SteelPHP Release Notes

Version 0.0.0.78

Baselined 2021-01-17
  • IMPORTANT
    • Renamed all Callback*() functions to On*(). THIS IS A MASSIVE CHANGE!
    • Introduced plugins and removed plugin-like behaviour from assemblies.
  • Security
    • No changes
  • Defects
    • No changes
  • New features
    • Introduced the CWebsitePlugin class.
    • Added function CWebsite::IncludePlugin() to load the plugin source code file from the assembly line.
    • Added function CWebsite::GetPlugin() to access a plugin class based on its ID.
    • Added function CWebsiteSatellite::GetSatelliteType() which must be implemented by all derived classes to prefix all trace messages emitted by the website satellite class.
  • Improvements
    • Changed the breakpoint for the GitHub ribbon to align with the Bootstrap lg breakpoint (at 992 pixels).
    • The dnamic website scaffold's logout content now makes sure the user is really logged out.
    • Both basic and dynamic website scaffolds' layouts can configure background and text color.
    • Added OnInitPlugins() function to the website classes in the scaffolds.
  • Discontinued
    • CAssembly is now declared as final. It is no longer allowed to derive from the CAssembly class. Functionality from derived assembly classes must now be moved into plugins.
    • Removed function CAssembly::EventHandler(). Assemblies are no longer informed about events. CWebsite no longer sends the "website-assembly-init" event.
    • Removed functions CWebsite::IncludeAssembly() and CWebsite::RegisterAssembly().
    • Removed function CAssembly::CallbackRenderGenericOutputItem(). Use plugin classes to embedd generic output items.
    • Removed elements CGoogleMapsElement, CFacebookShareElement, CLinkedInShareElement and CXingShareElement.
  • Quality
    • Added more typos to the sourcefiles/typo test.
  • Refactoring
    • Renamed all Callback*() functions to On*() except for real callback functions (those which are supposed to be passed as a parameter to another function).
    • Renamed functions CUnitTestRecursiveFileCheck::On_TestCase_Check*() to OnTestCaseCheck*().
    • CModule now verifies that the parent implementation of OnInit() is invoked in derived classes.
  • Documentation
    • No changes

Version 0.0.0.77

Baselined 2020-12-27
  • IMPORTANT
    • MakeHash() now supports arrays within arrays by calling itself recursively. This may lead to incompatible (yet more correct and colision free) hash values.
    • Started to rename CWebsite::Callback*() functions to CWebsite::On*().
  • Security
    • No Changes
  • Defects
    • The charset definitions containing escaped characters were not using double quotes. This has been fixed. Affected charset definitions are CHARSET_LINEBREAK and CHARSET_WHITESPACE.
    • MakeHash() produced an error of an array with arrays was supplied as the payload. This has been fixed.
    • Module user/signin caused an error by supplying incorrect parameters to the website's SystemEvent() method. This has been fixed.
  • New Features
    • Added native support for open graph headers. Overload the function CWebsite::OnGetOpenGraphImageURL() to provide an open graph image. Title and description is taken from the corresponding functions OnGetWebsiteTitle() and OnGetWebsiteDescription().
    • Added opengraph.png to demonstrate the open graph feature.
    • Module system/testmanager now displays a rotating spinner icon when executing all tests.
    • The Loading element now has an "inline" style to be used when embedded into a message text.
    • CWebApplication now sets the header "X-Frame-Options: DENY" to prevent integration into an iframe unless the config setting "iframe_allow" is set to true.
    • Added function CWebsite::ActivateFontAwesome5() for font awesome 5.x support.
  • Improvements
    • The release notes now contain the "Improvements" section to better highlight improvements on existing features.
    • The release notes now also contain the "Discontinued" section to highlight features that have been removed.
    • The GitHub ribbon now uses div instead of span tag to improve layout on mobile devices.
  • Discontinued
    • Removed CGoogleMapsElement
  • Refactoring
    • Renamed function CallbackGetWebsiteTitle() to OnGetWebsiteTitle().
    • Renamed function CallbackGetWebsiteDescription() to OnGetWebsiteDescription().
    • Renamed function CallbackGetWebsiteKeywords() to OnGetWebsiteKeywords().
    • Character definition CHARSET_SPECIAL no longer contains the space.
    • Character definition CHARSET_TEXT now contains line break and whitespace characters.
  • Quality
    • Function w3cInterpretResponse() now identified a 503 error (which comes up from time to time - e.g. 2020-12-27) and the corresponding test is set to inactive in that case.
    • Added test sourcefiles/badstringliterals to check if there are escaped line break characters within single quotes string literals - which typically is a mistake in php code (but not in JS).
    • Added test sourcefiles/html to check for problems in html files (starting with bad comment end tags).
    • Added test wdk-element/flag
    • Added test wdk-hash/makehash to test the MakeHash() function in various scenarios.
  • Documentation
    • Added an article about routes.

Version 0.0.0.76

Baselined 2020-12-15
  • IMPORTANT
    • Removed glyphicon support
    • By default CWebsite::ActivateJQuery() function now includes JQuery 3 (instead of 1)
    • Renamed CBootstrapLayout and CBootstrapThemeLayout to CBootstrap3Layout and CBootstrap3ThemeLayout
  • Security
    • No changes
  • Defects
    • CSortOrderElement did not use its layout cfg file. The cfg file and the load mechanism has been removed.
    • The module user/languageselection still used the deprecated icon element that was based in images. This has been fixed.
    • Updated IsValidURL() to cover even more sophisticated cases of valid URLs
    • Module system/webservicemanager did not show a webservice's version if the help file could not be loaded. This has been fixed.
    • Module cms/wikipad no longer displays an error message if the loaded content is just empty and no default content has been provided.
  • Refactoring
    • The function TestCase_w3cValidateURL() has been moved to the CMonitoringUnitTest class to encourage reuse
    • Updated the blank male and female profile images
    • Removed no longer needed images used to construct a very old variant of the tab navigation element
    • Moved function MakeTel() to wdk_html.inc
    • Renamed CWebsite->ActivateBootstrap() to ActivateBootstrap3() to support multiple Bootstrap versions
    • Removed bootstrap files from the distribution. All files are now loaded from the corresponding CDNs.
    • WDK JS functions to store and remember scroll positions are now JQuery 3 compatible.
  • New Features
    • The "install" command is now supported by all webservices (not just database based webservices).
    • Added the function IsStringURLEncoded()
    • Added the CLinkImageElement class
    • Added the CResponsiveElement class
    • Added CWebsite::ActivateBootstrap4() to include js and css components of Bootstrap 4.x
    • CWebsite::AddStyleSheetURL() and CWebsite::AddJavaScriptURL() now support the integrity attribute
    • CWikipadModule now support a "Save and stay" button to save changes and return to edit mode. It can be activated using the module config option "showsubmitbuttonsaveandstay".
    • CFormElement: In the "onecolumn" layout style multiple buttons in a row are now displayed next to each other instead of above each other.
  • Quality
    • No changes
  • Documentation
    • No changes

Version 0.0.0.75

Baselined 2020-10-20
  • IMPORTANT
    • GetStage() has been renamed to GetEnvID()!
    • GetDatabaseConfigID() has been renamed to GetEnvConfigID()!
    • ICON SUPPORT HAS CHANGED SIGNIFICANTLY. CHECK YOUR ICONS, TOOLBARS, ETC.!
  • Security
    • No Changes
  • Defects
    • JavaScripts that were added during the rendering of generic output items were not considered since JavaScripts were rendered before tag replacement. This has been changed. JavaScripts are now embedded as part of the tag replacement loop - so placeholders in JavaScripts can be used and generic output items can in return still add JavaScripts.
    • CWebsiteSatellite::MakeURL() did not pass through the bEncoded parameter. This has been fixed.
  • Refactoring
    • The env.inc function GetDatabaseConfigID() has been renamed to GetEnvConfigID() and the expected config file is now env.cfg by default.
    • The env config file is now loaded by default by CWebApplication - so there is no need to do that in derived classes (Websites, Web services, Installers, etc.).
    • Access codes for web services can still be set in the GetWebserviceDirectory function - but they shouldn't. Set the access codes in the env.cfg file!
    • The CIconElement class is now entirely based on Font Awesome icons instead of a mix of images, Font Awesome and Glyphicons. This has widespread implications on CLinkIconELement, CMailIconElement, CItemManagerElement, CPageNavigatonElement, CFormElement etc.
    • Removed all layout_default_icon* files (except the country and language icons)
    • Removed layout_default_horizontalmenu_separator.png
    • Removed CCarousselElement
    • Removed CSSLModule
    • Renamed class CountdownElement to CCountDownElement
    • Refactoring of RenderWebsite and the rendering of the head portion of the html output: The header is rendered before the tag replacement (like before) but the array of css files and the default layout css file is now added AFTER the tag replacement. This enables css files to be added late during generic tag replacements. E.g. if the icon element is only used as a generic tag, it can still use CWebsite::ActivateFontAwesome() to add the font awesome css file.
    • Layout config items will also be applied to additional css files which are embedded into the html.
    • Removed wdk_devices.inc with its GetDeviceType() and IsDevice*() functions. Removed the mobile_detect library from WDK. The reason to add the library was because phone number links were not properly treated by browsers in 2017. However this has changed so there is no reason not to create tel: links for non-mobile devices in 2020.
    • Removed the bootstrap dist file from WDK.
    • Webservice system/server is now using GetSystemHostname() to derive the Plesk URL (not the IP) because we assume that a SSL certificate is set up for the domain. In addition the login page URL has changed in a recent Plesk version.
    • Removed the templates in folder wdk/templates/. Use the scaffolder instead!
    • ArraySetValueRecursive() now returns the modified array instead of modifying the parameter.
  • New Features
    • ArraySetValueRecursive() can now identify keys based on a regular expression.
    • Added function ArrayRemoveKeyRecursive() and corresponding tests
    • Added function ArrayMap() and corresponding test
    • Added function ArrayMapRecursive() and corresponding test
    • Added CLegendElement and corresponding demo code
    • Added demo code for CCountDownElement
    • Added CLoadingElement
    • Added a new scaffold to create a new element
    • Added CForkMeOnGithubElement to display a ribbon with a link to the corresponding GitHub repo.
    • Added several functions to CWebsiteSatellite: RenderDate(), RenderTime(), RenderDateTime(), RenderNumber() and RenderCurrency()
  • Quality
    • The test security/openssl now checks if the build date could be determined. It will result as a failed FAILED test but it will no longer output false statements regarding vulnerabilities.
    • Test sourcefiles/typo has been updated to detect 'teh'.
    • Test sourcefiles/deprecated now checks against GetDatabaseConfigID() and GetStage().
  • Documentation
    • Removed "Prologue" and "Introduction" chapters and moved all contained contents to the first level.
    • Added article on publishing a WDK based project on GitHub.

