Html2Pdf.php: Fake the current 'user-agent' and add it as '--custom-header ...' AND '--custom-header-propagation' option to the wkhtmltopdf call. Without, T3 will deny FE Group access. The --custom-header-propagation seems to be necessary.

Manual.rst: describe new urlParam parameter `_sip`
Html2Pdf.php: optional SIP encoding

Html2Pdf.php: Add SIP support wkhtmltopdf URLs. Move cookies for wkhtmltopdf from commandline arguments to filebased.

Session.php: introduced close(). This will unlock the current session. Take care on subsequent calls to reopen primary session again.

Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.

Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
Evaluate.php: Respect global escapeTypeDefault. Implement
formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.

Manual.rst: small abstract about implemented security enhancements in QFQ.
Sanatize.php: New function urlDecodeArr(). Decode all _GET vars.
AbstractBuildForm.php, BuildFormBootstrap.php: form head now contains the honeypot vars.

Fix from BB seems to help in 90%: window.onblur().
QuickFormQuery.php: Add 'windows.onblur'

Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().

Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
Play: formEditor.sql

Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.

FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.

Store.php: fillStoreClient now htmlentities() the $_SERVER array.

Handling of filenames in Zip's optimized. Spoken filename (no cryptic tempnames anymore). Correct filename extension, based on the mimetype.

Manual.rst: updated doc for columns  _pPdf,_zZip, _fFile. Remove doc for '_dDownload'.
Download.php: new function targetFilenameExtension(). Replace cryptic temporary filenames against file-1, ...
Link.php: reorder param array, to make TOKEN_DOWNLOAD position independet
Report.php: Implemented _pPdf,_zZip, _fFile.

 QucikFormQuery.php: Update default text.

Link.php: If there is no output filename defined, the default is now computed in Download.php, not in Link.php as before.
Download.php: Extract filename extension from mimetype, compare it with output filename, if it does not match, append the computed extension. This forces the filemanager to open the correct application after download.

Html2Pdf.php: Fixed a problem with broken adding of '=' to TOKEN_URL. Fixed problem that missing 'http' at the beginning confuses wkhtmltopdf.

* Recode the '_link' notation for download
* Add 'ZIP' as export format
* Add 'parameter' to wkhtmltopdf
* Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
* Report/Columntype '_dDownload' broken!
Coding.md: described `download` from a coding point of view.
Manual.rst: Update '_link' to latest notation of 'download'.
download.php: implemented catching of 'Undefined index'. Added further exceptions.
Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.

Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.

Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
download.php: API Interface
DownloadException.php: New exception class for downloads - might be extended for better error handling.
OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
Download.php: Main class.
Link.php, Report.php: implemented new link type 'd' (=download)

Split PHP 'print.php' in a pure API file 'print.php' and a class 'Html2Pdf.php' - the class will be reused by Download.php

Manual.rst: Prefetch doc enhanced.
Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen
After discussing with EV it's not necessary  to permut the serach, instead just repeat the whole search with every token. Quite simple and effective.

#3552 / typeAheadLdapSearchPerToken - webpass kann nicht gleichzeitig nach Vornamen und Nachnamen suchen
Neuen Modus 'typeAheadLdapSearchPerToken' implementiert.
Manual.rst: neues Feature dokumentiert.
Ldap.php: Neue Funktion 'explodePermutSearch()'.

During expanding of templateGroups, existing FE with no meaning for save (like note, subrecord, ...) has been created, filled with empty values and saved. Fixed for FEs with type 'subrecord' and 'note' - needs more investigation to check for further sideeffects.

Action elements, assigned to a container which are not a templategroup, threw an exception. In general, it makes no sense (at the time of writing this) to assign an action element to a pill or fieldset, but it should not throw an exception. Fixed - just ignore such assignment.

Throw of a UserFormException with wrong parameter. Fixed.

The new class T3info() was fine, but relying classes assumed that all array elements always exist. This was not given in the past. The new implemention creates at least an empty entry for each element.
AbstractException.php: removed garbage line.
save.php: require_once missing PHP Exception classes.
T3Info.php: recode.

Implemented.