register cookies in $_REQUEST any more by default (there's now a php.ini
variable 'request_order' to controll that, but we want to work with a
default configuraltion):
- session restore was not working, as only $_REQUEST[sessionid] was checked
- multi domain installs not working, as domain cookie was not checked
- encrypted session were not working, because kp3 cookie was not checked
--> there's now a static method egw_session::get_request($name), which
checks $_REQUEST[$name], $_COOKIE[$name] and for that Safari bug also
$_COOKIE[ucfirst($name)]
--> overcome problem reported by krupka(at)depag.de on the german list: password get's lost if contact get saved, because it had to remove the account first to add the addressbook object classes
- docu update
"
- when updating all langs, do a transaction for each lang and update the cache after commiting the transaction (before the transaction was about all langs and the cache update withint the not commited transaction)
- fixed problem with autoloading of languages, check used filectime, update used filemtime, which can differ of cause"
- update the tree-level cache, as we can not effectivly unset it in a multiuser enviroment,
as users from other - not yet updated - instances update it again with an old version!
- add_app(): we have to use array_merge! (+= does not overwrite common translations with different ones in an app)
array_merge messes up translations of numbers, which make no sense and should be avoided anyway.
"
vfs_stream_wrapper::get_path() returning an url without path
(sqlfs://default <-- no trailing slash), which causes
sqlfs_stream_wrapper::url_stat() to be called for an empty path, which
gives the sql error.
- fs_link column is queried by sqlfs, but get created in 1.7.002
- pdo does not throw exception on sql errors, it silently ignores them
--> told it now in constructor to also throw exceptions
- egw_vfs::find() was not always honoring the url option
Patch is mostly created by script in egroupware/doc/fix_depricated.php in separate commit.
I do NOT advice to apply this patch to a production system (it's commited to trunk!), as the automatic modified regular expressions have a good change to break something ...
- cleaned up exceptions in cli code (no need to log, as it goes direct to the user)
- regarding small rpm redirect header (< 200 bytes) as no header
- fixed wrong detected vars for cli install (eg. webserver_url)
- fixed egw_cache to not stall if system_charset is not yet in db
Timesheet-Einträge mit Uhrzeit 0:00, die in der Winterzeit gemacht wurden,
werden in einem Union-Query, der in der Sommerzeit stattfindet, dem falschen
Tag zugeordnet. Vermutlich stimmt dies nur für den PostgreSQL query und ist
Dir deshalb bisher nicht aufgefallen.
Der Patch:
Ändert den PostgreSQL-spezifischen Teil des queries so um, dass er
Zeitzoneninformationen berücksichtigt."
- make update a separat setup-cmd-object
- fixed handling of egw_exception_wrong_userinput, to not include a
trace (which is unneeded for regular input-validation)
- can be used via html class like:
$clean_html = html::purify($html);
- using it now in eTemplate to remove malicious code from html:
a) when displaying "formatted text"
b) when "formatted text" get's input by the user
- if base is a symlink to a dir, this one is listed anyway
- symlinks to dirs (beside the base) are only descended, if
$options['follow'] is specified
- links are returned for type 'f'
--> removed follow option from find() in filemanager_ui::get_rows()
--> no more infinit symlink loops in filemanager GUI
limit on the number of cascaded folders in Filemanager
--> MySQL 5.0 has a nesting limit for subqueries
--> working around that by limiting the nesting level to 10"
trailing slashes added to all collections caused a rename to an empty filename
--> all training slashes get now removed prior to calling any backend functions"
Fatal error: Class 'notifications' not found in
/home/domain/public_html/egw/etemplate/inc/class.bo_tracking.inc.php
--> reverts an older commit fixing a problem between the (depracated and no longer working) browser app and the browser class in the API"
- caching the phrases in new egw_cache on Tree level
--> a good speed improvment on my devel system
- also added a global function
check_load_extension($extension,$throw=false)
It allows to cache on 4 levels:
a) tree: for all instances/domains runining on a certain source path
b) instance: for all sessions on a given instance
c) session: for all requests of a session, same as egw_session::appsession()
d) request: just for this request (same as using a static variable)
There's a get, a set and a unset method for each level: eg. getTree()
or setInstance(), as well as a variant allowing to specify the level as first
parameter: eg. unsetCache()
getXXX($app,$location,$callback=null,array $callback_params,$expiration=0)
has three optional parameters allowing to specify:
3. a callback if requested data is not yes stored. In that case the
callback is called and it's value is stored in the cache AND retured
4. parameters to pass to the callback as array, see call_user_func_array
5. an expiration time in seconds to specify how long data should be cached,
default 0 means infinit (this time is not garantied and not
supported for all levels!)
