1. 10 Jun, 2017 1 commit
  2. 07 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      #3863 / DB Update Fails: Expected no record, got 2 rows: SHOW TABLE STATUS WHERE Name='Form' · 7fc80c24
      Carsten Rose authored
      Introduce new config var 'DB_UPDATE' in config.qfq.ini. Update the handling, if there exist table 'form' and 'Form'.
      Manual.rst:  document the new config option DB_UPDATE.
      Database.php: Typo fixed.
      DatabaseUpdate.php: Iterate over all found 'Form' tables, take the newest version number. Respect config option DB_UPDATE. Fixed a problem: if in the PHP DB updates a newer DB Version is configured than the PHP source itself is, such updates are now not played anymore.
      Config.php, QuickFormQuery.php, config.example.ini: handle config setting DB_UPDATE.
      7fc80c24
  3. 05 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      #3569 / Input Optional '0' unterdruecken · 0e75d2bd
      Carsten Rose authored
      Manual.rst: add 'hideZero' to doc.
      AbstractBuildForm.php, Support.php: implement to suppress '0' if showZero=1
      0e75d2bd
    • Carsten  Rose's avatar
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale... · 61d75fbb
      Carsten Rose authored
      #3568 / Form: fuer alle Buttons (save, close, new, delete) eine optionale class & text konfigurierbar machen
      Manual.rst: new configuration options listed at config.qfq.ini and Form.paramtert.
      Config.php: Defaults configured for F_SAVE|CLOSE|DELETE|NEW_BUTTON_TEXT|TOOLTIP|CLASS|GLYPH_ICON.
      BuildFormBootstrap.php: Changed code to take values from config.qfq.ini or (if given) from form.parameter definitions.
      QuickFormQuery.php: Copy new setup values from config.qfq.ini to Form.
      StoreTest.php: update unit test for new global configuration values
      config.qfq.example.ini: fill with new commented key/value pairs.
      61d75fbb
  4. 04 Jun, 2017 2 commits
    • Carsten  Rose's avatar
      #2337 / Checkbox: checked/unchecked parameters genügen nicht · f1786d0b
      Carsten Rose authored
      AbstractBuildForm.php: added 'elseif()' to accept missing set/enum/sql1 definition for checkbox is 'checked' is given.
      f1786d0b
    • Carsten  Rose's avatar
      #3854 / Wrong final page: a) New > Save > Close, b) New > Save > Delete · b6cb6285
      Carsten Rose authored
      QfqForm.js: Preparation for client, to handle window.location.replace() by new API status 'url-skip-history'. Also changed "(data.redirect === "url" || data['redirect-url'])" to "(data.redirect === "url" && data['redirect-url'])" - CR did not understand the former logic ('or' instead of 'and'). #OPEN#: window.location.replace = 'index.php....' throws an JS exception that it the attribute 'replace' is readonly. Instead "window.location.replace('index.php....')" works as expected.
      PROTOCOL.md: add 'url-skip-history'.
      save.php: recode to become more readable.
      QuickFormQuery.php: getForwardMode() - temporarily fix to update status 'page' to 'url' (bug never caused a problem as long as '||' has been used on client side). Will change 'page' to 'url' asap.
      b6cb6285
  5. 03 Jun, 2017 1 commit
    • Carsten  Rose's avatar
      3612 / Konflikt typeAheadLdap mit dynamic modesql: the problematic HTML input... · 1c63c477
      Carsten Rose authored
      3612 / Konflikt typeAheadLdap mit dynamic modesql: the problematic HTML input element, added with typeahead functionality, is completely JS controlled by a Twitter library. For hiding / showing elements via dynamicUpdate, QFQ uses now API_ELEMENT_UPDATE on the outer row element.
      AbstractBuildForm.php: add function elementUpdateAttrClassOnRow().
      BuildFormBootstrap.php: split the class definition in an extra var.
      1c63c477
  6. 29 May, 2017 1 commit
  7. 27 May, 2017 1 commit
  8. 25 May, 2017 1 commit
  9. 24 May, 2017 2 commits
  10. 22 May, 2017 1 commit
  11. 20 May, 2017 3 commits
    • Carsten  Rose's avatar
      #3770 / Attack Delay: merge processing to one codeplace · 27f01259
      Carsten Rose authored
      Config.php: new function attackDetectedExitNow().
      Sip.php: replace local sleep(PENALTY_TIME_BROKEN_SIP) with central function attackDetectedExitNow().
