1. 03 May, 2017 3 commits
  2. 01 May, 2017 1 commit
  3. 30 Apr, 2017 1 commit
  4. 26 Apr, 2017 1 commit
  5. 24 Apr, 2017 3 commits
    • Carsten  Rose's avatar
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Encoding and Honepot vars. · bd606a8f
      Carsten Rose authored
      Manual.rst: small abstract about implemented security enhancements in QFQ.
      Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
      AbstractBuildForm.php, BuildFormBootstrap.php: form head now contains the honeypot vars.
      bd606a8f
  6. 23 Apr, 2017 5 commits
  7. 22 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3218 / download.php / export · e10937b6
      Carsten Rose authored
      * Recode the '_link' notation for download
      * Add 'ZIP' as export format
      * Add 'parameter' to wkhtmltopdf
      * Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
      * Report/Columntype '_dDownload' broken!
      Coding.md: described `download` from a coding point of view.
      Manual.rst: Update '_link' to latest notation of 'download'.
      download.php: implemented catching of 'Undefined index'. Added further exceptions.
      Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
      Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
      Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
      Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
      Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
      QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      e10937b6
  8. 20 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3218 / download.php / export · d46e131a
      Carsten Rose authored
      Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
      Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.
      d46e131a
    • Carsten  Rose's avatar
      #3218 / download.php / export · 4e01a68b
      Carsten Rose authored
      Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
      download.php: API Interface
      DownloadException.php: New exception class for downloads - might be extended for better error handling.
      OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
      Download.php: Main class.
      Link.php, Report.php: implemented new link type 'd' (=download)
      4e01a68b
  9. 13 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3573 / TypeaheadLdap: Prefetch funktioniert nicht · d645dee0
      Carsten Rose authored
      Manual.rst: Prefetch doc enhanced.
      Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
      AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed
      d645dee0
  10. 12 Apr, 2017 3 commits
  11. 08 Apr, 2017 1 commit
  12. 06 Apr, 2017 1 commit
  13. 03 Apr, 2017 1 commit
  14. 02 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3385 / templateGroup: insert/update/delete non primary records · 8db50d60
      Carsten Rose authored
      Manual.rst: update doc how to insert/update/delete non primary templateGroup records.
      FormAction.php: removed $templateGroupIndex - solved implicit by defining a LIMIT on 'slaveId' . Implemented '%D' (one below %d). Implemented FE_SQL_HONOR_FORM_ELEMENTS - reduces unecassary SQL queries.
      HelperFormElement.php: moved function 'explodeTemplateGroupElements()' to 'QuickFormQuery.php'
      Database.php: remove call to explodeTemplateGroupElements() - not necessary at that place.
      QuickFormQuery.php: fill STORE_RECORD during Formload - to read templateGroup records very early. Local copy of `getNativeFormElements()`, new `explodeTemplateGroupElements()`
      8db50d60
  15. 30 Mar, 2017 3 commits
  16. 29 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3463 / form.mode=readonly · d84dad1a
      Carsten Rose authored
      Implemented the option to make a form `readonly`. this can be done statically or dynamically via variable (e.g. SIP).
      QuickFormQuery.php, AbstractBuildForm.php: Force 'readonly' by overwriting FormElement individual 'mode' setting.
      BuildFormBootstrap.php: Introduced new variable F_SHOW_BUTTON.
      d84dad1a
  17. 28 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3456 / LDAP: with Credentials to access 'webpass' · 8cb94e92
      Carsten Rose authored
      Manual.rst: Updated doc for a) config.qfq.ini: LDAP_1_RDN, LDAP_1_PASSWORD, b) Form.parameter|FormElement.parameter: ldapUseBindCredentials
      ErrorHandler.php: removed details - the end user should not too many details.
      FormAction.php, Ldap.php, QuickFormQuery.php: implement 'ldapUseBindCredentials'
      Ldap.php: set_error_handler() to catch ldap_bind() problems. Always set LDAP_OPT_PROTOCOL_VERSION=3 - this might cause problems with som LDAP Servers - we will see.
      8cb94e92
  18. 26 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3431 / typeAheadSql: columnname 'key' is a reserverd SQL statement - replace... · f906b671
      Carsten Rose authored
      #3431 / typeAheadSql: columnname 'key' is a reserverd SQL statement - replace by 'id'. Additional the parametername 'typeAheadLdapKeyPrintf' renamed to 'typeAheadLdapIdPrintf'.
      typeAhead.php: fixed typo.
      TypeAhead.php: introduced new mapping from 'id' (SQL) to 'key' (API).
      AbstractBuildForm.php: Constant renamed.
      Database.php: update function makeArrayDict() to reflect name mapping.
      f906b671
  19. 25 Mar, 2017 3 commits
  20. 24 Mar, 2017 1 commit
  21. 23 Mar, 2017 2 commits
  22. 21 Mar, 2017 1 commit
  23. 19 Mar, 2017 2 commits