Version 0.0.0.74

Baselined 2020-05-06
  • Security
    • No Changes
  • Defects
    • GetDnsRecords() now uses CErrorAmnesty to supress errors emitted from dns_get_records() to stdout.
    • LoadStringResourceFile() erroneously merged previously loaded strings over new ones instead of vice-versa. This has been fixed. Strings loaded later now have higher priority.
    • IsValidURL() can now also cope with URLs that have a @ character in the path and {}? characters in the query.
    • GetDomainStatus() did not properly consider TAKEN domains in case there are DNS entries. The function now also checks for "status: connect" and reports such domains as TAKEN.
    • GetSSLCertificatesFromHost() did not properly handle errors when receiving an SSL certificate. This has been fixed.
    • CElement now works properly in case neither a layout HTML not CFG file is required.
    • ReplaceTags() did not replace more than 10 tags if the tag prefix parameter was empty. This has been fixed.
    • ConvertToDate() and ConvertToDateTime() did not always interpret the date format dd.mm.yy correctly due to a faulty implementation of strtotime. This has been fixed.
    • Element CFormTemplateElement erroneously tried to load a layout html file. This has been fixed.
    • CWebsite::EnforceHTTPS() used the outdated function MakeProtocolLink(). This has been fixed.
    • CCommandDefinition::CheckCommand() erroneously returned error strings containing the outdated "ERROR_" prefix.
    • When trace was activated and the state was stored in the session, it took 2 requests to deactivate traceing via parameter (since the session data took precedence) - this has been fixed.
  • Refactoring
    • Webservice output format "jsonpretty" has been deprecated. The new default is "json" (which is always pretty printed).
    • CMonitoringUnitTest::TestCase_DomainStatus() no longer checks if the domain is for sale.
    • GetFloatValue() has been renamed to GetLocalFloatValue(). A new GetFloatValue() function is introduced which detects separators and delimiters automatically.
    • GetHostNameFromIP() does no longer logs an error in case the shell_exec call fails.
    • GetAllCurrencySymbols() returns an array with all currency symbols indexed by the currency IDs. In return the TID_CURRENCY_*_SYMBOL items have been removed from the "local" text resource files.
    • ParseDateTime() now returns 1 for Monday to 7 for Sunday as the WEEKDAY value (before it was 0 for Sundays).
    • exec() has been replaced by ShellExecute() in IsFile() and DeleteFile().
    • shell_exec() has been replaced by ShellExecute() in GetHostNameFromIP() and GetIPFromHostName().
    • Added 'use strict' to all WDK related java script files.
    • GetVersionInfoApache() now uses the command "apachectl -v" instead of "apachectl status". This seems to be more resilient to different server configurations.
    • Javascript file wdk-progressindicator.js has been renamed to wdk-progressindicator-activate.js. The test sourcfiles/depracated checks if the old file is still added.
    • Javascript file wdk-progressindicator-download.js has been renamed to wdk-progressindicatordownload-activate.js. The test sourcfiles/depracated checks if the old file is still added.
    • CWebsite::RenderJavaScripts() now makes sure the query, wdk, and wdk-trace-activate javascripts are loaded first - so that wdk-trace-activate can be included to activate trace display late in the website's life cycle.
    • Moved functions HttpRequest() and ParseHttpResponse() to new source file wdk_http.inc.
    • Removed CWebsite::RedirectAtOnce() and added new function RedirectAndExit() in wdk_http.inc. Deprecated CWebsite::RedirectAtOnce().
    • Moved functions AddJavaScript*() from CReactElement to CWebsiteSatellite
    • Renamed JavaScript function Error() to TraceError() to avoid a name clash with the Google Maps API.
  • New Features
    • Added all the world's country names and flag icons
    • Added module devtools/localenavigator to check support (i.e. localized text and flags) for all supported countries, currencies, languages, locales and time zones.
    • CMonitoringUnitTest::TestCase_Domain() now also checks if the domain's IP address is included in the SPF record in case it is a mail domain.
    • Added CInstaller::AddScheduledJob() to add additional scheduled jobs during installation.
    • Added GetCurrencySymbol() and GetAllCurrencySymbols() to get currency symbols.
    • Added GetTimeWeekBegin() and GetTimeWeekEnd() to get the begin or end of the week of a given time.
    • Alert mails sent by webservice system/test now contain the date and time in the subject line. This is to prevent the mails from being grouped in Gmail and to make sure one can easily see when the mail was actually generated - not when it was received in a mailbox.
    • Alert mails sent by webservice system/test now contain the number of affected tests earlier in the subject line so that the number of e.g. failed tests can be seen more easily on small devices.
    • CWebsite::RenderWebsite() now integrates javascripts before the tag and text replacement. This allows the use of tags and text resources within embedded javascripts. However this may have a negative impact on rendering performance.
    • Added CWebsite::ActivateD3v5() to include the javascript-based d3 library.
    • Added CWebsite::ActivateReact() to include React.
    • Added CWebsite::ActivateJQuery() to include JQuery.
    • Added CWebsite::ActivateFontAwesome() to include the CDN hosted version of font awesome version 4.x.
    • Added CReactElement class to provide a vehicle to integrate React components. The integration of React components as WDK element appears natural as they may be configured depending on layout considerations. WDK Elements should usually not have any other interaction other than receiving parameters when instantiated and rendered. However this applies to the backend. The included JavaScript may of course interact with other server-sided components.
    • Added CD3ReactElement class to provide to integrate React Components that contain a d3 features.
    • Added IsFilePath() and IsDirectoryPath() to check if a path points to a potential file or directory - but without checking if the file or directory really exists.
    • Added CHARSET_PATH to cover allowed characters for folders and file pathes.
    • Added check for CHARSET_PATH in IsValidPath().
    • RenderValue() now also renders objects.
    • Added JsonEncode() and JsonDecode() in new wdk_json.inc with supporting test wdk-json/jsonencodeanddecode
    • Added shell script for cleaning the qmail mail queue: shell/qmail-clearmailqueue.sh
    • IsValidCountryID() now supports all alpha3 codes as of 2019-09-18.
    • CWebsite::GetImageURL() now also supports svg.
    • Added function FileWrite() to (over)write files.
    • CWebservice::CallbackError() is now called whenever CWebservice::SetError() is used to set a new error state in the web service. Feel free to overload it.
    • Checking for "error_log" as part of the test sourcefiles/debugdebris.
    • Added function AddStyleSheet*() to CWebsiteSatellite.
    • Added JavaScript functions GetStringValue() and GetNumberValue() to wdk.js.
    • Added JavaScript function GetRandomInteger() to wdk.js.
    • Added JavaScript function HttpRequest() to wdk.js - be warned however, using this function in the main thread will cause a warning since it works synchronously.
    • Added JavaScript function GetIntegerValue() to wdk.js to get an number from any value.
    • Added JavaScript function RenderValue() to wdk.js to recursively render any object for debug purposes.
    • Added CList::Aggregate() to aggregate elements in a list. Only counting is supported for the time being.
    • Webservice system/server command status now also returns the panel.log file size to enable monitoring based on the Plesk log file size.
    • ParseCSV() and FileReadCSV() now supports a new parameter bNewLineInQuotedValues to control if new line characters within a quoted value should be treated as a new row or as part of the value. The default is false which might cause a change of behaviour!
    • Added CWebsiteSatellite::LoadStringResources()
    • In case Debug() was used the trace log output begins with a note that points out that there is debug output in the log.
    • Added function ArrayMergeRecursive() and the corresponding test
    • Added function ArrayValues() to encapsulate array_values() and the corresponding test
    • Added function IsArray() to encapsulate is_array() and the corresponding test
    • Added CFileCache class and corresponding test
  • Quality
    • Changed the warning threshold for expiring SSL certificates from 21 to 14 days.
    • Added test wdk-currency/getcurrencysymbol to check GetCurrencySymbol() - and inherently GetAllCurrencySymbols().
    • Added test wdk-filesys/isfilepath, wdk-filesys/isdirectorypath and wdk-filesys/isvalidpath
    • Test sourcefiles/deprecated checks if the string "jsonpretty" is used.
    • Test sourcefiles/deprecated checks if the string " _construct" is used.
    • Added test wdk-genericoutputitems/url-wiki and wdk-genericoutputitems/wiki to check if generic output item rendering works properly in combination with wiki formatted content files.
    • Deactivated the test wdk-locale/getalllocales because GetAllLocales() does not yet support ALL countries.
    • CUnitTest::TestCase_CheckURL() now also checks the http status code and the test is failed if the status code is 5*.
    • CMonitoringUnitTest::TestCase_Server() now also checks for a panel.log file that is larger than 100 byte to detect potential problems within Plesk or its plugins. This test can be used to identify potential issues with Lets Encrypt SSL certificate renewals.
    • Added CMonitoringUnitTest::TestCase_CheckSSL() to explicitly check the validity of the SSL certificate on a host.
    • Added test wdk-zip/compressfilesinmemory
    • Added test wdk-array/arraymerge
  • Documentation
    • No Changes

Version 0.0.0.73

Baselined 2019-05-04
PHP 5 IS NO LONGER ACTIVELY SUPPORTED. USE PHP 7 INSTEAD!
For migrating from PHP 5.x to 7.x refer to: http://php.net/manual/en/migration70.php
  • PHP7 Migration
    • Replaced all deprecated class named constructors by __construct().
    • ShellEscapeArgumentString() now always converts to UTF8.
    • RenderDateTimeFormat() is now hardened against float values used in the 'time' parameter.
    • A number of expressions needed to be changed to avoid using non-numerical input for numerical calculations.
    • CMonitoringUnitTest::TestCase_Server() now also allows PHP 7.2.x
  • Security
    • No Changes
  • Defects
    • Module devtools/httprequest used an empty string to initialize an array. While ignored by PHP5 this caused an error in PHP7. This has been fixed.
  • Refactoring
    • No Changes
  • New Features
    • Webservice system/server protect command now supports the config setting to ignore the case that the mail warn file does not exist. This is for servers that do not YET have any mail traffic.
  • Quality
    • E_STRICT is now considered deprecated.
    • Test wdk-datetime/renderdatetime now also checks string input.
  • Documentation
    • No Changes

Version 0.0.0.72

Baselined 2019-04-29
  • Security
    • No Changes
  • Defects
    • The favicon.ico issue was still causing problems. Writing the session is now avoided in case of subsequent calls. This should now really fix the issue.
    • The scaffolder referred to WDK without the name placeholder in screen text. This has been corrected.
    • CWebsite::PrepareHeaderStyleSheets() no longer adds the type attribute to style tags.
    • IsValidURL() can now cope with URLs that have a forward slash after the hash character.
    • IsValidURL() can now cope with URLs that that include a tilde (~) or double point (:) character in the path segment.
    • IsValidURL() can now cope with URLs that that include an ampersand (&) character in the anchor segment.
    • The copyright period is now displayed correctly if the copyright_since meta item is set to a year in the future.
    • Module devtools/cookiemanager now uses IncludeElement('elementmanager') to prevent an error.
    • ReplaceTags() did not work well with nested pseudo tags if ReplaceTags_SearchNextTag() was used. This has been fixed.
    • Module devtools/httprequest now ignores post parameters in a GET request.
    • Rendering the sitemap.xml does no longer create and set a session.
    • Google Analytics tracking IDs can now be 14 characters long. This is considered now.
  • Refactoring
    • CWebsite::CreateErrorImage() has been renamed to CreateImageError();
    • GetDomainStatusArray() now longer supports DOMAIN_STATUS_PARKING.
    • HttpRequest() now checks the strURL parameter using IsValidURL().
    • CWebsite::RenderWebSite() is now aware of the fact that JavaScript files may be added during rendering generic output items and that JavaScript files may contain output items.
    • ShellExecute() is now invoking proc_open() with error amnesty to avoid not needed error log entries.
    • Performance of ReplaceTags() was significantly improved.
    • The config option to control the check for unintended output has been reversed: 'check_unintendedoutput_defuse' is no longer supported. Use 'check_unintendedoutput' instead to do the opposite.
  • New Features
    • Added GetSSLCertificateFromHost() in wdk_ssl.inc to retrieve SSL certificate details from a host - including the date until the certificate is valid.
    • SendMail() now retries to send a mail once if the first attempt failed.
    • SendMail() no longer issues system errors in case the mail cannot be sent (e.g. because the mail client is not executed).
    • CWebApplication::SendMail() now returns true or false.
    • CWebApplication::SendMailToAdmin() now returns true or false.
    • CWebApplication::SendErrorMailToAdmin() now returns true or false.
    • Added CWebsite::CreateImageDefaultFavicon() to render a default favicon
    • CWebsite::CallbackCreateImage() supports the creation of a default image with the id "favicon".
    • Added CWebsite::SetParam()
    • GetDomainStatus() has been improved. More strings are now being checked to determine the FORSALE status.
    • GetDomainStatus() now also requests the domain via https if no response is provided via http to determine the FORSALE status.
    • Webservice system/server protect command now reports the number of blocked IPs in trace output and as result values.
    • Added element countdown to support the jquery countdown feature.
    • Added generic output item COUNTDOWN to embedd the countdown element.
    • GetTime() now also considers the timezone if provided as the second parameter.
    • Module devtools/domaincheck now includes today's date in ISO format in the CSV export file name.
    • Rendering the sitemap.xml now also considers trace output.
    • MakeURL() can now deal with URLs that already have some parameters when adding parameters from the array.
    • The website scaffolds now contain a robots.txt that discourages indexing /css /js /fonts /images /videos folders.
    • The website scaffolds GetRootURL() functions now use the SERVER_NAME variable instead of the hard coded root URL to support multiple environments.
    • The website scaffolds GetEnvID() function now checks if the root URL starts with "dev." to identify a DEV environment.
  • Quality
    • CUnitTest::TestCase_CheckURL() can now also check the validity period of an SSL certificate.
    • CMonitoringUnitTest::TestCase_MonitorURL() by default warns if the the SSL certificate validity period ends within the next 21 days.
    • The new test google-analytics/googleanalyticsjs checks if the file google-analytics.js is found in the public js folder. This would not work since the google-analytics.js must be integrated as inline code since it requires preprocessing to replace the Google Analytics property id.
    • The tests security/cgivulnerability and security/htaccess have been modified to use full qualified URLs using the http protocol. This may be subject to change at some time later.
    • The test sourcefiles/unintendedfiles now checks for files left behind by Google Drive after failed sync.
    • The test sourcefiles/unintendedfolders now checks for folders left behind by Google Drive after failed sync.
    • Added the test wdk-url/makeurl to check the MakeURL() function.
  • Documentation
    • No Changes

