1. 22 Apr, 2018 2 commits
  2. 01 Mar, 2018 2 commits
  3. 18 Feb, 2018 1 commit
  4. 17 Feb, 2018 2 commits
  5. 16 Feb, 2018 1 commit
  6. 11 Feb, 2018 1 commit
  7. 10 Feb, 2018 1 commit
  8. 20 Nov, 2017 1 commit
    • Carsten  Rose's avatar
      #4255 / Attachments fuer 'Email' · d638910b
      Carsten Rose authored
       Manual.rst: description of new options for MAIL_LOG and Report/sendmail.
       sendEmail: added new perl script.
       Report.php: $mailarr renamed to $mailConfig. convertToken() updated.
       Sendmail.php: commented mb_send_mail(). New sendEmail().
       Config.php: new options MAIL_LOG.
       Store.php: Update SUSTEM_SEND_E_MAIL
  9. 19 Nov, 2017 2 commits
  10. 04 Nov, 2017 1 commit
    • Carsten  Rose's avatar
      Feature: Default Escape Type changed from 's' to 'm'. · 103a3d8f
      Carsten Rose authored
      DatabaseUpdateData.php: removed the DB update from last commit - not necessary.
      Config.php: New default 'm'
      Evaluate.php: Respect EscapeTypeDefault in form definition.
      QuickFormQuery.php: Replace 'EscapeTypeDefault' in form defintion very early.
  11. 08 Oct, 2017 1 commit
  12. 07 Oct, 2017 2 commits
  13. 25 Sep, 2017 1 commit
  14. 11 Sep, 2017 1 commit
  15. 28 Aug, 2017 1 commit
  16. 21 Aug, 2017 1 commit
  17. 01 Aug, 2017 1 commit
  18. 10 Jul, 2017 2 commits
    • Carsten  Rose's avatar
      Feature #3981 / Record Locking · 700dd79d
      Carsten Rose authored
      Manual.rst: add documentation for record locking
      DatabaseUpdateData.php: Add new column 'dirtyMode'
      Dirty.php, Config.php, formEditor.sql: remove dirtyMode=readonly. Rename 'timeout' to 'exclusive' and 'overwrite' to 'advisory'.
    • Carsten  Rose's avatar
      Feature #3981 / Record Locking · a0cd3709
      Carsten Rose authored
      First version for save - not working now.
      Manual.rst: document config var SYSTEM_DIRTY_RECORD_TIMEOUT_SECONDS.
      QuickFormQuery.php, Dirty.php: extend to support QFQ/save().
      Client.php: fixed broken PHP Unit test
      Config.php: set default for dirtyRecordTimeout.
      BuildFormBootstrap.php: No dirtyUrl if dirtyMode=none.
      formEditor.sql: extend definition to Form.dirtyMode, new table 'Dirty'
      Fixed several unit tests for new tables.
  19. 30 Jun, 2017 1 commit
  20. 21 Jun, 2017 1 commit
  21. 17 Jun, 2017 1 commit
  22. 07 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3863 / DB Update Fails: Expected no record, got 2 rows: SHOW TABLE STATUS WHERE Name='Form' · 7fc80c24
      Carsten Rose authored
      Introduce new config var 'DB_UPDATE' in config.qfq.ini. Update the handling, if there exist table 'form' and 'Form'.
      Manual.rst:  document the new config option DB_UPDATE.
      Database.php: Typo fixed.
      DatabaseUpdate.php: Iterate over all found 'Form' tables, take the newest version number. Respect config option DB_UPDATE. Fixed a problem: if in the PHP DB updates a newer DB Version is configured than the PHP source itself is, such updates are now not played anymore.
      Config.php, QuickFormQuery.php, config.example.ini: handle config setting DB_UPDATE.
  23. 05 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale... · 61d75fbb
      Carsten Rose authored
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale class & text konfigurierbar machen
      Manual.rst: new configuration options listed at config.qfq.ini and Form.paramtert.
      BuildFormBootstrap.php: Changed code to take values from config.qfq.ini or (if given) from form.parameter definitions.
      QuickFormQuery.php: Copy new setup values from config.qfq.ini to Form.
      StoreTest.php: update unit test for new global configuration values
      config.qfq.example.ini: fill with new commented key/value pairs.
  24. 25 May, 2017 1 commit
  25. 20 May, 2017 3 commits
    • Carsten  Rose's avatar
      #3770 / Attack Delay: merge processing to one codeplace · 27f01259
      Carsten Rose authored
      Config.php: new function attackDetectedExitNow().
      Sip.php: replace local sleep(PENALTY_TIME_BROKEN_SIP) with central function attackDetectedExitNow().
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
  26. 18 May, 2017 1 commit
  27. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
    • Carsten  Rose's avatar
      Security: Honeypot vars - check if any of the honeypot vars is filled - if yes, it's an attack. · f5d7ba73
      Carsten Rose authored
      Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().
  28. 23 Mar, 2017 1 commit
  29. 14 Mar, 2017 1 commit
  30. 06 Mar, 2017 1 commit