayed.

Fixed gab between input und message block. Fixed wrong postion of (i) inside of textarea.

Add extraText to 'textarea' elements. Still some issues open.

FE_PARAMETER: extraButtonInfo.

FE_PARAMETER: extraButtonLock / extraButtonPassword:

Manual.rst, AbstractException.php, SessionCookie.php, Downoad.php, Error.php, Link.php, Report.php, Store.php, AbstractBuildForm.php, BuildFormBootstrap.php, config.qfq.example.ini: replace all access to SHOW_DEBUG_INFO with respect to multiple values.

Implement additional 'SHOW_DEBUG_INFO = download' to track down problems with 'session forwarding'.
Configure constants for SHOW_DEBUG_INFO for yes|no|auto

Manual.rst: add description for new attribute 'capture'.
AbstractBuildForm.php: implement adding attribute.

Implemented: file upload check for mime type and max file size.
File.php, AbstractBuildForm.php: Implement FE_FILE_MIME_TYPE_ACCEPT and FE_FILE_MAX_FILE_SIZE

For updates of QFQ prior to 0.17.0, do:   ALTER TABLE  `Form` COMMENT =  'Version=<your old QFQ version>'
DatabaseUpdate.php, DatabaseUpdateData.php: new class.
QuickFormQuery.php: Add DB UpdateCheck
Database.php: moved to new subdirectory `database`. Add 'ALTER' as a new SQL command.
FormAction.php, TypeAhead.php, Report.php, Sendmail.php, FillStoreForm.php, Store.php, AbstractBuild.php, Delete.php, Evaluate.php: Update path to Database.php.

Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.

Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
Evaluate.php: Respect global escapeTypeDefault. Implement
formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.

Manual.rst: small abstract about implemented security enhancements in QFQ.
Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
AbstractBuildForm.php, BuildFormBootstrap.php: form head now contains the honeypot vars.

Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
Play: formEditor.sql

Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.

FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.

Manual.rst: Prefetch doc enhanced.
Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen
Neuen Modus 'typeAheadLdapSearchPerToken' implementiert.
Manual.rst: neues Feature dokumentiert.
Ldap.php: Neue Funktion 'explodePermutSearch()'.

Implemented.

#3536 / a) Datum (datetime / timestamp) werden nicht angezeigt, b) Angezeigte Datumsformat String und aktzeptierte Eingabe matchen nicht
Neu wird bei QFQ date/time/datetime kein HTML INPUT type=date|time|datetime-local mehr generiert, sondern ein 'text' - damit verlieren wir die Browserinternen Datepicker (Chrome, Opera) aber gewinnen die Kontrolle die Datumsformateingabe zurueck.

Es war ein Vergleich mit Typ '===': geaendert auf typlos '=='.