1. 10 Jul, 2017 1 commit
    • Carsten  Rose's avatar
      Feature #3981 / Record Locking · a0cd3709
      Carsten Rose authored
      First version for save - not working now.
      Manual.rst: document config var SYSTEM_DIRTY_RECORD_TIMEOUT_SECONDS.
      QuickFormQuery.php, Dirty.php: extend to support QFQ/save().
      Client.php: fixed broken PHP Unit test
      Config.php: set default for dirtyRecordTimeout.
      BuildFormBootstrap.php: No dirtyUrl if dirtyMode=none.
      formEditor.sql: extend definition to Form.dirtyMode, new table 'Dirty'
      Fixed several unit tests for new tables.
      a0cd3709
  2. 30 Jun, 2017 1 commit
  3. 21 Jun, 2017 1 commit
  4. 17 Jun, 2017 1 commit
  5. 07 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3863 / DB Update Fails: Expected no record, got 2 rows: SHOW TABLE STATUS WHERE Name='Form' · 7fc80c24
      Carsten Rose authored
      Introduce new config var 'DB_UPDATE' in config.qfq.ini. Update the handling, if there exist table 'form' and 'Form'.
      Manual.rst:  document the new config option DB_UPDATE.
      Database.php: Typo fixed.
      DatabaseUpdate.php: Iterate over all found 'Form' tables, take the newest version number. Respect config option DB_UPDATE. Fixed a problem: if in the PHP DB updates a newer DB Version is configured than the PHP source itself is, such updates are now not played anymore.
      Config.php, QuickFormQuery.php, config.example.ini: handle config setting DB_UPDATE.
      7fc80c24
  6. 05 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale... · 61d75fbb
      Carsten Rose authored
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale class & text konfigurierbar machen
      Manual.rst: new configuration options listed at config.qfq.ini and Form.paramtert.
      Config.php: Defaults configured for F_SAVE|CLOSE|DELETE|NEW_BUTTON_TEXT|TOOLTIP|CLASS|GLYPH_ICON.
      BuildFormBootstrap.php: Changed code to take values from config.qfq.ini or (if given) from form.parameter definitions.
      QuickFormQuery.php: Copy new setup values from config.qfq.ini to Form.
      StoreTest.php: update unit test for new global configuration values
      config.qfq.example.ini: fill with new commented key/value pairs.
      61d75fbb
  7. 25 May, 2017 1 commit
  8. 20 May, 2017 3 commits
    • Carsten  Rose's avatar
      #3770 / Attack Delay: merge processing to one codeplace · 27f01259
      Carsten Rose authored
      Config.php: new function attackDetectedExitNow().
      Sip.php: replace local sleep(PENALTY_TIME_BROKEN_SIP) with central function attackDetectedExitNow().
      27f01259
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
      c11f75ad
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
      4b0d1413
  9. 18 May, 2017 1 commit
  10. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Honeypot vars - check if any of the honeypot vars is filled - if yes, it's an attack. · f5d7ba73
      Carsten Rose authored
      Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().
      f5d7ba73
  11. 23 Mar, 2017 1 commit
  12. 14 Mar, 2017 1 commit
  13. 06 Mar, 2017 1 commit