Data is stored under an application name and a location, like
egw_session::appsession().
In fact data stored at cache level egw_cache::SESSION, is stored in
the same way as egw_session::appsession() so both methods can be used
with each other.
The $app parameter should be either the app or the class name, which
both are unique.
The tree and instance wide cache uses a certain provider class, to
store the data eg. in memcached or if there's nothing else configured
in the filesystem (eGW's temp_dir).
using octal numbers with mysql leads to funny results:
select 384 & 0400 --> 384 not 256=0400
--> converted 0400, 040 and 04 to 256, 32 and 4 for mysql"
- egw_vfs::stat and egw_vfs_stream_wrapper::url_stat now both have a
parameter $try_create_home=false, which do not create a non-existing
home-directory by default.
- filemanger_ui calls egw_vfs::stat($path,true) to create an evtl.
missing home dir (in case it does not exist because of previous
problems)
--> fixes not working home-dir creation or rename, because url_stat
already tried to create the home-dir
and GroupDAV. The "sessionid" get's constructed from the basic auth
credentials and is not random (as the clients dont store them).
--> speeds up the use of *DAV
--> stops *DAV handlers to created numerious sessions
- fgetcsv only works correct, if setlocal is called with an existing and
correct local
- improved projectmanager method guess_local and moved it to
common::setlocal, which takes now the charset, lang and country of the
user into account
- csv-import also displays now the conversation done and reads usernames
in brackets
- added some missing fields
- all: false (default) = ignore files starting with a dot '.',
true = show all files (. and .. are always ignored!)
- exec: false (default) = do NOT allow to upload or modify scripts,
true = allow it (if docroot is mounted, this allows to run scripts!)
--> deny_script method was added to egw_vfs and calls to it from
filemanager
Other fixes:
- missing write rights of the webserver were not removed from perms
(causing warnings to be displayed in the ui)
- rename was not working due to typos
--> should be backported for obvious reasons to 1.6
- symlinks are now read by url_stat and dir_opendir and stored in the stat cache, to minimize DB accesses
- negative url_stat calles (not found) are now stored in the stat cache too, to minimize DB access
- added new log level 3, which adds method-name and line number to the sql statements"
- sqlfs can store now symlinks (implements symlink and readlink)
- vfs resolves symlinks before calling a mounted stream-wrapper
--> symlinks can be between different mount-points
- filemanger can create symlinks and follows them
- etemplate vfs_widget displays symlinks (to be improved)
Happy testing :-)
--> now you can find the error in the error_log and dont get only a blank page
(also optimized it so far, that we first try to autoload the class and use the diverse \"magic\" only if that fails)"
per session and then operate on that cache.
This deliminates ~25 database queries for each sitemgr page.
Test carefully before applying this to a production sytem!
- change the processing of slowsync, to use the content_map instead of
trying to build a new one. This caused duplication issues on the
client if multiple similar records where stored, because only the first
one found in the server-db was matched, These duplicate entries at client
side had no entry at serverside, so deleting the wrong one
on the client (the content with a valid map entry) could cause
unwanted data loss at server side, because it is impossible for the
user to see what is a duplicate, and what is not.
see also:
http://www.nabble.com/again---syncml-duplication-issue-to20333619s3741.html
- reenabled UID from syncml clients, because it was partly used this caused
issues during SlowSync if the content was changed.