Version 0.0.0.71

Baselined 2017-12-28
  • Security
    • No changes
  • Defects
    • In case the favicon.ico was retrieved, cookie data was retrieved and stored which could lead to a race condition in multi-step modules that make use of variables being stored in a session. This has been fixed.
    • Element 'form' with style 'horizontal' produced unintended output when using checkboxes. This has been fixed. This was a regression from the file format change for element config files to allow multiline values.
    • PrepareParameterArray() now handles parameters with array syntax like empty parameters instead of issuing a syntax error.
    • The tests wdk-array/arraysortbykeys and wdk-array/arraysort used the array compare operator == to determine if the sort order was correct. This could have produced false positive test results. This has been fixed by using ArrayStrictCompare() to compare expected with actual results.
    • IsValidURL() now also allows slashes to be used in the anchor part of the URL (as seen in google analytics URLs)
    • IsValidURL() now allows exclamation marks to be used in the anchor part
    • Module devtools/scaffolder tried to call undefined function CScaffolderModule::GetPreselectedScaffold(). This has been fixed.
    • When using the SESSION_MODE_SERVER_COOKIE together with CSRF protection logins may eventually get lost when using Chrome. This has been fixed. Chrome is very special (i.e. different from other browsers) when handling cookie data in subsequent requests following an initial page load. This has caused issues in the session handling and the csrf protection and made it necessary to create a mechanism to detect subsequent requests and ignore CSRF protection within these calls. This may not be the ideal solution but provides a fix to the issue in the first place.
  • Refactoring
    • Replaced deprecated pattern <script language="PHP">. Updated related tests.
    • Element layout config files do now support multi line values. All layout definition items must be prefixed by "LAYOUT_".
    • CWebsite::UserLogin() now checks if the session mode is server based and issues an error if not.
    • CWebsite::CallbackPreContent() and CWebsite::CallbackPostContent() no longer have to be implemented in derived classes.
  • New Features
    • CWebSite now supports the LOGO output item. By default it renders a link with the website title leading to the start page using the link element with style "logo".
    • CWebSite now supports the CTA output item. By default it is empty. The navigation element (when used with style "horizontalpath") contains the placeholder.
    • Documentation has been extended
    • Module devtools/scaffolder now supports the "preselectedscaffold" configuration parameter to control which scaffold the module should offer.
    • Module cms/wikipad now supports the config setting "viewonly" to deactivate the edit mode and the toolbar.
    • CDynamicWebSite now supports the "session_duration" configuration to set the duration of a user session.
    • Added CHARSET_WHITESPACE
    • CWebSite now checks for valid info, warning, and error parameters.
    • The reference design page now also contains lists and all header levels.
    • ArraySort() and ArraySortByKeys now also support optional callback compare functions. Corresponding tests wdk-array/arraysort-callback and wdk-array/arraysortbykeys-callback have been added.
    • CompareStringIgnoreHyphen() has been added to support string sorting that creates a natural order of strings in which hyphens are ignored.
    • Module devtools/domaincheck now displays the results in a more intutive order. Domains without and with hyphens are now ordered directly after each other.
    • CWebApplication::GetClientIP() now considers valid IPv4 addresses supplied via the "X-Forwarded-For" header.
    • In case of identified parameter errors, the parameters are also contained in the trace log (and hence the error mail).
    • CWebSite::RedirectAtOnce() now supports the optional strHeaders parameter to allow more html headers to be added.
    • ENTITY_STRINGLENGTH_MAX is now defined as 1048575 (1 MB - 1 byte)
    • Added new function GetVersionInfoMySQL() to retrieve the MySQL version
    • Added new functions CWebsite::GetData(), CWebsite::SetData(), CWebsite::GetAuthUserData() and CWebsite::SetAuthUserData() to encapsulate system/data webservice calls. These functions are now used by module cms/wikipad to store and retrieve data.
    • Added new functions CWebsite::IsSubsequentRequest(), CWebsite::CallbackIsSubsequentRequest() and CWebsite::SetSubsequentRequest().
    • Module devtools/httprequest now decompresses content if Content-Encoding is gzip and displays it properly.
    • The generic output item LINK now supports the "content" and the "style" parameter.
  • Quality
    • Test sourcefiles/deprecated now also checks for language="javascript". Refer to https://support.google.com/adwords/answer/1722021?hl=de
  • Documentation
    • Added the "about" article
    • More articles are in draft status

Version 0.0.0.70

Baselined 2017-03-28

Starting from this release WDK is licensed under the Apache License 2.0
  • Security
    • No changes
  • Defects
    • The entity entitlement was configured with an incorrect text ID in case there are no entitlements found. This has been fixed.
    • The Teaser element did not load the layout cfg file thus ignoring settings related to the link layout to be used. This has been fixed.
    • Element wiki did not render a single item list (* or #) if it directly followed a list of a different kind. This rare corner case has been considered now. Test wdk-element/wiki has been extended to cover this scenario.
    • HTML Definitions (dd-tag) was not indented in the bootstrap theme. This has been fixed.
    • Module user/userpassword produced an error if a non-compliant password was entered. This has been fixed.
    • Module user/signin produced an error if a non-compliant password was entered. This has been fixed.
    • Alignment of radio buttons was not correct in default form layout. This has been fixed.
    • In the scaffolder for dynamic websites the website's member variable m_moduleSigninOneStep was not declared properly. This has been fixed.
    • Server and client side SetCookie / DeleteCookie functions were not consistent as the client side did not consider the path parameter. This resulted in a fail to delete a cookie via JavaScript SetCookie() function. This has been fixed.
    • Under some circumstances requesting the root URL of a website resulted in an error page in Chrome. This has been fixed. Chrome sends stored cookie data when requesting the favicon.ico. Other browser do not do that. If the seourl feature is activated an there is no favicon.ico file in the document root and the session data is stored directly in a cookie, the term favicon.ico was interpreted as the seourl parameter which resulted in an unsuccessful attempt to load the content with the id "favicon.ico" which did not work either. When "favicon.ico" is supplied in the sourl parameter, it will be ignored.
    • Module cms/newsarticlebrowser did not load the newsarticle element properly and produced an error. This has been fixed.
    • The module cms/articleeditor is far from being complete. Currently only the article view is supported. But it does no longer produce error when used.
    • The generic output item URL did not transport the language parameter properly. This caused URLs being created that did not consider the language parameter properly. This has been fixed.
  • Refactoring
    • StringXMLEntities() now uses preg_replace_callback() instead of the deprecated /e modifier.
    • Module cms/signout now displays errors and success messages within its own layout and no longer uses the global message stack. This allows for more flexibility in designing the different outcomes.
    • wdk-sleep.js has been removed. The JavaScript helper function Sleep() is now in wdk.js
    • wdk-cookies.js has been removed. The Cookie related JavaScript helper functions are now in wdk.js
    • Colors in the scaffolded websites have been changed to variants of blue. It looks nicer now.
    • The bootstrap distribution is now in the 3rdparty subfolder
  • New Features
    • Introduced the download token feature. A download token is a cookie named "downloadtoken" that is being sent when the a file for download is being returned in a http request. As soon as this cookie is set, a client side JavaScript can determine that the downloading of a previously requested file just started and the browser is displaying the file save dialog. This is used to turn on a progress indicator within a download button (the submit button of a form) and stop the progress indicator as soon as the actual download starts.
    • Introcduced wdk.js as the new place for general JavaScript helper functions delivered with WDK
    • Added CWebsite::ActivateGoogleConversionTracking() to add code that sends a tracking signal to Google Adsense. The conversion ID and the label must be provided.
    • Added CModule::GetFinalState() to return the state ID that was finally used by RenderModule(). Note: this does not necessarily be the internal current state of the module. Use GetFinalState() to determine which state was actually rendered.
    • Added the "onecolumn" style for the form element. As the name suggests, the form is displayed in one column with all labels and controls in separate lines.
    • Module cms/wikipad now supports user specific storage of data. Use the config setting "userspecific" to store the data using the currently logged in user context.
    • Module cms/wikipad now uses the "onecolumn" form style for its editing view
    • Module cms/wikipad: The button to save changes now reads "Save" instead of "Change".
    • Added standard bootstrap "jumbotron" layout for the Teaser element
    • Buttons in the default form layout are now right aligned (not left aligned as before)
    • Added CWebApplication::GetRequestMethod() which either returns "get" or "post" depending on what was used.
    • Added functions GetDeviceType() and IsDevice*() in wdk_devices.inc.
    • Submit buttons in form now display a spinning icon once clicked. Search for "progressindicator" to see how it works.
    • Added JavaScript helper functions Trace() and SetTraceActive()
    • Added JavaScript helper function GetAllCookies()
    • Added CWebsite::GetRootPath() function to retrieve the root path of the website. It is used when setting and deleting cookies both on the server and client side.
    • Added the output item "WDK" to enable the use of a marketing name for WDK e.g. "SteelPHP"
    • Added the output item SCAFFOLDER_URL to enable the use of different scaffolder URLs in online documentation
  • Quality
    • Added tests to verify GetDeviceType() and IsDevice*() functions
    • Added test to verify the URL generic output item
  • Documentation
    • Added glossary
    • Changed wording from "webservice" to "web service" in documentation
    • Added navigation structure for documentation articles that are yet to come

Version 0.0.0.69

Baselined 2017-01-24
  • Refactoring
    • The webservice system/server protect command now issues different event names. The "SERVER_" prefix has been removed.
  • Quality
    • The unit test wdk-ip/gethostnamefromip used a Google owned IP address to demonstrate the reverse lookup. On 2017-01-23 Google changed the server's behaviour and deactivated the reverse lookup. So the test started to fail. Now an IP address resolving to www.denic.de is used.

Version 0.0.0.68

Baselined 2017-01-22
  • Security
    • No changes
  • Defects
    • Using the PORTFOLIO generic output item caused an error - although the feature itself worked. This has been fixed.
    • A defect in the w3cValidateURL() function caused the agent header not to be sent properly to the w3c validator website. Due to a change released on 2016-12-05 this hidden defect started to cause issues with the validator. This has been fixed.
  • Refactoring
    • WDK now follows its own version schema. There are no "Revisions" any more. Just versions. It starts with this version 0.0.0.68.
    • Webservices contained in WDK no longer have their own version history in the online help text. All changes will be tracked here.
    • Webservices contained in WDK will always derive their version from the WDK version - even though the specific webservices may still be fully compatible to its predecessor.
    • Module devtools/hostcheck does no longer display the bash commands to block the corresponding IP address.
  • New Features
    • Added the "protect" command in the system/server webservice. To start with it supports the "mailserver" protection feature which scans for failed login attempts and blocks originating IP addresses. Use this config setting to activate the feature: protect/mailserver/active. Use protect/mailserver/mailwarnfilepath to define where the mail.warn file can be found.
    • Added function GetVersionInfoWDK() in wdk.inc which is included in wdk_webapplication.inc. The WDK now has an official requestable source for its version.
    • Constants WDK_VERSION and WDK_VERSION_DATE are defined in wdk.inc
    • Added function CWebApplication::TraceVersionWDK()
    • Websites and Webservices display the WDK version information in trace output
    • Added function SudoShellExecute() as a wrapper for ShellExecute using "sudo".
    • Added IPTables*() functions as a wrapper for iptables. Requires /sbin/iptables to be added to the file /etc/sudoers.d/wdk. Handle with care!
    • Added generic output item LINK to create a LINK element in content areas. A corresponding test has been added, too.
    • Added default layout framework "fullwidth" which comes without the left hand menu. This is only suitable for websites with one one menu level as long as no other navigation options are provided.
  • Quality
    • Test case server has been changed. The threshold for the mail log file is now 3.6 MB.
    • Added test wdk-genericoutputitems/portfolio to check if the generic output item function works properly.

