1. 14 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      Feature #3906 / Mark required inputs with an asterik · 1ccc6b9c
      Carsten Rose authored
      Implemented by using a new class ''.required-field'. The class has to be applied to the label. Not implemented is the option, to render the asterix directly on/beside the input (not the label) - probably solved later.
      qfq-bs.css.les: New CSS class required-field
      AbstractBuildForm.php: extended buildLable() with new parameter $addClass.
      BuildFormBootstrap.php: Assign class 'required-field' to label for required fields.
      1ccc6b9c
    • Carsten  Rose's avatar
      #3903 / Copy/Paste form: references inside a record are not updated at all · 2598a1ba
      Carsten Rose authored
      New option 'translateIdColumn=feIdContainer' implemented to translate table self referencing ids.
      FormAction.php: collect translateMap during copying slave records. New function translateId().
      formEditor.sql: Update to latest copyForm Version.
      2598a1ba
  2. 12 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3899 / Copy/Paste · cc55f4fb
      Carsten Rose authored
      Manual.rst: various topics undocumented.
      DatabaseUpdate.php: New table Clipboard, New FE.type='paste', New Form.forwardMode='url-sip' - will be applied for 0.18.3.
      FormAction.php: New: doAllFormElementPaste(), prepareDuplicate(), checkNCopyFiles(), copyRecord()
      Store.php: New member in STORE_CLIENT 'CLIENT_COOKIE_QFQ' - might be used to identify current user.
      BuildFormBootstrap.php: New buildButtonCopyForm().
      QuickFormQuery.php: Calculating the target page now happens after saving the current record and processing all after save actions. New: pasteClipboard()
      formEditor.sql: New form 'copyForm'. New table 'Clipboard'
      cc55f4fb
  3. 10 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      Bug #3647 / Dynamic Update: Multiple Elements in a row not updated properly. · a0243d9f
      Carsten Rose authored
      Current fix is just a workaround. Further implications might exist. E.g. 'text' and 'date' should be fine, but 'select' / 'checkbox' / 'radios' / ... are not tested and probably won't work.
      Support.php: set flags for 'row' / '/row'.
      AbstractBuildForm.php, BuildFormBootstrap.php: $flagRowUpdate switches logic between full 'row update' (only one FE in the row) and 'per element'. In 'per element'-Mode, not all input types are updated properly.
      a0243d9f
    • Carsten  Rose's avatar
      Recode · 0e2628cf
      Carsten Rose authored
      0e2628cf
  4. 07 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3863 / DB Update Fails: Expected no record, got 2 rows: SHOW TABLE STATUS WHERE Name='Form' · 7fc80c24
      Carsten Rose authored
      Introduce new config var 'DB_UPDATE' in config.qfq.ini. Update the handling, if there exist table 'form' and 'Form'.
      Manual.rst:  document the new config option DB_UPDATE.
      Database.php: Typo fixed.
      DatabaseUpdate.php: Iterate over all found 'Form' tables, take the newest version number. Respect config option DB_UPDATE. Fixed a problem: if in the PHP DB updates a newer DB Version is configured than the PHP source itself is, such updates are now not played anymore.
      Config.php, QuickFormQuery.php, config.example.ini: handle config setting DB_UPDATE.
      7fc80c24
  5. 05 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      #3569 / Input Optional '0' unterdruecken · 0e75d2bd
      Carsten Rose authored
      Manual.rst: add 'hideZero' to doc.
      AbstractBuildForm.php, Support.php: implement to suppress '0' if showZero=1
      0e75d2bd
    • Carsten  Rose's avatar
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale... · 61d75fbb
      Carsten Rose authored
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale class & text konfigurierbar machen
      Manual.rst: new configuration options listed at config.qfq.ini and Form.paramtert.
      Config.php: Defaults configured for F_SAVE|CLOSE|DELETE|NEW_BUTTON_TEXT|TOOLTIP|CLASS|GLYPH_ICON.
      BuildFormBootstrap.php: Changed code to take values from config.qfq.ini or (if given) from form.parameter definitions.
      QuickFormQuery.php: Copy new setup values from config.qfq.ini to Form.
      StoreTest.php: update unit test for new global configuration values
      config.qfq.example.ini: fill with new commented key/value pairs.
      61d75fbb
  6. 04 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      #2337 / Checkbox: checked/unchecked parameters genügen nicht · f1786d0b
      Carsten Rose authored
      AbstractBuildForm.php: added 'elseif()' to accept missing set/enum/sql1 definition for checkbox is 'checked' is given.
      f1786d0b
    • Carsten  Rose's avatar
      #3854 / Wrong final page: a) New > Save > Close, b) New > Save > Delete · b6cb6285
      Carsten Rose authored
      QfqForm.js: Preparation for client, to handle window.location.replace() by new API status 'url-skip-history'. Also changed "(data.redirect === "url" || data['redirect-url'])" to "(data.redirect === "url" && data['redirect-url'])" - CR did not understand the former logic ('or' instead of 'and'). #OPEN#: window.location.replace = 'index.php....' throws an JS exception that it the attribute 'replace' is readonly. Instead "window.location.replace('index.php....')" works as expected.
      PROTOCOL.md: add 'url-skip-history'.
      save.php: recode to become more readable.
      QuickFormQuery.php: getForwardMode() - temporarily fix to update status 'page' to 'url' (bug never caused a problem as long as '||' has been used on client side). Will change 'page' to 'url' asap.
      b6cb6285
  7. 03 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      3612 / Konflikt typeAheadLdap mit dynamic modesql: the problematic HTML input... · 1c63c477
      Carsten Rose authored
      3612 / Konflikt typeAheadLdap mit dynamic modesql: the problematic HTML input element, added with typeahead functionality, is completely JS controlled by a Twitter library. For hiding / showing elements via dynamicUpdate, QFQ uses now API_ELEMENT_UPDATE on the outer row element.
      AbstractBuildForm.php: add function elementUpdateAttrClassOnRow().
      BuildFormBootstrap.php: split the class definition in an extra var.
      1c63c477
  8. 29 May, 2017 1 commit
  9. 27 May, 2017 1 commit
  10. 25 May, 2017 1 commit
  11. 24 May, 2017 2 commits
  12. 22 May, 2017 1 commit
  13. 20 May, 2017 3 commits
    • Carsten  Rose's avatar
      #3770 / Attack Delay: merge processing to one codeplace · 27f01259
      Carsten Rose authored
      Config.php: new function attackDetectedExitNow().
      Sip.php: replace local sleep(PENALTY_TIME_BROKEN_SIP) with central function attackDetectedExitNow().
      27f01259
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
      c11f75ad
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
      4b0d1413
  14. 18 May, 2017 1 commit
  15. 12 May, 2017 2 commits
  16. 10 May, 2017 2 commits
  17. 09 May, 2017 2 commits
    • Carsten  Rose's avatar
      #3679: Automatic DB Update · d1b203dd
      Carsten Rose authored
      Fixed: unnecessary exception if there is no Form / FormElement table
      Database.php: New function playSqlFile().
      DatabaseUpdate.php: missing table Form won't throw an exception anymore.
      Manual.rst: note that formEditor.sql will be played automatically.
      d1b203dd
    • Carsten  Rose's avatar
      #3679, Automatic DB update - Schema & FormEditor · 05b32a30
      Carsten Rose authored
      For updates of QFQ prior to 0.17.0, do:   ALTER TABLE  `Form` COMMENT =  'Version=<your old QFQ version>'
      DatabaseUpdate.php, DatabaseUpdateData.php: new class.
      QuickFormQuery.php: Add DB UpdateCheck
      Database.php: moved to new subdirectory `database`. Add 'ALTER' as a new SQL command.
      FormAction.php, TypeAhead.php, Report.php, Sendmail.php, FillStoreForm.php, Store.php, AbstractBuild.php, Delete.php, Evaluate.php: Update path to Database.php.
      05b32a30
  18. 04 May, 2017 1 commit
  19. 03 May, 2017 2 commits
  20. 02 May, 2017 1 commit
  21. 30 Apr, 2017 1 commit
  22. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Honeypot vars - check if any of the honeypot vars is filled - if yes, it's an attack. · f5d7ba73
      Carsten Rose authored
      Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().
      f5d7ba73
  23. 23 Apr, 2017 3 commits
    • Carsten  Rose's avatar
      Implement 'encode=specialchar' - new option per formElement. · 434cac36
      Carsten Rose authored
      Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
      Play: formEditor.sql
      
      Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.
      
      FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
      AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
      formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.
      434cac36
    • Carsten  Rose's avatar
      Download: columns _pPdf,_zZip, _fFile implemented. _dDownload removed. · 6f5a988f
      Carsten Rose authored
      Handling of filenames in Zip's optimized. Spoken filename (no cryptic tempnames anymore). Correct filename extension, based on the mimetype.
      
      Manual.rst: updated doc for columns  _pPdf,_zZip, _fFile. Remove doc for '_dDownload'.
      Download.php: new function targetFilenameExtension(). Replace cryptic temporary filenames against file-1, ...
      Link.php: reorder param array, to make TOKEN_DOWNLOAD position independet
      Report.php: Implemented _pPdf,_zZip, _fFile.
      6f5a988f
    • Carsten  Rose's avatar
      Fixed exportFilename extension behaviour. · c700ce0d
      Carsten Rose authored
      Link.php: If there is no output filename defined, the default is now computed in Download.php, not in Link.php as before.
      Download.php: Extract filename extension from mimetype, compare it with output filename, if it does not match, append the computed extension. This forces the filemanager to open the correct application after download.
      c700ce0d
  24. 22 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3218 / download.php / export · e10937b6
      Carsten Rose authored
      * Recode the '_link' notation for download
      * Add 'ZIP' as export format
      * Add 'parameter' to wkhtmltopdf
      * Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
      * Report/Columntype '_dDownload' broken!
      Coding.md: described `download` from a coding point of view.
      Manual.rst: Update '_link' to latest notation of 'download'.
      download.php: implemented catching of 'Undefined index'. Added further exceptions.
      Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
      Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
      Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
      Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
      Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
      QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      e10937b6
  25. 20 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3218 / download.php / export · d46e131a
      Carsten Rose authored
      Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
      Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.
      d46e131a
    • Carsten  Rose's avatar
      #3218 / download.php / export · 4e01a68b
      Carsten Rose authored
      Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
      download.php: API Interface
      DownloadException.php: New exception class for downloads - might be extended for better error handling.
      OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
      Download.php: Main class.
      Link.php, Report.php: implemented new link type 'd' (=download)
      4e01a68b