- infolog, calendar if a uid is found in the provided data, allway try to
find the corresponding content first using only the UID, instead of
using the content-id taken from content_map.
also fixed:
- a few fixes in ./notes
- creating an entry on the client that can not be imported,
(Example, Nokia E Series Appointment without a Title)
will no longer create an invalid content-map entry
However, at client side this is still counted in the Protocol as
Server-Add
manufacturer and the recogniced GroupDAV client as product name.
This way we are able to handle different GroupDAV clients, as we
allready do with different SyncML clients.
Also removed the no longer needed code enabling the use of the real UID,
as SyncML does no longer misuse the UID for it's GUID.
longer use GUIDs containing eGW's install_id, as the information is
irrellevant for SyncML and cause doublications of entries if the
install_id changes.
I plan to have a new rc4 Wednesday or Thursday containing these changes.
- adding the application ('syncml')
- replacing next_record()/f() with fetch()/fetchSingle() or looping over the result object
Thanks to Philip Herbert from Knauber for testing it"
- exceptions get now always logged to the error_log
- in the webgui it's now configurable, if the message contains a
stacktrace (incl. function arguments) - default no (security)
- command line interfaces get detected and contain no html anymore
- webdav and groupdav send the exceptions as basic auth realms to the
client
- webdav and groupdav login failures contain the reason as part of the
basic auth realm
- egw_vfs::download_url as not encoding + or ' ' in pathes
- HTTP_WebDAV_Server was urldecoding $_SERVER[PATH_INFO], which is
wrong, as it is NOT encoded
- HTTP_WebDAV_Server was NOT urlencoding the pathes in PROPFIND
responses, causing eg. cadaver not to be able to use dirs containing
+ or space
sqlfs stores files with fs_id < 100 directly under /sqlfs in the files
dir. They conflict with directories created for fs_id >= 1000.
--> fs_id < 100 are now in a directory /sqlfs/00
You need to run the 1.5.016 update or you will not find the content of
files with fs_id < 100 anymore!
reads of entries from the database: Applications can call
egw_link::set_cache($app,$id,$title,$file_access=null)
from their search or read method, to eliminate the need to query the
entries again, when the egw_link class, link widget or links stream wrapper
needs title or file_access values later.
This offloads the caching to the link class, and improves performance a
lot, specially for infolog.
The cache is stored in the session and modified or deleted items get
removed, when the link class get notified about that anyway.
- flag in session if it is encrypted to prevent calling the encryption more then once, which stalls the session-content
- egw_session::session_comit() method calls now encrypt() too, as it closes the session, before the destructor is called
- hack to fix PHP Fatal error: Cannot use string offset as an array, which happens sometime in felamimail under php5.2
- some more docu"
- it now also encrypts the egw object and egw_info array, stored in the session
- it no longer encrypts every egw_session::appsession() call, but the
whole array at once when the egw_session object gets destroyed
- mcrypt algo and mode are currently hardcoded to tripledes and ecb, as
we dont have the database connection, when they are needed. You can
add it as egw_info[server][mcrypt_{algo|mode}] in the header.inc.php
- fixed a bug, which let the session grow around 400k(!) each request
- if mcrypt or the selected algo/mode is not availible the session
encryption is switched off automatic, but an error is logged
+ path with clickable components
+ human readable size, mode, ...
+ mime icon with integrated thumbnail creation
- link widget uses now vfs-mime for it's icons
- thumbnail creation is now switched on with size 32px by default, it can
be switched of by the admin or user, in doing so explicitly
- mime-icons are moved from filemanager to etemplate, as not everyone
installs filemanager
- filemanager has now 3 display modi:
+ Current directory (with subdirs always on top)
+ Subdirs sorted in
+ Files from subdirs (shows recursive all files and you
can click on the path components thanks to new vfs widget)
a hashed directory structure based on the fs_id and not longer on the
path (which can not be recovered, once the filesystem get's corrupt)
--> Make backups (db AND files directory), before attempting the update !!!!!!!!