Revision 67

Baselined 2016-11-11
  • Security
    • As a response to CVE-2016-6304 (OpenSSL) the test secruity/openssl and CMonitoringUnitTest::TestCase_Server() check for OpenSSL build date to be later than 2016-09-22.
  • Defects
    • Module cms/articlemanager did not include all required elements which caused the module to fail when rendered. This has been fixed.
    • IsValidURL() now considers URLs containing the equal sign in the path as valid URLs - which enables some Amazon product links that did not work before.
    • Replaced the term "imprint" by "About this website"
    • Module user/signin did not load the password policy element and hence failed. This has been fixed.
    • The dynamic website scaffolder had a bug that prevented the sign-in process properly. The disclaimer was processed before the signin parameter. This has been fixed.
  • Refactoring
    • The constants CHARSET_ALPHALOWERCASE, CHARSET_ALPHAUPPERCASE, CHARSET_ALPHANUMERICUPPERCASE and CHARSET_ALPHANUMERICLOWERCASE have been renamed to CHARSET_ALPHA_LOWERCASE, CHARSET_ALPHA_UPPERCASE, CHARSET_ALPHANUMERIC_UPPERCASE and CHARSET_ALPHANUMERICLOWERCASE.
  • New Features
    • MakeSQL_Helper_ConditionalExpression() now supports the IN operator. The condition may now contain the element "values" which transforms into a list of comma separated values or assignments. MakeSQL_Helper_Assignments() has been extended to support comma separated value lists, too.
    • CDatabaseEntityWebservice now supports the IN operator in the list command.
    • The constants CHARSET_SPECIAL, CHARSET_LINEBREAK, CHARSET_SPECIALALPHA_GERMAN_LOWERCASE, CHARSET_SPECIALALPHA_GERMAN_UPPERCASECASE and CHARSET_SPECIALALPHA_GERMAN have been added.
    • CWebApplication::IsCacheActive() returns if cache functions are enabled or not. CWebApplication::SetCacheActive() sets if cache functions should be active.
    • In CWebApplication The config setting "cache_deactivate" controls if cache functions should be disabled.
    • CWebService and CWebSite now support the parameter "nocache" by default. If set the cache functions are disabled for this request only.
    • In CWebSite the config setting "cache_allow_nocache" controls if the "nocache" parameter can be used. By default this option is not available.
    • Added CWebApplication::GetBasicAuthPassword() and CWebApplication::GetBasicAuthUser()
    • Added Basic-Auth support. Set the config setting "basicauth" to true to activate basic authentication. Added functions CWebApplication::BasicAuth(), CWebApplication::CallbackBasicAuth(), CWebApplication::CallbackBasicAuthGetText(), CWebApplication::CallbackBasicAuthRenderSuccess() and CWebApplication::CallbackBasicAuthRenderFailed()
  • Quality
    • Added test webservice-demo-databasedemo/list to check list "in" operator.
    • Added test language/english to track common mistakes in copy text and translations such as "imprint" as the translation for the German "Impressum".

Revision 66

Baselined 2016-07-23

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • As a response to CVE-2016-5385 (PHP) and CVE-2016-5387 (Apache) the test security/httpoxy was added. The .htaccess file contained in website scaffolds now contains an apache configuration statement to drop a "proxy" header contained in a request.
    • CMonitoringUnitTest::TestCase_Server() - OpenSSL is now required to be built on May 2nd 2016 or later to fix the vulnerability to CVE-2016-2107.
  • Defects
    • Scaffolder feature/entity: The module did not include the format element. This has been fixed.
    • Scaffolder website/dynamic: the test.png image was missing in the testwebsite
    • CEntityManagerModule: The selection of manual sort order buttons was defective if more than one page was displayed in the list. This has been corrected.
    • The layout of the sort order buttons was defective. The currently active sort option icon and the corresponding sort order icon link were too close to each other. This has been fixed.
    • LoadNamedArrayFromTextFile() and SaveNamedArrayToTextFile() now prevent error messages in the output buffer when opening files using the CErrorAmnesty class.
    • IsFile() now prevents error messages in the output buffer when checking if the file exists using the CErrorAmnesty class.
    • HttpRequest() is now sending headers in the request. This was not the case.
    • Module devtools/httprequest is now really sending http headers in the request. This feature was deactivated for unknown reasons.
  • Refactoring
    • GetVersionInfo*() functions are now consistent regarding their return value. Tests that use these functions have been updated.
    • Webservice system/server command "info" now uses the GetVersionInfo*() function return value structure in its output. So expect incompatibilities here!
    • The SESSION_WRITE_FAILED event is now considered a WARNING (not an ERROR anymore)
    • CMessageElement is now included in CWebsite by default.
    • The function IsFeatureDisabled() is replaced by IsFeatureActive() and the opposite meaning. IsFeatureDisabled() is now deprecated.
    • CWebsite now emits an error if the supplied root URL is empty.
    • CWebsite::SetCookie() and CWebsite::DeleteCookie() now use CWebsite::GetRootURL() instead of GetRootURL().
  • New Features
    • Added the CExampleElement to mark examples of something.
    • Module devtools/elementgallery is now using the example element when rendering an element's demo code.
    • Added function CWebservice::SetParam()
    • CEntityManagerModule now supports select type filters based on the "selectfromwebservice" configuration.
    • ParseVersion() now returns the "PACKAGE" version part (the part separated by a dash).
    • CompareVersion() now considers the "PACKAGE" version part.
    • Added CompareString() function to compare strings ignoring case.
    • Added CWebService::GetFormat() to get the selected webservice rendering format.
  • Quality
    • Test sourcefiles/deprecated has been extended to detect ElementInclude() statements for elements already included in CWebsite
    • Added test php/operator-logicalor to check if the non-intutive short curcuit behaviour of the || operator remains unchanged.
    • CWebsite::RenderContent() now checks if CallbackGetRequiredConditionsForContent() returns a valid array and produces an error if not.

Revision 65

Baselined 2016-03-28

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • In response to CVE-2015-7547 the function GetVersionInfoGlibc() has been added, the webservice system/server info command has been extended to expose glic version information, and CMonitoringUnitTest::TestCase_Server() has been updated to fail if an outdated vulnerable library version is found.
  • Defects
    • GetWhoisRecords() used flush(). This hindered CWebsite::SetCookies() to work properly. This has been fixed.
    • CWebsite::SetCookie did not provide the domain name and path properly - this may cause cookies to be interchanged between different applications in different subfolders on one domain. This has been fixed.
    • The sitemap.xml no longer contains navigation items that are not condition compliant.
    • Forms no longer have a role attribute.
    • Module crm/contact used html entities in the name value when sending the contact mail. This has been fixed.
    • Generic output item PORTFOLIO did not support external links properly. If "false" was set as the attribute value it was interpreted as true. This has been fixed.
  • Refactoring
    • WARNING: Elements now have to be included explicitly using CWebsite::IncludeElement() - this reduces the amount of included code significantly. This may cause existing module code inoperational!
    • WARNING: CPortfolioElement expects lowercase key names in the portfolio array containing the data for the individual teasers.
    • Element source files are now placed in the assembly's elements folder instead of an additional subfolder.
    • All element demo code source files have been moved to the elements folder. The element gallery module's capability to load democode from its own module folder has been removed.
    • CWebsite::AddJavaScript() now no longer accepts the source code parameter.
    • CWebsite::AddJavaScriptSourceCode() was added to add java script source code directly (instead of using the CWebsite::AddJavaScript() function).
    • CWebsite::AddJavaScriptURL() has been added to include external java script URLs explicitly.
    • CWebsite::AddJavaScriptFilePath() has been added to include java script files explicitly.
    • CWebsite::AddStyleSheet() now no longer accepts the source code parameter.
    • CWebsite::AddStyleSheetSourceCode() was added to add css source code directly (instead of using the CWebsite::AddStyleSheet() function).
    • CWebsite::AddStyleSheetURL() has been added to include external css via URLs explicitly.
    • CWebsite::AddStyleSheetFilePath() has been added to include css files explicitly.
    • CHARSET_FILEPATH now also includes the @-character.
    • CWebsite::CallbackCondition() now checks for privileges instead of CWebsite::CheckCondition() - this means that a condition can now be returned as false by a derived version of CallbackCondition even if the privilege is set.
    • CModule::CallbackInit() no longer causes an error when called. It is now intended that the parent::CallbackInit() function is called!
    • Replaced array_merge() by ArrayMerge().
  • New Features
    • Added CGoogleMapsElement
    • Assembly and assembly line classes now support GetElementDemoCodeFilePath() to retrieve element demo (as used in the Element Gallery module) from assemblies.
    • Assembly and assembly line classes now support GetElementLayoutJavaScriptFilePath() to retrieve element layout specific java script files from assemblies.
    • The test sourcefiles/debugdebris now also checks for calls to flush() in order to avoid headers being sent before time.
    • Added CWebsite::SetLayoutConfigItem(), CWebsite::GetLayoutConfigItem(), CWebsite::SetLayoutConfigItems(), and GetAllLayoutConfigItems() to manage a tag value array of config specific "output item" like values specific for layout purposes. These values should also be used to control layout details depending on functions or content.
    • Added class CBootstrapThemeLayout in addition to CBootstrapLayout to differenciate layouts based on pure bootstrap and those which use the bootstrap theme css stack on top.
    • The position of the trace output can now be explicitly controlled by using the output item in the framework layout.
    • Module crm/contact now offers to enter the message first, then all contact details. If the text field should be at the bottom use config "text_bottom".
    • Module crm/contact now allows to hide the salutation, company, and phone form fields by config (e.g. by setting "salutation_hide" to true).
    • Module crm/contact now displays input errors directly at the form values.
    • Module crm/contact sends improved messages to the recipient that can be forwarded.
    • Module crm/contact can now be configured which target contact "email" is to be used. If not configured explicitly it uses CWebsite::GetSiteTeamEmail().
    • Added element "button" with styles "calltoaction" and "calltoaction-small".
    • Font files are now fully supported. Font files can be loaded from assemblies or the /fonts folder directly.
    • Added CWebsite::RestoreScrollPosition() and CWebsite::RememberScrollPosition() in addition to MaintainScrollPosition() to control explicitly whether the scroll position is remembered and/or restored.
    • CWebsite::SetCondition() can now be used to set conditions explicitly as an alternative to handling the call by overloading ::CallbackCheckCondition().
    • The portfolio element can now be integrated as a generic output item ("PORTFOLIO").
    • The portfolio element now also support image teasers.
    • Add CNavigationTree::FilterItemsForSitemap() to prepare a navigation tree to be used for a publicly visible sitemap. Items this are not supposed to be visible and items the only consist of an anchor URL are filtered.
    • The framework layout now includes the and Copyright © 2005-2024 by Sascha Wildgrube output items by default. CWebsite initialized Copyright © 2005-2024 by Sascha Wildgrube with "Copyright © 2005-2024 by Sascha Wildgrube" and with an empty string.
    • CWebsite::CheckCondition() now supports inverted checks if the condition name is prefixed by "!".
    • CWebsite: Generic output items "PORTFOLIO" and "CAROUSSEL" now support up to 20 elements.
    • Module devtools/elementgallery now enumerates all available elements and displays a description text if it is available.
    • Added CAssembly::EnumerateElements() to retrieve a list of all elements contained in the assembly.
    • Added CAssemblyLine::EnumerateElements() to retrieve a list of all elements contained in all assemblies.
    • Added CFaceBookShareElement, CXingShareElement, and CLinkedinShareElement to embedd share buttons to a website.
    • Added CWebsite::SetBodyItem(), CWebsite::GetBodyItem(), CWebsite::SetBodyItems(), and CWebsite::GetAllBodyItems() to add output items that are added directly before the closing body tag if it exists.
    • Added CWebsite::ActiveFacebookSDK() to support the Facebook API. The function is used by CFacebookShareElement.
  • Quality
    • The w3c changed the w3c validation check website on 2015-07-22. The w3cInterpretResponse() function has been adapted to interpret the new response.
    • The test outputvalidation/w3cvalidate now displays the validator URL in the test output.
    • Added test wdk-javascript/javascript to check if the java script inclusion works properly.
    • Tests wdk-website/genericoutputitem-portfolio and wdk-element/element-portfolio have been added.
    • Added test wdk-elements/linkicon

Revision 64

Baselined 2015-06-28

  • Defects
    • CAssembly::Make*LayoutFilePath() functions did yield the correct file names if the layout parameter was empty. This caused fatal errors in case css, inc, framework, and cfg layout files of a specific layout were not present.
  • New Features
    • WDK now uses Bootstrap Theme as its default layout. The bootstrap 3.3.5 distribution files are now part of the WDK package. A scaffolded website uses the bootstrap theme by default.
    • The new class CLayout contains all implementations that are specific to a layout. If no CMyLayout class is provided, CLayout is used as a fallback. The default layout class in WDK is derived from CBootstrapLayout.
    • Added CSeparatorElement class which can be used to separate to areas on a page. By default it simply draws an hr tag.
    • Added CCarouselElement class which implements a full blown carousel.
    • The generic output item CAROUSEL can be used to embedd a coursel on content pages.
    • CCollectionElement now supports the console and separator elements, and offers to add a section of raw data.