      27f01259
    • Carsten  Rose's avatar
      #3769 / Allow specific GET variables longer than SECURITY_GET_MAX_LENGTH. · c11f75ad
      Carsten Rose authored
      Manual.rst: notes how to setup length-exceptions to SECURITY_GET_MAX_LENGTH
      config.php: implemented special handling of GET vars, named with '..._<num>'.
      c11f75ad
    • Carsten  Rose's avatar
      #3766 / SQL_LOG per tt_content record einstellbar machen · 4b0d1413
      Carsten Rose authored
      Add `sqlLog` and `sqlLogMode` to QFQ tt-content records.
      Add mode 'error' and `none` to sqlLogMode.
      Manual.rst: Added explanations for SQL_LOG, SQL_LOG_MODE, and tt-content pendants sqlLog, sqlLogMode. Update config.qfq.ini to latest attributes.
      Database.php: rename $mode to $currentQueryMode to make it more descriptive. Recode dbLog().
      Logger.php: do nothing if there is no file defined.
      Report.php: new function checkUpdateLog().
      Config.php: Set defaults for config.qfq.ini SQL_LOG and SQL_LOG_MODE
      Store.php: Fix problem that an empty SQL_LOG will be prependad with SYSTEM_PATH_EXT.
      4b0d1413
  12. 18 May, 2017 1 commit
  13. 12 May, 2017 2 commits
  14. 10 May, 2017 2 commits
  15. 09 May, 2017 2 commits
    • Carsten  Rose's avatar
      #3679: Automatic DB Update · d1b203dd
      Carsten Rose authored
      Fixed: unnecessary exception if there is no Form / FormElement table
      Database.php: New function playSqlFile().
      DatabaseUpdate.php: missing table Form won't throw an exception anymore.
      Manual.rst: note that formEditor.sql will be played automatically.
      d1b203dd
    • Carsten  Rose's avatar
      #3679, Automatic DB update - Schema & FormEditor · 05b32a30
      Carsten Rose authored
      For updates of QFQ prior to 0.17.0, do:   ALTER TABLE  `Form` COMMENT =  'Version=<your old QFQ version>'
      DatabaseUpdate.php, DatabaseUpdateData.php: new class.
      QuickFormQuery.php: Add DB UpdateCheck
      Database.php: moved to new subdirectory `database`. Add 'ALTER' as a new SQL command.
      FormAction.php, TypeAhead.php, Report.php, Sendmail.php, FillStoreForm.php, Store.php, AbstractBuild.php, Delete.php, Evaluate.php: Update path to Database.php.
      05b32a30
  16. 04 May, 2017 1 commit
  17. 03 May, 2017 2 commits
  18. 02 May, 2017 1 commit
  19. 30 Apr, 2017 1 commit
  20. 24 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      Implemented new escape class 'mysql' (realEscapeString). · ba817c0e
      Carsten Rose authored
      Implemented defaultEscapeType. configurable via config.qfq.ini (global) and per Form.
      Implemented max GET parameter lenght. Default: 50. BTW: in phpunit test there have been a parameter 'file' which exceeds the limit of 32.
      
      Config.qfq: Skip empty variable names - happens in phpunit tests. Read new `systemEscapeTypeDefault`.
      Constants.php: renamed  TOKEN_LDAP_ESCAPE_* to TOKEN_ESCAPE_LDAP_*. Add TOKEN_ESCAPE_MYSQL, TOKEN_ESCAPE_NONE
      Database.php: Set charset to real_escape_string() functions properly. Proxy for mysqli::real_escape_string()
      Evaluate.php: Respect global escapeTypeDefault. Implement
      formEditor.sql: add column `escapeTypeDefault`. Add FormElement 'escapeTypeDefault'.
      ba817c0e
    • Carsten  Rose's avatar
      Security: Honeypot vars - check if any of the honeypot vars is filled - if yes, it's an attack. · f5d7ba73
      Carsten Rose authored
      Config.php: Defaults are now set in Config.php, not in Store.php anymore. New function setDefaults(), checkForAttack().
      f5d7ba73
  21. 23 Apr, 2017 3 commits
    • Carsten  Rose's avatar
      Implement 'encode=specialchar' - new option per formElement. · 434cac36
      Carsten Rose authored
      Play: ALTER TABLE  `FormElement` ADD  `encode` ENUM(  'none',  'specialchar' ) NOT NULL DEFAULT  'specialchar' AFTER  `subrecordOption` ;
      Play: formEditor.sql
      
      Attention: FEs with text=editor needs actions - the default of 'specialchar' prohibits saving of HTML tags.
      
      FillStoreForm.php: Submitted values will be specialchars() before copying to STORE_FORM.
      AbstractBuildForm.php: Counterpart of FillStoreForm.php - will htmlspecialchars_decode() values read from database. Replace 'checkType' and 'checkPattern' with CONSTANTS.
      formEditor.sql: Added new column in FormElement. Add new FormElement 'encode' in FormElement-Editor. Add column 'encode' to all FormElement records.