- the used storage (default filesystem) can be switched via a get-parameter in the url mounted (eg. sqlfs://default/?storage=db)
- please note the current (php5.2.6) problems:
a) retriving files via streams does NOT work for PDO_mysql (bindColum(,,PDO::PARAM_LOB) does NOT work, string returned)
(there's a workaround implemented, but it requires to allocate memory for the whole file!)
b) uploading/writing files > 1M fail on PDOStatement::execute() (setting PDO::MYSQL_ATTR_MAX_BUFFER_SIZE does NOT help)
(not sure if that's a bug in PDO/PDO_mysql or an accepted limitation)
--> now we need to implement an easy switch in setup to allow admins to use the db backend (does NOT require an directory outside the docroot)
currently you need to use filemanager/cli.php mount"
allowing to set an arbitrary uid, gid and mode for the vfs (like
mounting a dos Filesystem under Linux).
Can be used to mount eg. an upload dir writable only by Admins:
filemanger/cli.php mount --user root_admin --password whatever \
filesystem://dummy/var/www/html/uploads?group=Admins&mode=075 \
/uploads
Please note that you can NOT use filesystem:/something!
Fixed the vfs-classes to deal correctly with get-parameters used as
mount-options.
- new feature allowing apps to specify with index-page and icon to use
--> allows to install sitemgr-link icon without an extra application
(which was a symlink and got lost in every version upgrade)
PHP Fatal error: egw_db::connect(): The script tried to execute a method or access a property of an incomplete object ...
Problem was that session restore is now used regardless if it's explicitly switched on, egw_db::connect() only registered the required class, if it was explicitly switched on. Therefore it worked everywhere, where session restore was configured before, but failed everyone not used it before ;-)"
- DONT UPDATE ON A PROCUDTION SYSTEM (for the next few days)!
- eGW support from now on only php session handling
- custom session handlers (like the memcache one) can now be
implemented as classes and dont need to change any other code
- the class get's autoloaded and the name need to be configured
eg. in the header.inc.php as $egw_info[server][session_handler]
- session restore is now enabled by default (it's way faster and
works well with php5.1+)
- a db-bases session handler follows soon
- new GroupDAV v2 component-set attribute for collections
- getlastmodified & getcontentlength properties for infolog propfind
- fixed propfind on a single infolog entry to return just that entry
- getcontenttype of vevent and vtodo collection returns extra component
The problem seems to be line [784] of trunk/phpgwapi/inc/horde/Horde/iCalendar.php
$value = str_replace($this->_newline, '\n', $value);
When removing this line, the description value is correct on the client.
I could not find any sideffects during my tests, if some clients have
problems with this, I assume this would then have to be fixed at a higher
level, because the current state with this line just causes broken output.
From wikipedia regarding Linebreaks in QuotedPrintable:
If the data being encoded contains meaningful line breaks, they must be encoded as an ASCII CR LF sequence, not as their original byte values
Vcard extract without the reported line code:
DESCRIPTION;ENCODING=QUOTED-PRINTABLE:Desc 1=0D=0ADesk 2=0D=0A=0D=0A
Vcard extract with the reported line of code
DESCRIPTION;ENCODING=QUOTED-PRINTABLE:Desc 1\nDesk 2\n\n
pointed out by Philip Herbert. Carl Knauber Holding GmbH & Co KG
formal error.
This breaks sync for single contacts from egw to client.
example: photo in addressbook without blank line after the property value.
This way the devices are not compliant with RFC2426 (Vcard Version 3)
5. Differences From vCard v2.1
[...]
. Inline binary content must be "B" encoded and folded. A blank
line after the encoded binary content is no longer required.
[...]
This was pointed out by Philip Herbert. Carl Knauber Holding GmbH & Co KG
noticed while working on it:
- memory size error, when renaming a file after posting the list (eg.
clicking on home icon)
- renaming (moving) one file on an existing filename, put the file in an
inaccessible state
- renaming more then once, did not work
--> ToDo: add some ajax to notify the user, when he tries to overwrite
an other file while renaming one
NTLM SSO removes Windows users on a PC, which is a member of a Windows
domain and who are logged into that domain, from the need to explicitly log
into eGW. They simply point IE to the eGW URL (eg. http://domain.com/egroupware/)
and start working. They can of cause explicitly log out and log in as an
other user.