Revision 63

Baselined 2015-06-21
  • Defects
    • Module system/usermanager did not handle input errors properly. This has been fixed.
  • Refactoring
    • CUnitTestRecursiveFileCheck::CheckSourceDirectories() is now only checking the source, webservices, install, and quality folders, and if separate the WDK directory explicitly.
  • New Features
    • Webservice now support html as a rendering format. The output are recursive HTML tables containing the result of the webservice - human readable and fit to be parsed.
    • CWebsite::CallbackGetRequiredConditionsForContent() can now be overloaded to define which conditions have to be set in order to access a content to be loaded. This implements the same logic that can also be implemented within a CContent derivaed class but on a global level.

Revision 62

Baselined 2015-06-16

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • CUnitTest::TestCase_Server() now demands openssl to be built on or after 2015-06-11 due to a fix to the LOGJAM vulnerability.
  • Defects
    • Module system/testmanager now displays the actual remaining number of tests to be executed.
    • The wiki element did not render correctly and produced notices if table syntax was used incorrectly. This has been fixed.
    • Layout of blog articles now has a div with style clear:both at the end of the text section to make sure images do not hover into the next article.
    • CUnitTest::TestCase_Domain() now correctly checks for the redirection domain.
    • The content php file assumed to contain the definiton of the CMyContent class is now included using require_once. Before this was done by using include which produced an erratic error under unknown conditions.
  • Refactoring
    • WARNING: Config setting "tidwarning" has been renamed to "check_unresolvedtid".
    • WARNING: Config setting "unintendedoutputcheck_defuse" has been renamed to "check_unintendedoutput_defuse".
    • WARNING: class CUnitTest no longer contains TestCase_* functions. The functions are now members of the new abstract class CMonitoringUnitTest.
    • WARNING: CMonitoringUnitTest::TextCase_Domain() can now handle both www and non-www variants of a domain. This interface has changed!
    • CWebsite::RenderGenericOutputItems() has been optimized significantly. However there is still room for improvement.
  • New Features
    • Config setting "check_invalidtid" has been added to control if loaded text IDs should be checked for validity.

Revision 61

Baselined 2015-06-09

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Defects
    • Module system/testmanager did not consider configured filters when executing all, failed, or all local tests via the toolbar. This has been fixed.
    • CEntityManagerModule::StateModifySubmit() did not invoke CallbackPrepareInputValues(). This caused some input not to be prepared properly for subsequent input checks and produced false errors for valid input. This has been fixed.
    • CEntityManagerModule::CallbackCheckInputValues() did not handle date values properly. This has been fixed.
    • Test sourcefiles/debugdebris did not detect various patterns properly. This has been fixed.
  • Refactoring
    • Changed the interface of CWebsite::CallbackPrepareMakeURL(): The URL is now returned instead of passed back by reference.
    • Changed the interface of CEntityManagerModule::CallbackCheckInputValues(). It is no longer responsible to prepare input values. The array of errors is now returned instead of passed back by reference.
    • Changed the interface of CEntityManagerModule::CallbackPrepareItemDataExport(). The modified item array is now returned instead of passed back by reference.
    • Changed the interface of CEntityManagerModule::CallbackPrepareItemDataImport(). The modified item array is now returned instead of passed back by reference.
    • Added CEntityManagerModule::CallbackPrepareInputValues() to convert user provided values into standardized values.
    • The layout parameter is now always removed from URLs if only one layout is available.
  • New Features
    • Webservice system/test can now be configured to exlude specific tests (in addition to assembles and groups)
    • The RewriteRule creating the seourl parameter now also considers blanks and plus characters in the URL. The new website scaffolder files have been updated accordingly.
    • Module system/webservicemanager can now handle the case that no system/test webservice has been configured and displays a warning in the "Test" section instead of displayed an unknown error.
  • Quality
    • Test environment/errorlog now fails if GetErrorLogFile() provides a path to a file thatcannot be read.

Revision 60

Baselined 2015-05-20

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • The shellshock test has been extended to cover almost all known exploits.
    • Added a test to detect the poodle vulnerability.
    • Added a test to detect the freak vulnerability in openssl.
    • Added a test to check if php version is 5.4.34 or above.
  • Defects
    • GetDomainStatus() now detects domains as taken even if there are no DNS settings.
    • Forbidden files are now handled properly. The Action directive in the .htaccess file led to an invalid TID when trying to derive the error text from the error parameter.
    • Attempts were made to write data to a session although it has knowingly been deleted already. This led to error emails being sent. This has been fixed.
    • Webservice using the printr format produced an error log entry due to a minor syntax error. This has been fixed.
    • MakeSQL() did not consider numerical values in conditional expressions correctly. The number 0 was not treated correctly. This has been fixed.
    • URLs were not considered valid by IsValidURL() if the anchor part contained the = character
    • GetHostNameFromIP() now returns the actual host name of the localhost - not just the name of the host by which it is known in the local area network - this compensates a weakness in php's gethostbyaddr().
    • Webservice system/scheduler used SystemLog() incorrectly when adding a job and caused errors. This regression was introduced in revision 48.
    • When including a sub menu the conditions were not considered. This has been fixed.
    • Removed "word-break: break-all" style from the default table cell.
    • CWebserviceDatabaseEntity did not return empty float, integer, and numericid values as empty strings if "zerounset" is true for the corresponding attribute. This has been fixed.
    • GetDomainStatus() now works correctly for .ch domains without DNS records.
    • Entity attributes of type float without a proper max value were created with only one decimal digit instead of assuming the highest possible float value. The entity definition check now objects if max values are equal or below the min value. So max or min values must be specified explicitly.
    • CTabNavigationElement ignored the use of LAYOUT_TABNAVIGATION_STYLE_ACTIVE in the layout definition. This has been fixed.
  • Refactoring
    • CLocalResources::LoadString() now accepts its parameters in reverse order and is now compatible to CWebSite::LoadString().
    • CLocalResources::LoadString() now returns false if no resources are loaded yet or if an invalid TID is given
    • CEntityManagerModule::CallbackPrepareItemDataList() has been changed. Parameters $strSortOption and $strSortOrder have been added. Check your implementation.
    • CToolbarElement has been refactored. Instead of making use of CLinkIconElement and CLinkElement, the actual a-tag is part of the layout definition of the toolbar itself. This was necessary to render bootstrap like toolbars.
    • CWebsite::CallbackRenderImage() has been renamed to CallbackCreateImage(). This may render existing code incompatible!
    • HttpRequest() now accepts strings and arrays for parameters. If a string is given and the request is a POST request the string is used as is.
    • RegExpMatch() now uses preg_match instead of mb_ereg(i)(). This means that real regular expression pattern strings must be used (including preceeding and terminating qualifiers e.g. '/' or '^')
    • RegExpReplace() now uses preg_replace instead of mb_ereg(i)_replace(). This means that real regular expression pattern strings must be used (including preceeding and terminating qualifiers e.g. '/' or '^')
    • CWebsite::UserPostCreation() and CWebsite::CallbackUserPostCreation() have been removed. The new functions CWebsite::UserSignin() and CWebsite::CallbackUserSignin() are now responsible to setup a user as a whole. These functions are used by module user/signin, user/signinonestep, and system/usermanager.
    • SendMail(), GetAdminMail(), SendMailToAdmin(), and SendErrorMailToAdmin() are now implemented in class CWebApplication.
    • The text ids for the domain status are now contained in a separate res file: res_domainstatus_en.txt
    • SendMailToAdmin() and SendErrorMailToAdmin() has been replaced by SystemEvent() at several places. The email functions are used in cases of configuration or database related problems - the cases in which one may expect that SystemEvent() may not work, too.
    • Webservice system/test now returns the test status history from latest to oldest by default.
    • CWebsite::AddHeaderRefresh() has been renamed to CWebsite::Redirect()
    • Config setting "phpwarning" has been deprecated and replaced by "unintendedoutputcheck". The function CWebApplication::UnintendedOutputCheck() has been added is is now used by both web sites and web services.
    • Content "cms-newsadmin" has been renamed to "cms-newseditor" and the corresponding privilege has been renamed to "newseditor".
    • CElement::m_strLayoutHTML and CElement::m_strStyleID are now declared as private and can no longer be accessed directly. CElement::GetLayoutHTML() must be used instead.
    • Entity attributes using the foreignkey property must no longer specify max, min, maxlen, or minlen.
    • CParameterDefinition::AddParameterDefinition() and all related functions now return false if the same parameter is added twice with different definitions. This is used by CDatabaseEntityWebService to emit an IMPLEMENTATION error if multiple entities with conflicting attribute definitions are used.
    • CEntityManagerModule: Textarea edit fields are now 12 instead of 8 lines.
  • New Features
    • Added module cms/blog
    • CEntityManagerModule now supports so-called context filters. Context filters are preconfigured filter settings for attributes. If set all views are limited to those items that match these filters. New items are preset to these values. Import and export is deactivated.
    • CEntityManagerModule::CallbackPrepareSelectOptions() may not return empty arrays for required attributes. This will now results in controlled error handling. This allows to feedback an error to the user if a new entity item should be created that has a n-1 relationship to another entity where no items are available yet.
    • The function IsFeatureDisabled() can now be used at any place to check if the requested feature is explicitly disabled. If the function is not implemented within the application the function will be created and will always return false.
    • GetDomainStatusArray() returns all possible domain status options.
    • Added ArrayCount() as a type-safe wrapper for count(). count() has been replaced throughout wdk source code.
    • Added GetVersionInfoApache() to get the apache version installed on a server.
    • Webservice system/server: The "info" command now also delivers the apache version.
    • Added funtion ParseHttpResponseEx() to parse the response of an http request in more detail (it will return a link list, set cookies, and form data)
    • Module devtools/httprequest was added to execute http requests and display the response (it makes use of the ParseHttpResponseEx() function).
    • Added function StringExplodeKeyValueList() to convert a multi-line string with key value pairs into an associated array.
    • Added support for CallbackRenderGenericOutputItem() in assemblies. Asselblies can now implement their own handlers for generic output items.
    • Added wdk_version.inc with function ParseVersion() which convers a version string (e.g. "1.0.1.34") into an array.
    • CUnitTest::TestCase_Server() now also checks for a secure php version.
    • CUnitTest::TestCase_Server() also checks for the PTR record if requested.
    • CUnitTest::TestCase_Domain() now checks if the domain is NOT a mail domain and fails if the domain has an MX record.
    • Added crm/newsletter module to collect email addresses from visitors.
    • CWebsite now checks for unintended output (e.g. caused by php notices, warning, or errors) and triggers a system event (severity is warning).
    • CWebsite now supports the "fallbacklanguage" configuration. If set, resources are for the configured fallback language if no resource file for the current language is not found.
    • Added ArrayUnique() as a wrapper for array_unique().
    • Added RegExpMatchMultiple() as wrapper for preg_match_all().
    • Added function MakeHexToken()
    • Added function ActivateGoogleAnalytics() to activate Google Analytics on the website using the given tracking id.
    • Added function CWebApplication::GetUserAgent() - should be self-explaining
    • Added function GetStringValue() to get a string value in all cases. Use it for coversion. The function will only return non-empty string in unambiguous cases (i.e. not for arrays). In order to render any value as a string use RenderValue().
    • Added function DetectBot in wdk_bot.inc to help identifying bot visits to a site. This feature may impact performance so handle with care.
    • CWebsite::PrepareHeader() now adds the msapplication-config header by default to prevent IE from requesting the browserconfig.xml file
    • The hostcheck module now also displays the dns reverse lookup host name for a domain.
    • Add GetVAT() function to retrieve VAT rates depending on country, area, point in time, in CPC based product categories. Added vat.csv and cpc.csv to the data folder.
    • Entity attributes now support the "hidenooption" setting. If set to true a selection dropdown is not shown if there is only one option to be selected.
    • If CWebApplication::Debug() is used, the trace output is activated automatically in all cases.
    • Added ArrayGetValueByPosition() to get a value at a specific position (not key) from an array.
    • MakeID() now also takes arrays and transforms them into string IDs.
    • Entities and entity attributes can now use the "textarealines" property to control how many lines the corresponding text area control should have. This can be done on entity level and per attribute. Per attribute settings override the per entity setting.
    • Module system/testmanager now executes all, local, or failed tests by executing one test, refreshing, and then executing the next one.
    • Test_CheckDomain() now also checks if there is NO SPF record if the domain is NOT a mail domain.
    • Added CompareVersion() and a corresponding test
    • Added CompareInteger() and a corresponding test
  • Quality
    • Added a test for IsValidHostName()

Revision 59

Baselined 2014-10-04

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Refactoring
    • SESSION_MODE_* has been renamed to SESSION_MODE_SERVER_* - so check your configuration!
  • New Features
    • Added new session mode: SESSION_MODE_LOCAL_COOKIE. This mode stores all variables directly into the cookie. The mode should be used for applications without database backend which have some need to transport non-confidential state information from one page to another.
    • Added wdk.js to contain general purpose javascript code. SetCookie() and GetCookie() to start with.
    • Added CWebsite::MaintainScrollPosition() to recover the vertical scroll position after a page reload or refresh. Uses wdk-maintainscrollposition.js.