      434cac36
    • Carsten  Rose's avatar
      Download: columns _pPdf,_zZip, _fFile implemented. _dDownload removed. · 6f5a988f
      Carsten Rose authored
      Handling of filenames in Zip's optimized. Spoken filename (no cryptic tempnames anymore). Correct filename extension, based on the mimetype.
      
      Manual.rst: updated doc for columns  _pPdf,_zZip, _fFile. Remove doc for '_dDownload'.
      Download.php: new function targetFilenameExtension(). Replace cryptic temporary filenames against file-1, ...
      Link.php: reorder param array, to make TOKEN_DOWNLOAD position independet
      Report.php: Implemented _pPdf,_zZip, _fFile.
      6f5a988f
    • Carsten  Rose's avatar
      Fixed exportFilename extension behaviour. · c700ce0d
      Carsten Rose authored
      Link.php: If there is no output filename defined, the default is now computed in Download.php, not in Link.php as before.
      Download.php: Extract filename extension from mimetype, compare it with output filename, if it does not match, append the computed extension. This forces the filemanager to open the correct application after download.
      c700ce0d
  22. 22 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3218 / download.php / export · e10937b6
      Carsten Rose authored
      * Recode the '_link' notation for download
      * Add 'ZIP' as export format
      * Add 'parameter' to wkhtmltopdf
      * Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP' for detecting if there are download links on the page. This eleminates passing parameters through dozens of functions.
      * Report/Columntype '_dDownload' broken!
      Coding.md: described `download` from a coding point of view.
      Manual.rst: Update '_link' to latest notation of 'download'.
      download.php: implemented catching of 'Undefined index'. Added further exceptions.
      Download.php: Added cache=off for downloading. Rename getFile() to getElement(). Make getElement() more generic. Add zipFiles(). Implement 'downloadMode' in doElements().
      Html2Pdf.php: recode to new download notation. Parameter to wkhtmltopdf implemented.
      Link.php: New TOKEN_* and NAME_DOWNLOAD_*, NAME_FILE. Move TOKEN_* to Constants.php. Will be used in Download.php too. Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'. Implemented BASE64 encoding of multiple 'U' and 'u'.
      Report.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      Sip.php: implement debugSip() to show Sip. New: base64 encoded parameter will be shown in clear.
      Store.php: some functions missed keyword 'static'. getVar() and getStore automatically decode base64 parameter.
      QuickFormQuery.php: Implemented 'SYSTEM_STORE / SYSTEM_DOWNLOAD_POPUP'.
      e10937b6
  23. 20 Apr, 2017 2 commits
    • Carsten  Rose's avatar
      #3218 / download.php / export · d46e131a
      Carsten Rose authored
      Implemented spinning wheel (hourglass) displayed during rendering and downloading PDF.
      Link.php, Report.php: New $vars[NAME_EXTRA_CONTENT_WRAP] which holds a '<button>' definition with necesary 'data-*' attributes. The Modal Dialog needs a uniq html id (derived from ttContentUid). That one is returned to Report() if there is at least one download element.
      d46e131a
    • Carsten  Rose's avatar
      #3218 / download.php / export · 4e01a68b
      Carsten Rose authored
      Implemented download.php to offer SIP protected downloads for single files (any filetype) as well as concatenated PDF files and converted HTML pages.
      download.php: API Interface
      DownloadException.php: New exception class for downloads - might be extended for better error handling.
      OnArray.php: new function getArrayItemKeyNameStartWith() to filter for specific elements in an array. New function arrayEscapeshellarg() to escape args
      Download.php: Main class.
      Link.php, Report.php: implemented new link type 'd' (=download)
      4e01a68b
  24. 17 Apr, 2017 1 commit
  25. 13 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3573 / TypeaheadLdap: Prefetch funktioniert nicht · d645dee0
      Carsten Rose authored
      Manual.rst: Prefetch doc enhanced.
      Ldap.php: replacement of '?' in LDAP search not processed with MODE_LDAP_PREFETCH - fixed. FE_TYPEAHEAD_LDAP_KEY_PRINTF renamed to FE_TYPEAHEAD_LDAP_ID_PRINTF
      AbstractBuildForm.php: copy 'FE_TYPEAHEAD_LDAP_ID_PRINTF' to SIP seems never be done - fixed
      d645dee0
  26. 12 Apr, 2017 1 commit
  27. 11 Apr, 2017 1 commit
    • Carsten  Rose's avatar
      #3547 / FE of type 'note' causes writing of empty fields. · f9363525
      Carsten Rose authored
      During expanding of templateGroups, existing FE with no meaning for save (like note, subrecord, ...) has been created, filled with empty values and saved. Fixed for FEs with type 'subrecord' and 'note' - needs more investigation to check for further sideeffects.
      f9363525