For more information look at the README at
http://www.egroupware.org/viewvc/trunk/phpgwapi/ntml/README
2. different authentication for SyncML and/or GroupDAV
You can now use eg. an external auth provider for the login via the
WebGUI (eg. ADS) and the passwords stored in SQL for SyncML.
addressbook (infolog will follow).
CalDAV is tested so far with lightning 0.8 and Apple's iCal. Please note
that both distinguish between iCalServer and CalDAV!
The URL is currently http://domain.com/egroupware/groupdav.php/calendar/
- if you already run the 1.5.003 update (AND modified anything in the VFS), you have to re-run it, to not loose your modifications or risk an inconsistent VFS (DB does not match filesystem)
- to re-run the 1.5.003 update (only if your version is already 1.5.003 or bigger!) run the following sql:
UPDATE egw_applications SET app_version=1.5.002 WHERE app_name=phpgwapi
- the new vfs supports now an extended ACL, if that is supported by the backend (sqlfs only currently)
- eacl allows to set separate recursive acl rights for different users or groups on a directory (and subdirs)
- former group grants of group dirs are converted to eacl, thought we only support read or read+write access (no extra add or delete)
- attachments via the links class now also use a stream wrapper interface (links_stream_wrapper) and WebDAV as download handler (which requires no longer filemanager run rights)
This index allows a fulltext search over all applications (or of
cause also a single app).
Whenever an applications stores an entry it calls:
boolean egw_index::save($app,$id,$owner,array $fields,array $cat_id=null)
which calls, as the application do when is deletes an entry (!),
boolean egw_index::delete($app,$id)
and then splits all fields into keywords and add these to the index by
boolean private egw_index::add($app,$id,$keyword).
Applications can then use the index to search for a given keyword
(and optional application):
array egw_index::search($keyword,$app=null) or
foreach(new egw_index($keyword,$app=null) as $app_id => $title)
To also allow to search by a category or keyword part of it, the index
also tracks the categories of the entries. Applications can choose to
only use it for category storage, or cat do it redundant in there own
table too. To retrieve the categories of one or multiple entries:
array egw_index::cats($app,$ids)
Applications can use a sql (sub-)query to get the id's of there app
matching a certain keyword and include that in there own queries:
string egw_index::sql_ids_by_keyword($app,$keyword)
Please note: the index knows nothing about ACL, so it's the task of
the application to ensure ACL rights.
- new public egw_link class, which has only static methods and can NOT be instanciated
- depricated bolink class, for existing code instanciating the bolink class in $egw->link
- new method and application hook *titles* to retrieve the title of multiple entries of an app in one go
- new method *get_links_multiple* to retrieve all links of multiple entries of an app
- read rights are not checks in each traversed directory (via sql in a single query to locate the path)
- diropen additionally checks for execute rights
- fopen checks for read or write depending on the mode
- chmod, chgrp, chown methods in sqlfs and egw_vfs/vfs plus an egw_vfs::$is_root var used to grant root rights (no access controll and chown or chgrp without being the owner of a file)
- find method (some more params to come) to recursivly search and optionaly execute some callback
- egw_vfs::remove doing a "rm -r" / recursive remove or dirs and files
- new files or dirs inherit the perms and ownership from the parent directory (no umask)
- files/dirs the user has no read rights, in a directory where he has no write rights, get hidden (eg. not showing all the other users / groups home dirs
- many new cli commands (chmod, chgrp, chown, find), recursive option for most commands and the ability to use it with root rights, see the usage message if called without options
- "cp -r -p" to copy a whole tree incl. ownership and perms, eg. backing up /home to /backup
Attribs: Stephan Becker: Code, identified the Javascript culprits
Wim Bonis: Code, Race condition
Klaus Leithhoff: Code, mbstring writes a different length to that that it reads
Lars Volker: Code, Debug memcache slab memory, memcache add as lock.
child, that has executed a php script with mbstring.func_overload=7 once, will
overload substr() in a later execution of another php script, even if the
Location context of that script has mbstring.func_overload=0 set. Since the
WBXML decoder works byte-by-byte to determine substring length, it fails, if
mb_substr() is used. This patch prevents this.