Revision 58

Baselined 2014-10-02
  • Refactoring
    • The csv format "excel" has been adapted to the latest Microsoft Office generation which finally accepted csv according to RFC 4180. Use "excellegacy" as a format identifier to support Excel versions prior to 2013.
  • New Features
    • The new module devtools/domaincheck helps to check the availability of many domain names within many top level domains easily.
    • Added support for the DOWNLOADURL generic output item. The generic output item creates a URL to the website which loads a file directly from an assembly (so it does not have to be in the /download dir under the website's root directory).
    • Introduced the YOUTUBE generic output item
    • Added element CYouTubeElement to embedd videos hosted by youtube.com
    • Added support for the YOUTUBE generic output item to use the CYouTubeElement more easily
    • Module system/sessionmanager now allows to actually view the session details and the data contained in the session.
    • The new config option "tidconfig" controls if CWebsite checks for unresolved TID tags in the output. If a tag is found, a mail is sent to the admin.
    • Added function ArraySortByKeys() as a wrapper for ksort()
    • Added CWebsite::MakeCSV() which creates a CSV table according to the "csvformat" configuration setting.
    • Added GetDomainStatus() which returns a string indicating the availability of a domain ("FREE","FORSALE","TAKEN").
  • Quality
    • Added test wdk-element/table

Revision 57

Baselined 2014-09-21

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Defects
    • URLs containing bracets ("(" and ")") or percent signs ("%") were not considered valid URLs. This has been fixed.
    • Requesting static images was defective. This has been fixed.
    • ArrayReverse() now checks if the input parameter is really an array.
    • RenderValue() erroneously used ArrayPrint() instead of ArrayRender(), this caused PHP Notices in several unit test scripts.
    • ReadDirectory() created PHP errors when used with directories protected by the base dir restriction. This has been fixed. Now it just returns false.
    • The entity scaffolder had several defects regarding text IDs and the included basic test script which have been fixed.
  • Refactoring
    • WDK now uses the mysqli extention instead of the deprecated mysql extention.
    • Renamed all MakeSQL_* helper functions (those which do only create fractions of SQL queries or SQL statement definition arrays) to MakeSQL_Helper_*.
    • CWebsite::GetImageURL() has been renamed to GetImageRootURL()
    • urlencode() is no longer used directly. StringURLEncode() is always used.
    • StringExplode() now also trims the string before splitting it into the array. This means that if new line is the separator, empty lines at the beginning and the end are skipped.
    • Within CEntityManagerModule the generic attribute called "index" is renamed to "INDEX". The naming convention is: All defined attributes of the entity are lowercase. All generic or generated attributes ("INDEX" and "TASKS") are uppercase.
  • New Features
    • GetErrorLogFile() function added to env.inc to specify the location of the vhost's error_log file.
    • HttpRequest() now supports HTTP headers to be sent. WARNING: Function interface has changed!
    • CUnitTest::TestCase_MonitorURL() and CUnitTest::TestCase_CheckURL() now support HTTP Headers. WARNING: Function interfaces have changed!
    • Layout options are now checked via Cwebsite::CallbackGetSupportedLayouts() which by default uses the config "layout".
    • Added functions ArrayCheckKeysByWhiteList() and ArrayRenderList()
    • CWebsite::GetStaticImagePath() now also supports jpg - this means that the image command will find a jpg image based on the given imageid parameter.
    • HttpRequest() now supports the "Accept-Encoding" header explicitly
    • CUnitTest::TestCase_CheckURL() now supports binary safe comparison with white list and blacklist patterns
    • Added new function CWebsite::GetDownloadRootURL()
    • Webservice system/server now also returns the number of core dump files if possible.
    • GetMimeTypeFromPath() returns a mime type based on the extension of a file.
    • Added Debug() method to CTraceLog, CWebApplication, and CWebsiteSatellite. The function can be used like Trace() or TraceArray() but the sourcefiles/debugdebris test will fail so that the function calls are removed when no longer needed.
    • CEntityManagerModule: The list view can now be configured to offer a refresh button in the list or view states.
  • Quality
    • The test group "htmlvalidation" has been renamed to "outputvalidation". The test "w3cvalidate" has been reactivated.
    • The test sourcefiles/unintendedfiles now also checks for unwanted copies left by Dropbox.
    • Added a test for StringURLEncode()
    • Added a test for RenderValue()
    • The test "environment/errorlog" is added to check if the error log file contains PHP notices, warnings, or errors.
    • The test "environment/server-status" now also checks for core dump files.
    • Test "wdk-filesys/readdirectory" now also considers "/" (which should not be accessible due to the base dir restriction)

Revision 56

Baselined 2014-07-10

WARNING: This WDK version requires PHP 5.4.x
  • Defects
    • TID_NAVIGATION_MORE was missing. Has been added.
    • When editing an entity, labels of visible read-only attributes were not displayed correctly.
    • MakeSQL_EscapeString() now also does UTF8 conversion.
  • Refactoring
    • CWebserviceDatabaseEntity::GetGenericCommandAndEntity() helps to find out which command fits to which entity and generic command.
    • Renamed function MakeSQL_RealEscapeString() to MakeSQL_EscapeString()
  • New Features
    • Webservices now supports the output format "jsonpretty" (which requires php 5.4)
    • Webservices now support the "csv" format which returns a pure 2 dimensional result list
    • CWebservice::CallbackGetDefaultCsvPath() can be used to define the default tag that should be returned (csv does not support tree structures) if the csvpath parameter is not given.
  • Quality
    • openssl test now demands the build to be as of June 20th or later

Revision 55

Baselined 2014-06-09
  • Refactoring
    • wdk_dns.inc has been removed and all functions are now found in wdk_ip.inc
  • New Features
    • Added GetWhoisRecords().
    • ArrayReverse() has been added.
    • HtmlConvertLineBreaks() has been added.
    • Default layout tables are now designed not to exceed 100% width of the bounding html element.
    • Added special layout styles for teaser and portfolio for a list of file downloads.
  • Quality
    • openssl test now checks for latest release after several security issues in open ssl have been fixed.

Revision 54

Baselined 2014-06-06
  • Defects
    • CTableElement::RenderTableEx() was missing a default value for the new cell style array parameter. This broke the e.g. collection element rendering and has been fixed.

Revision 53

Baselined 2014-06-01
  • Defects
    • CFormElement: The use of forms rendered the page as invalid HTML5 since for whatever reason a form and input start tag must not be within a table or tbody element. This has been fixed by introducing and using the LAYOUT_INNER_BEGIN and LAYOUT_INNER_END layout definition.
    • The basic and dynmaic website scaffolder did not prepare menu rendering properly. This has been fixed.
  • New Features
    • CTableElement::RenderTableEx() now supports cell styles. By default, additional cell styles "center" and "right" are supported to control text alignment.
    • CItemManagerElement (and CItemmanagerData) now support cell styles on column level. Note that only one cell style can be applied for combined columns (last one wins).
    • Module cms/staticfilebrowser supports the "portfolio" style for browsing files.
    • Module cms/staticfilebrowser displays file size right aligned.

Revision 52

Baselined 2014-05-24
  • Security
    • All devtool contents are now dependant on the "devtools" privilege.
  • Defects
    • CWebservice::CallbackSystemEvent() now uses SystemLog instead of CallbackSystemLog(). So the disable_log configuration is now considered.
    • Webservice system/test returned an invalid result if the command "liststatushistory" was used without active database support
    • StringCheckCharSet() did not recognize a lowercase "x" not being part of a char set. This has been fixed.
  • Refactoring
    • When taking parameters from _GET and _POST arrays the PrepareParameterArray() function now considers the case that _GET and _POST are already unset.
    • VerifyTextID() has been renamed to IsValidTID()
    • GetInvalidTextIDs() has been renamed to GetInvalidTIDs()
  • New Features
    • Webservice system/test now reports in all commands if database support is active
    • Module system/testmanager now considers inactive database support properly. Filter options for status has been removed, a text message that contains the result of an ad-hoc test execution is added.
    • Added module cms/staticfilebrowser which can display files and folders in a configured root folder as a list and offers files for download.
    • Added function GetParentDirectoryFromPath()
    • Added function StringRemoveLeadingCharacters()
    • Added element CTelElement and the generic output item "PHONE" to render telephone numbers depending on the target device.
    • Now using the 3rd party component mobile_detect to identify mobile devices.
  • Quality
    • Added tests for StringRemoveLeadingCharacters()
    • Added tests for MakeTID() and IsValidTID()

Revision 51

Baselined 2014-05-14
  • Security
    • Added test security/sslheartbleed to check if the server is vulnerable to CVE-2014-0160.
  • Defects
    • Functions TimeAddMonths(), TimeAddYears() and TimeGetEndOfMonth() produced incorrect results if the input month's day was not contained in the resulting month. Php's own functions are producing wrong results which adding or substracting months and years - the WDK functions now contain a correction feature for this defect.
    • CEntityManagerModule: CSV import: The module did not send valid date and date/time values to the underlying webserivce which provoked errors. This has been fixed.
    • CEntityManagerModule: CSV import: Under uncertain conditions the last item was not imported due to a bug in php when handling references arrays in foreach loops. A workaround is in place to mitigate this php bug.
    • When loading text resource files that contain the same TIDs the "last one wins" principle was not obeyed. This has been fixed. If a resource file is loaded later and contains TIDs that are already contained in a previously loaded resource file - the later loaded version is used.
    • The scaffolder for static websites did not prepare the protocols array in the website class properly and produced a syntax error.
    • The scaffolder for static websites was missing the TID_NAVIGATION_START tag.
    • Removed support for the publisher meta tag as it is no longer supported in HTML5.
    • MakeSQL_Assignment() did not work properly if a float 0.0 was provided as the field's value. This has been fixed.
    • Default webservice rendering format as defined by GetWebservicesDefaultFormat() was not considered. This has been fixed.
    • CSigninModule: If an occupied username was chosen, an endless loop was caused and the page did not load at all.
  • Refactoring
    • Functions TimeAdd*() have been renamed to GetTime*()
    • ArraySort() now returns the sorted array instead of modifying the input array as a reference.
    • Functions TimeGetEndOfMonth() and TimeGetEndOfQuarter() have been renamed to GetTimeMonthEnd() and GetTimeQuarterEnd().
    • Standard output items CURRENTTIME_YEAR and CURRENTTIME_DATE_ISO have been removed.
    • Entity attribute key "enumtidpattern" is now called "tidpattern"
    • The list of supported webservice formats can now be overloaded using CWebService::CallbackGetSupportedFormats().
    • Renamed GetBoolString() to RenderBool()
    • GetIntegerValue() now returns rounded values
  • New Features
    • CWebsite now supports seo friendly URLs. the feature can be activated by setting the "seourl" config setting and the corresponding rewrite rules.
    • The canonical link header also uses seo friendly URLs now
    • CRoutingMap class is added to manage context id to alias mapping (which is used by the new seo friendly URL feature)
    • Support for sitemaps has been added. A sitemap.xml can now be created (via command=sitemap) which is compatible to this specification: http://www.sitemaps.org/protocol.html.
    • Added cms/sitemap module to render the navigation tree for a user friendly sitemap page - not to be confused with the sitemap.xml support
    • The default content exception page (aka 404 error page) also shows the sitemap. Override CallbackRenderContentException() to change this behaviour.
    • CNavigationElement::RenderNavigationCurrentPathPortfolio() supports the rendering of the navigation options below the current context. CWebsite::CallbackRenderContentException() uses this function as a fallback if no content is found and there are navigation options available.
    • Added CWebsite::AddJavaScript() and ::AddStyleSheet() functions which lead to the inclusion of CSS and JS content into the page. By default JavaScript is put just before the body tag. The output item can be used to put the scripts at another position within the html document to resolve script scoping issues.
    • Added support for the alternate header to specify the languages in which a given page is available.
    • Added function GetTimeEndOfQuarter()
    • CFormElement layout definition now supports LAYOUT_CONTROL_*_MAXWIDTH for TEXT, TEXTAREA, and PASSWORD controls. This allows to override source-code defined width definitions within the layout configuration.
    • Added locale support for the Philippines (PHL)
    • Added locale support for Singapore (SGP)
    • Added locale support for the United Arab Emirates (ARE)
    • Added locale support for Chile (CHL)
    • Added locale support for China (CHN)
    • Added locale support for Ireland (IRL)
    • Added locale support for Czech Repulic (CZE)
    • Added locale support for Finland (FIN)
    • Added locale support for Morocco (MAR)
    • Added locale support for Iceland (ISL)
    • Copyright period now considers the set timezone. Which means that on new year's eve the copyright year switches exactly when the new year starts.
    • Added ArrayKeyFirst() and ArrayKeyLast()
    • Added ArrayStrictCompare() to compensate weaknesses when using '==' on two arrays
    • A web service now returns ERROR_COMMAND_MISSING if no command was specified
    • Added CEntityManagerModule::CallbackPrepareImportedValues() to prepare values loaded from an imported csv file before they are checked for validity and consistency. E.g. when working with Excel csv data must be checked for "#NAME?" to prevent strings from being damaged in the database.
    • CEntityManagerModule takes care for strings starting with a dash and prevents Excel from confusing those strings with a calculation formula
    • CEntityManagerModule now allows a user to choose the decimal delimiter explicitly when exporting data to csv. This is to support Excel versions with different local settings that the logged in user.
    • CEntityManagerModule now uses tidpattern also for strings (if they do not use the textarea control)
    • CWebsite::LoadAllStrings() was added to get all strings for the current language
    • Added StringExplode() as a wrapper for explode. StringExplode supports to trim all strings and interprets the limit parameter set to 0 as if the parameter was not set at all (explode interprets 0 as 1, which is a questionable function design in php).
    • CEntityManagerModule::CallbackGetExportFileTitle() can now be used to control the file name for the exported csv file. The default is "_YYYY-MM-DD_HH-MM-SS.csv".
    • A new external link layout has been adeed using the rel="nofollow" attribute to prevent external links from inheriting the site's reputation when crawled by search engines - use this for user generated posts that contain links
    • CWebSite::CallbackGetWebsiteTitle() now supports content specific titles and combines the content specific title with the default title if set
    • CWebSite::CallbackGetWebsiteDescription() now support content specific meta descriptions
    • CWebSite::CallbackGetWebsiteKeywords() now supports content specific keywords and combines them with the default keywords if set
    • Added StringRemoveTrailingCharacters() which removes a trailing character from a given set
    • CEncryptionDynamicWebSite: The secretpayload parameter is no longer added if the payload is empty
    • Added GetRandomInteger() as a wrapper for rand()
    • The default navigation elements now make use of the
    • Added GetVersionInfoOpenSSL()
    • Added GetVersionInfoPHP()
    • The wiki element now also supports mailto links
    • RenderDateTimeNow(), RenderDateNow(), and RenderDate() now support the time zone parameter
  • Quality
    • The pattern ' xmlns="http://www.w3.org/1999/xhtml"' should no longer be used in htm and cfg files.
    • A new test checks for unintended files within the source directory starting with .db and .tmp.
    • A new test checks for suspicious memory sections that may indicate an ebury infection on the server
    • Two tests have been added to check the meat keyword and description (fallback) feature.
    • Added tests to verify routing and routing with alias features
    • Added test to verify the new sitemap feature

