1. 20 May, 2017 2 commits
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
      c11f75ad
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
      4b0d1413
  2. 18 May, 2017 1 commit
  3. 12 May, 2017 2 commits
  4. 10 May, 2017 2 commits
  5. 09 May, 2017 2 commits
    • Carsten  Rose's avatar
      #3679: Automatic DB Update · d1b203dd
      Carsten Rose authored
      Fixed: unnecessary exception if there is no Form / FormElement table
      Database.php: New function playSqlFile().
      DatabaseUpdate.php: missing table Form won't throw an exception anymore.
      Manual.rst: note that formEditor.sql will be played automatically.
      d1b203dd
    • Carsten  Rose's avatar
      #3679, Automatic DB update - Schema & FormEditor · 05b32a30
      Carsten Rose authored
      For updates of QFQ prior to 0.17.0, do:   ALTER TABLE  `Form` COMMENT =  'Version=<your old QFQ version>'
      DatabaseUpdate.php, DatabaseUpdateData.php: new class.
      QuickFormQuery.php: Add DB UpdateCheck
      Database.php: moved to new subdirectory `database`. Add 'ALTER' as a new SQL command.
      FormAction.php, TypeAhead.php, Report.php, Sendmail.php, FillStoreForm.php, Store.php, AbstractBuild.php, Delete.php, Evaluate.php: Update path to Database.php.
      05b32a30
  6. 04 May, 2017 1 commit
  7. 03 May, 2017 2 commits
  8. 02 May, 2017 1 commit
  9. 30 Apr, 2017 1 commit
  10. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Honeypot vars - check if any of the honeypot vars is filled - if yes, it's an attack. · f5d7ba73
      Carsten Rose authored
      Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().
      f5d7ba73
  11. 23 Apr, 2017 3 commits
    • Carsten  Rose's avatar
      Implement 'encode=specialchar' - new option per formElement. · 434cac36
      Carsten Rose authored
      Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
      Play: formEditor.sql
      
      Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.
      
      FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
      AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
      formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.
      434cac36
    • Carsten  Rose's avatar
      Download: columns _pPdf,_zZip, _fFile implemented. _dDownload removed. · 6f5a988f
      Carsten Rose authored
      Handling of filenames in Zip's optimized. Spoken filename (no cryptic tempnames anymore). Correct filename extension, based on the mimetype.
      