- caching the information for dir_open vfs_sql::ls() to use it in url_stat, to not read it again from the db
- implemented a static touch method, which is not (yet) part of the stream-wrapper interface
- have a static method config::read($app) to read the config of an app, no need to instanciate it
- added some caching to not read the config more then once per request
- moved the get_customfields and get_content_type methods here from admin.customfields
- private custom fields only visible for certain users/groups (in addressbook only for the moment)
This is due to a bug in felamimail, when typing an address, the auto completion produces an XML Error, because the
socontacts_sql class is not found.
The problem may be resolved by another method, the solution provided here is probably not wanted, for proper style reasons,
and will not solve all possible autoload problems.
out-of-band data such as the HTTP user agent.
Use that to determine weither message fragmentation should be used or not.
Indicate that Funambol 6+ supports fragmentation (this solves cases where
big addressbooks cannot be syncrhonized because there are too many entries).
Added a hack that allows one to search for the categories' names prefixed by X-
Sony Ericsson phones (and possibly others) systematically prepend a X- to the
category names, so with this patch we match X-CatName just like CatName
This is only done for SyncML obviously.
- Enable $noNullString in oci8 driver, this solves inserts blanks on NOT NULL columns that are not part of the
primary key
- Fixes problems as group creation, and others
Indexes: The solution of put the index name of the first columnt dont't
work because duplicates, create instead a hash of the large name (PHP 5
>= 5.1.2, PECL hash:1.1-1.5) with an fixed char at beginning (Oracle
objects names can't start with a number)
Secuences & triggers: create a a hash of the large name.
logout+mbstring stuff), small modification to use the already exiting
methodes to generate full name and fileas)
The code is commited to trunk only at the moment to allow testing of it.
If everything goes well, we intend to commit it to 1.4 branch too.
Here's the original description of the patch by Patrick:
- handles the default config for current versions of funambol (i.e. the
scard/stask/snote/scal locations)
- tries to be a bit smarter on how the data content should be encoded
based on what the client specified (sif+base64/vcard, / fragmented or
not, etc.)
- workaround a bug in some versions of funambol, where funambol does not
specify the proper sif type for the type of requested data
- imported patch #117 from egw's tracker
- make sure that the logs generated by the horde code go to stderr so
they can be view in the webserver's logs
- as much as possible reduce code duplication. For example, the
categories are handled in the parent classes for both the SIF avn VCAL
formats for each type of data (addressbook,infolog,calendar).
- make sure the code can handle more than one categories in each
direction
- treat the 'sony ericsson' vendor string just like 'sonyericsson', the
newer phones apparently have a space in the vendor string... (this
touches some files in the icalsrv as well)
- handle notes: these should now work with everything (funambol or
other)
- remove more code duplication: the syncml "api" for the various data
types (calendar, contacts, infolog) is now common for both the vcard and
sif data formats (cf the files that need to be removed)
- handle the "privat" filter in infolog like the "private" filter (some
part of the code use the name without the trailing e)
- imported patch # 267 from egw's tracker
fixed a problem for the refreshing of a directory: mime_types got lost, when refreshing and the mime type could not be determined by get_real_info.
the fix uses the phpgwapi.mime_magic.ext2mime function to determine the mime_type if the common method fails to find one.
It turned out to be a caching problem, as the cache of the accounts-class still contained a failed id2name resolution for the new account.
This was caused by the session-restore with stored the cache in the global accounts object ($GLOBALS[egw]->accounts) too.
Now the global cache is in the global account-object and all other account objects use just a reference to that cache. It get stored from common::egw_final by calling $GLOBALS[egw]->accounts->save_session_cache() in the session."