Revision 50

Baselined 2013-12-24

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • SecureParameterArray() now filters array parameters. The array parameter "arr" will simply not get through: http://www.example.com?arr[]=test1&arr[]=test2
  • Deprecation
    • GetDataArrayFromCSV() has been replaced by ParseCSV*() functions.
    • ReadFileCSV*() has been replaced by FileReadCSV*() functions.
    • CEntityManagerModule::MakeLabelTID() and CEntityManagerModule::MakeTableHeaderTID() are deprecated
    • CDatabaseWebservice::DataArrayToList() has been removed.
  • Defects
    • CEntityManagerModule::StateList() The selection of available task icons is now controlled by IsStateSupported(), too.
    • CEntityManagerModule::StateView() does no longer ignore zerounset for integer, idnumeric, and float values.
    • CWikiElement did not render the wiki table of contents properly since CNavigationElement::RenderNavigationVertical() started to consider the condition compliance tag.
    • StringCutOff() did not work well with strings that contained words that are longer than then the allowed width. This has been fixed.
    • DownloadFileAndExit() now also sends the header for Content-Length. This avoids the limitation of 1 MB file size when downloading.
    • Webservice system/entitlement used SystemLog() incorrectly and caused errors when setting entitlements. This regression was introduced in revision 48.
    • CNavigationElement did not work with empty menu trees. This has been fixed. In fact php is confused when comparing an empty array with false.
    • Webservice system/log was using a non-existent function RenderArray() which caused the webservice to display error messages if a log mail was sent.
    • CSRF protection didn't work with file downloads. After a download took place, users were logged out. This has been corrected.
    • ArrayGetValue() and ArraySetValue() now deal with numeric keys correctly. If the deepest array used numeric keys, using the index key 0 produced unexpected results.
    • system/test sent alert mails without failed test's log output. Has been fixed.
    • Assemblyies did not accept "-" in the assembly id. This has been fixed.
  • Refactoring
    • WARNING: former function CUnitTestURL::TestURL() has changed parameter order and was renamed to CUnitTest::TestCase_CheckURL()
    • Removed classes CUnitTestURL, CUnitTestServer, CUnitTestDomain. Moved all functions to CUnitTest. Renamed "Test*()" functions to "TestCase_*()"
    • CDatabaseEntityWebservice has been refactored to use SQL syntax definition arrays instead of string based SQL queries. This affects all functions that use SQL requests.
    • CDatabaseEntityWebservice::CallbackCommandListPrepareSQL() has been refactored to use the SQL syntax array instead of two strings.
    • Introduced CDatabaseEntityWebservice::MakeSQL_Field() which will prefix each SQL field string with a table alias and table prefix. It must be used whenever SQL statements are combined with quieres created by CDatabaseEntityWebservice core functions - like in MakeIndexSQLCondition()
    • FatalError() no longer supports the strTitle parameter
    • Introduced CEntityManagerModule::MakeEntityTID() which uses the entity name as a prefix to identify entity related text. This requires to change existing TIDs.
    • CEntityManagerModule and CDatabaseEntityWebservice now suppport "email" as an attribute type
    • CEntityManagerModule::CallbackPrepareItemDataExport() changed order of parameter
    • CEntityManagerModule::CallbackCheckInputValues() changed order of parameter
    • CEntityManagerModule::CallbackPrepareItemDataModify() changed order of parameter
    • CEntityManagerModule::CallbackPrepareItemDataView() changed order of parameter
    • CEntityManagerModule::CallbackItemView() is now using the original item data as received from the webservice.
    • CEntityManagerModule::StateView() will now expect an output item named "ITEM" instead of "TABLE" in the module state layout file.
    • CTabNavigationElement now uses div tags instead of layout tables in the WDK default layout.
    • Module crm/contact and crm/feedback now use GetSiteTeamEmail() instead of GetAdminEmail()
    • Calls to array_key_exists() have been replaced by ArrayKeyExists()
    • Changed MakeSQL_Table() to include the quotes and mark the table name with a comment string (to add table prefixes later)
    • Renamed MakeSQL_PrefixTableNamesInQuery() to MakeSQL_PrefixTablesInQuery(). Added the old name to the deprecated names.
    • Created MakeSQL_RealEscapeString() as a replacement for mysql_real_escape_string() which does not require an active SQL connection.
    • Replaced the use of in_array() by ArrayValueExists()
    • Renamed DateTimeAdd*() functions to TimeAdd*()
  • New Features
    • CUnitTest does now support REQUESTERROR as a result code
    • CUnitTest will return the REQUESTERROR by default if TestCase_CheckURL() ran into a timeout. The new function TestCase_MonitorURL() acts like TestCase_CheckURL() but considers a timeout as a fail.
    • CUnitTest::TestCase_CheckURL() timeout is changed from 10 to 15 seconds
    • CUnitTest::TestCase_Domain() can be used to check if a given host name is bound to a given IP address
    • webservice system/test now recognizes the REQUESTERROR result from a unit test. This means that temporary request errors WITHIN a unit test are also considered as REQUESTERRORs and this will cause a high priority re-test.
    • Added function ArrayTableRotate() to rotate a table represented as an array (rows) of arrays (columns within a row). Rotation means to exchange columns and rows.
    • Added function ConvertToDate() to convert a non-ISO date string into an ISO date string.
    • CEntityManagerModule now supports generic support for enum display, filtering, and selection.
    • CEntityManagerModule now supports the importing of csv files. If the index attribute column is set for an item, the existing item is updated. If it is withheld, new items are added to the list.
    • CEntityManagerModule now support the "readonly" config setting. It will hide any options for change and deny all change actions.
    • CEntityManagerModule can now be configured to use specific default values when adding an item - and override the entity definition defaults.
    • CEntityManagerModule does now do standard parameter checks for integer attributes
    • CEntityManagerModule::CallbackPrepareItemDataDefaultValues() can be overloaded to fine-tune default values before the form is populated
    • CEntityManagerModule now supports the duplication of item instances.
    • CEntityManagerModule now supports [Add|Set][Warning|Error|Info]MessageCodeEntity() functions
    • CEntityManagerModule now allows to import csv files that do not contain all attributes / columns for already existing entities.
    • CEntityManagerModule::CallbackItemView() can now return a state id. If the function returns a string != "" then the string is used to identify the view state layout file. If not then "view" is used.
    • CWikiElement can now be configured to show a limited depth of headers in the table of contents. This is part of the element's layout definition.
    • Introduced CCollectionElement which renders a number of elements based on an associative array with element descriptions. This is useful if the compilation of a structured page should be separate from the actual rendering process or if a structured display of information should be rendered in completely different ways.
    • Some elements support the "wikisyntax" style as a layout style option. The wikisyntax style is used to produce native wiki syntax.
    • Introduced ParseCSV*() functions with full support for CSV according to RFC4180, WDK-style, and Excel
    • Introduced FileReadCSV*() functions that use ParseCSV*() accordingly
    • Introduced MakeCSV*() functions to create different variants of CSV files
    • CWebsiteSatellite now supports all variants of the [Add|Set][Warning|Error|Info]Message[Code|Text]() functions
    • Entities now support the entity type "language"
    • Module system/usermanager can now filter users by their preferred language
    • CList::GetStatistics() can be used to get min, max, sum, avg, and dif from all numeric values contained in a list.
    • Webservice system/server now supports the "performance" command to gather perfromance information about a server
    • Added functions IsValidRegionID() and GetAllRegionIDs() to support structures like the European Union. Since there is no coding scheme standard available - all "region" must be a 2 letter code. The "EU" is currently the only supported region.
    • Added ArrayRemoveKey() as a wrapper for unset() for arrays.
    • Added locale support for Austria (AUT)
    • Added locale support for the Netherlands (NLD)
    • Added locale support for Denmark (DNK)
    • Added locale support for Greece (GRC)
    • Added locale support for Belgium (BEL)
    • Added locale support for Portugal (PRT)
    • Added GetIntegerValue() to convert string like "2MB" or "2M" to integer values
    • Webservice system/session now logs the amount of deleted sessions during cleanup
    • Added IsStringSingleByte() to find out if a string consists of single byte characters only.
    • Webservice system/server now returns if a Plesk server is running on the server
    • Module crm/newsarticlebrowser now considers publication start and end time
    • Websites and Webservices now also display the Server IP in trace output
    • Add ParseDateTime() to convert a date time string into its components
    • Add ParseDate() to convert a date string into its components
  • Quality
    • Tests webservice-log/log, webservice-log/whitelist, and webservice-log/blacklist now check how the test event ids are handled. If the webservice configuration does not support the tests, they are set to inactive instead of failed.
    • Test for FindStringMultiple() now also considers the nOffset parameter

Revision 49

Baselined 2013-06-11

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • Added protection against CSRF attacks: The new feature protects logged-in users against CSRF attacks by ensuring that a user may not leave the current browser page. Session highjacking and request forgery is effectively prevented. However: using two browser windows or reloading a page will cause the immediate closure of the session. The feature can be deactivated by setting the config item "csrf_defuse" to "true".
    • Added support for user IP aware sessions
  • Defects
    • In case a scaffold does not have any configuration options, an empty step was displayed. This has been fixed.
    • The scaffolder for dynamic websites had a bug that may prevent the included testwebsite from working. Has been fixed.
  • Refactoring
    • CUsersWebsite has been renamed to CDynamicWebsite
    • CUsersEncryptionWebsite has been renamed to CEncryptionDynamicWebsite
    • WARNING: CUnitTestURL::TestURL() now supports all features of HttpRequest and has a changed parameter order
  • New Features
    • webservice system/session was extended to store a user's IP address. See webservice documentation for more details!
    • Added ArrayPack() and ArrayUnpack() functions to transform an array into a base64 encoded string and vice-versa. The functions are now used for session data storage and the data container.
    • Added StringRemoveCharacters() to remove a set of given characters from a string
    • CWebsite::SetCookie() and CWebsite::DeleteCookie() has been added. CWebsite::GetCookie() can be used to receive provided cookie values.
    • IsValidCookieName() is added to check if a name is an allowed cookie name.
    • FataError() now also sends an email to the admin email address defined by env.inc's GetAdminEmail()
    • IsValidIPv4() has been added.
    • Website scaffolders now also contains security related options and explanations
    • Website scaffolders contain ISO-style date and time display
  • Quality
    • Added "CContentDefault" to the sourcefiles/deprecation test.