      Manual.rst: updated doc for columns  _pPdf,_zZip, _fFile. Remove doc for '_dDownload'.
      Download.php: new function targetFilenameExtension(). Replace cryptic temporary filenames against file-1, ...
      Link.php: reorder param array, to make TOKEN_DOWNLOAD position independet
      Report.php: Implemented _pPdf,_zZip, _fFile.
      6f5a988f
    • Carsten  Rose's avatar
      Fixed exportFilename extension behaviour. · c700ce0d
      Carsten Rose authored
      Link.php: If there is no output filename defined, the default is now computed in Download.php, not in Link.php as before.
      Download.php: Extract filename extension from mimetype, compare it with output filename, if it does not match, append the computed extension. This forces the filemanager to open the correct application after download.
      c700ce0d
  12. 22 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3218 / download.php / export · e10937b6
      Carsten Rose authored
      * Recode the '_link' notation for download
      * Add 'ZIP' as export format
      * Add 'parameter' to wkhtmltopdf
      * Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
      * Report/Columntype '_dDownload' broken!
      Coding.md: described `download` from a coding point of view.
      Manual.rst: Update '_link' to latest notation of 'download'.
      download.php: implemented catching of 'Undefined index'. Added further exceptions.
      Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
      Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
      Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
      Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
      Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
      QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      e10937b6
  13. 20 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3218 / download.php / export · d46e131a
      Carsten Rose authored
      Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
      Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.
      d46e131a
    • Carsten  Rose's avatar
      #3218 / download.php / export · 4e01a68b
      Carsten Rose authored
      Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
      download.php: API Interface
      DownloadException.php: New exception class for downloads - might be extended for better error handling.
      OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
      Download.php: Main class.
      Link.php, Report.php: implemented new link type 'd' (=download)
      4e01a68b
  14. 17 Apr, 2017 1 commit
  15. 13 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3573 / TypeaheadLdap: Prefetch funktioniert nicht · d645dee0
      Carsten Rose authored
      Manual.rst: Prefetch doc enhanced.
      Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
      AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed
      d645dee0
  16. 12 Apr, 2017 1 commit
  17. 11 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3547 / FE of type 'note' causes writing of empty fields. · f9363525
      Carsten Rose authored
      During expanding of templateGroups, existing FE with no meaning for save (like note, subrecord, ...) has been created, filled with empty values and saved. Fixed for FEs with type 'subrecord' and 'note' - needs more investigation to check for further sideeffects.
      f9363525
  18. 10 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3546 / lean: Internal Server Error · 2bf035a9
      Carsten Rose authored
      Action elements, assigned to a container which are not a templategroup, threw an exception. In general, it makes no sense (at the time of writing this) to assign an action element to a pill or fieldset, but it should not throw an exception. Fixed - just ignore such assignment.
      2bf035a9
    • Carsten  Rose's avatar
      #3544 / Form: view current form · 0c1a3e5b
      Carsten Rose authored
      Implemented.
      0c1a3e5b
  19. 08 Apr, 2017 1 commit
  20. 04 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3502 / TemplateGroups: Checkboxen werden beim ersten Speichern (insert) nicht... · 246aeeab
      Carsten Rose authored
      #3502 / TemplateGroups: Checkboxen werden beim ersten Speichern (insert) nicht geschrieben - ein anschliessendes Update ist ok
      Das Problem tritt nur auf bei MultiCheckboxen. Neu werden im Store  STORE_ADDITIONAL_FORM_ELEMENTS (ist bereits frueher, extra fuer Checkboxen, eingefuehrt worden) fuer alle TemplateGroup FEs (type=checkbox) die Fake Elemente angelegt. Dazu wird neu NAME_TG_COPIES in dem FEs gefuellt mit dem 'TG max copies'-Wert.
      246aeeab
  21. 02 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3385 / templateGroup: insert/update/delete non primary records · 8db50d60
      Carsten Rose authored
      Manual.rst: update doc how to insert/update/delete non primary templateGroup records.
      FormAction.php: removed $templateGroupIndex - solved implicit by defining a LIMIT on 'slaveId' . Implemented '%D' (one below %d). Implemented FE_SQL_HONOR_FORM_ELEMENTS - reduces unecassary SQL queries.
      HelperFormElement.php: moved function 'explodeTemplateGroupElements()' to 'QuickFormQuery.php'
      Database.php: remove call to explodeTemplateGroupElements() - not necessary at that place.
      QuickFormQuery.php: fill STORE_RECORD during Formload - to read templateGroup records very early. Local copy of `getNativeFormElements()`, new `explodeTemplateGroupElements()`
      8db50d60
  22. 30 Mar, 2017 3 commits
  23. 29 Mar, 2017 2 commits
    • Carsten  Rose's avatar
      #3463 / form.mode=readonly · d84dad1a
      Carsten Rose authored
      Implemented the option to make a form `readonly`. this can be done statically or dynamically via variable (e.g. SIP).
      QuickFormQuery.php, AbstractBuildForm.php: Force 'readonly' by overwriting FormElement individual 'mode' setting.
      BuildFormBootstrap.php: Introduced new variable F_SHOW_BUTTON.
      d84dad1a
    • Carsten  Rose's avatar
      #3447 / Icons das man im FrontEnd direkt das gewaehlte FormElement im... · e96bb108
      Carsten Rose authored
      #3447 / Icons das man im FrontEnd direkt das gewaehlte FormElement im Formulareditor bearbeiten kann.
      AbstractBuildForm.php: Add checkbox left to the 'EditForm'-Button to toogle the 'FormElemnt'-Icons -as the regular 'Form Edit'-Pencil, the 'FormElement Checkbox' is only displayed if the user is logged in BE.
      BuildFormBootstrap.php: new function 'buildEditFormElementCheckbos()'
      e96bb108
  24. 28 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3456 / LDAP: with Credentials to access 'webpass' · 8cb94e92
      Carsten Rose authored
      Manual.rst: Updated doc for a) config.qfq.ini: LDAP_1_RDN, LDAP_1_PASSWORD, b) Form.parameter|FormElement.parameter: ldapUseBindCredentials
      ErrorHandler.php: removed details - the end user should not too many details.
      FormAction.php, Ldap.php, QuickFormQuery.php: implement 'ldapUseBindCredentials'
      Ldap.php: set_error_handler() to catch ldap_bind() problems. Always set LDAP_OPT_PROTOCOL_VERSION=3 - this might cause problems with som LDAP Servers - we will see.
      8cb94e92
  25. 27 Mar, 2017 2 commits
  26. 26 Mar, 2017 1 commit
    • Carsten  Rose's avatar
      #3433 | templateGroup on primary Record: Values of removed copies are not deleted · 5d817af7
      Carsten Rose authored
      The new implementation creates empty fake instances of all copies of templateGroup FormElements. Those are empty. Before save, the submitted form values will be expanded with the empty fake templateGroup FormElements and such empty values will be saved.
      FormAction.php: Rename constant SQL_FORM_ELEMENT_TEMPLATE_GROUP to SQL_FORM_ELEMENT_TEMPLATE_GROUP_FE_ID - to be more precise.
      HelperFormElement.php, Database.php: new function explodeTemplateGroupElements()
      5d817af7