Revision 48

Baselined 2013-04-13

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Security
    • Bcrypt support for password hashes: MakeHash() now accepts a seed and the hash mode as a parameter
    • Added function VerifyPassword() that takes a clear text password and validates it against a hashed password and its seed. VerifyPassword is backward compatible and will also validate password hashes based on sha1.
    • Encrypt() and Decrypt() now support different password hash methods. The default remains "sha1".
  • Deprecation
    • The function GetWebserviceURL() defined in webservices_directory.inc is no longer used. So the function can be removed.
    • Removed the long unnecessary functions CWebsite::UserAuthentication() and CWebsite::CallbackUserAuthentication()
    • CFormTemplateElement::RenderFormIndividual() has been removed
    • CFormElement::RenderFormGeneric() has been removed
  • Refactoring
    • WARNING: Layout definition files are renamed from layout_*.txt to layout_*.cfg.
    • WARNING: Webservice and website member function Log() and Event() have been renamed to SystemLog() and SystemEvent()
    • WARNING: Some configuration option names have been changed: "nolog" is now "disable_log", "databasesupport" is now "database_support", etc. The wdk/sourcefiles/deprecated test result will indicate regressions.
    • WARNING: MakePasswordHash() The order of parameter has changed!
    • SystemEvent and SystemLog are now members of CWebApplication. CWebsite and CWebService implement these functions differently.
    • CFormElement::AddControlFile() no longer accepts the nSize parameter.
    • CTeaserElement now uses different tags AND does NO LONGER support a SUBHEADER. Please check your own layout_element_teaser* files!
    • Removed the files res_error_en.txt and res_error_de.txt. The contained strings are contained in res_wdk_*.txt.
    • CWebserviceDatabaseEntity: Optimized SQL requests for the list command. The "AND 1" pattern has been removed.
    • CAssemblyLine is now moved into new file wdk_assemblyline.inc
  • New Features
    • WARNING: system/user now supports user silos which implies a database model change. Check out the webservice documentation for details.
    • WARNING: system/log now supports a new attribute "event_message" which allows to add a short message text AND an associative array with details to a log entry.
    • Webservices now support the "load_tolerance" configuration setting. "load_tolerance" can be configured for each command. If set the webservice will check the current load (1 minute average) and if the load exceed the load tolerance an error will be returned.
    • A database configuration now supports a table name prefix. Use the TABLENAMEPREFIX configuration tag name.
    • MakeSQL_Table() now accepts a table name prefix
    • Introduced MakeSQL_PrefixTableNamesInQuery(). This function tries to identify all table names in a query and adds a prefix. Be cautious: The function has certain limitations.
    • CImageTeaserElement has been introduced
    • CWebApplication::GetWebserviceAccessCode() has been introduced
    • Added scaffolder to the devtools navigation
    • Added CWebsiteUserPostCreation(). This function should be called whenever a new user has been created. It invokes CWebsite::CallbackPostUserCreation() which by default adds configured default privileges. Module user/signin, user/signinonestep, and system/usermanager now make use of this function.
    • Entity attributes of type "date" and "datetime" now support the "inputrequired" flag that will cause a check if a date or datetime value has been provided by the user.
    • Updated the pdf icon in accordance with http://www.adobe.com/misc/linking.html
    • Introduced ArrayTransformToTable() to convert an (associative or indexed) Array into a two column array that can be used as input to a table element.
    • Introduced IsFileUTF8BOM() to check if a file starts with a UTF8 Byte Order Mask
    • Webservice system/scheduler: When a job is configured to call a configured webservice, the system/scheduler webservice uses CWebserviceConsumerWebApplication to actually request the webservice. This means that accesscode, format, and trace parameters are set automatically.
    • Introduced res_error*.txt that contain additional error text resources (currently only for webservice request related errors) that you may or may not want to use. If they are to be used the resources must be loaded explictly.
    • Introduced CAssemblyLine::GetAssemblyList() to retrieve the ids of all added assemblies.^
    • webservice system/test: LASTEXECUTION_RUNTIME_SECONDS is always truncated to 3 decimal digits
    • IsValidURL() now detects "localhost" and valid IPv4 addresses as valid URLs
    • Introduced CUnitTestRecursiveFileCheck for BOM and bad white space checks
    • FatalError() and CWebsite::RedirectAtOnce() no longer make use of the "<?" tag which caused issues if short_open_tag was not set (refer to http://de3.php.net/manual/en/ini.core.php#ini.short-open-tag)
    • Scaffolds for basic and dynamic websites user shorter folder pathes now in template folder.
    • Scaffold for dynamic websites now support configuration for database table names prefixes
    • Scaffolds now take their names and descriptions from res files
    • Scaffolds for websites implement the GetDocumentRoot() function in a way that can cope with trailing slashes and missing trailing slashes in DOCUMENT_ROOT.
    • Database entity webservice now considers the float precision when rendering numbers - so it will not just forward what mysql delivers
    • CNavigationElement::RenderNavigationHorizontalPath() now considers specific layout tags for the first and last item in a given navigation menu level
    • Generic output items are now also supported of the output tag contains line breaks and tab characters (only blanks were supported previously)
    • FindStringMultiple() now supports the nOffset parameter
    • CWebsite::LoadContent() loads a content file and returns the rendered content or false if it fails
    • CFormElement now supports the layout definition LAYOUT_CONTROL_CHECKBOX_LABELFIRST. If set to 1 (or true) the label of a checkbox behaves like all other labels (display in BEFORE the control) instead of display AFTER the control which is the typical use of a checkbox. However there might be layout considerations that justify the display of the label in front of the checkbox.
    • Added error message strings for HTTP 413 and added error document handling in scaffolds for basic and dynamic websites.
    • CThumbnailImageElement::RenderThumbnailImage() now considers the case that no width or height of the large version of the image is provided.
    • Added support for layout configuration files (like "layout_default.txt") that contain tag value pairs which are added to the output item list. You can use it to vary colors in a given layout easily.
    • MakeSQL_Select() now supports empty condition parameter. In this case, the "WHERE" part is omitted.
    • Added two new functions ArrayPrint() and ArrayRender() which encapsulate print_r. The test sourcefiles/debugdebris has been added to check if all source files contain unintended debug output. It checks for "print_r", "var_dump", and "echo" calls.
    • The text input control for date time input in a form now considers that total string length depending on local settings.
    • Added function IsValidAssemblyID() and corresponding tests
    • Added function SQL_IsValidTableName() and corresponding tests
    • Entity's data base tables can now contain alphanumeric characters, underscores, and dashes
    • Entity Manager Module now defaults attributes with type "enum" to control "select"
    • Event severities are now defined in a separate file named wdk_eventseverity.inc. Numeric constants are now also available.
    • The new constructor paramter of CWebApplication called arrayObfuscationItems allows to define additional items that shoudl be obfuscated in trace output and parameter reflection. This enabled webservice authors to add items that should not be shown in trace output in addition to e.g. "accesscode" or "password".
  • Defects
    • MakeCssURL() has been fixed.
    • CWebserviceConsumer: If a request returned syntactically valid, parseable data (like an xml-valid 404 html page) this was not detected as an error. This has been rectified.
    • CWebserviceDatabaseEntity: For each filter option, the "list" command was configured for 2 filter option parameters. But only the amount of filter options were configured and processed as parameters. Using a filter option with a number beyond the amount of filter options produced an error. This is fixed now.
    • CWebserviceDatabaseEntity: When using the index item as a sort option, the sql query contained the corresponding field sort order twice. This did not cause a malfunction, but may have impacted performance. This has been fixed.
    • Webservice system/entitlement: A defect prevented privileges from being deleted. This has been fixed.
    • CNavigationElement::RenderNavigationVertical() did not check for conditions and hence displayed all entries. This has been fixed.
    • CImageElement::RenderImage() did not URL encode the image URL when creating html. Has been fixed.
    • When using the "image" command a new session was created unintendedly. This has been fixed. However session data is accessible if a valid session id is provided.
    • Webservice system/test was still using format=csv to request system/test webservices of remote sites. This has been fixed.
    • Event severities were not fully correct. WARNING and higher were given a numeric value which was one too high. This has been corrected.
  • Quality
    • The test for IsDirectoryReadWriteAccess now provides a possible explanation why a PHP handler process may have write access to the application source code files.
    • Added a test that scans the application's source code for deprecated functions (e.g. "CheckCharSet").
    • Added test for ArraySetValueRecursive()
    • Added test for MakeInitVector()

Revision 47

Baselined 2012-09-12

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • cms/article entity and related modules and webservices are all work in progress. DO NOT USE!
  • Deprecation
    • CLocalResources::LoadStringResourceFileEx has been removed.
    • Text resource files with pattern *_int.txt are no longer considered.
  • Refactoring
    • WARNING: CContentDefault has been renamed to CContent. User specific content classes must be named CMyContent. This may break existing code!
    • WARNING: Image URLs have been changed. Images are now requested using the "command" parameter and identified by the "id" parameter. This may break existing code!
    • WARNING: Webservice output format "csv" has been renamed to "csvpath"
    • WARNING: MakeLink() (in all its various variants) has been renamed to MakeURL()
    • WARNING: CElement::__construct now requires two additional parameters to control if the element should look for layout definition txt files and/or layout html files. This may break existing code implementing CElement derived classes.
    • WARNING: IsEmailValid() has been renamed to IsValidEmail()
    • WARNING: LoadNamedArrayFromTextFile() and LoadNamedArrayFromTextFileMultiLine() now return the read data as the return code. Data was returned via reference parameter. This may break existing code!
  • New Features
    • Default layout is now 1000 pixels wide
    • Introduced the CScaffolder class and devtools/scaffolder module to support code scaffolding for building new websites and adding new features to existing websites
    • Webservice system/scheduler: Job URLs can now be specified as webservice names. In this case, the access code parameter is automatically added. Additional post parameters can now be specified for a job.
    • CContentDefault::RenderContent() now returns false if the content is not found. Subsequently CWebsite::CallbackRenderContentException() is called.
    • CEntity::MakeSQL_CreateTable() now creates date and datetime fields as NOT NULL. This enables those fields to be used in sql WHERE conditions. Since NOT NULL leads to artefacts like "0000-00-00 00:00:00" to be returned by the database, CDatabaseEntityWebService::CallbackCommandGetComplete() is now emptying date and datetime zero values before returning.
    • CWebServiceConsumer::ConsumeWebservice(): The maximum allowed execution time for a webservice when called is now 600 seconds. However, it is not sure if the environment really supports this.
    • CWebsite::CallbackRenderSpecialContent() now has a default implementation which does nothing.
    • Introduced CWebsite::CallbackPrepareMakeURL() to control and modify all URLs (and their parameters) before being created using CWebsite::MakeURL(). This can be used to remove parameters you don't need or rename them to implement a short parameter policy.
    • Webservice system/test: Alert mail layout has been redesigned to show more relevant information when being sent as an SMS.
    • All profiling output displays the amount of elapsed seconds with a precision of 3
    • ArrayFilterByKeys has a new parameter: $bIgnoreEmpty. The default is false. If set to true, empty fields will not be copied to the output array.
    • Form Element now supports so-called separators. A separator is html snippet defined in the layout file for generic forms. It can be set via CFormDefinition::AddControlSeparator(). It is also supported by the entity manager module: Each filter option in the entity definition array can set the value "separator" to "true" to add a separator AFTER the filter control.
    • Form Elements now support LAYOUT-tags for labels specific to the type of the control. This made it possible to fix a layout inconsistency in case of an displayed error for a text area control.
    • CWebServiceDatabase will now emit a warning via email if a sql query takes longer than 15 seconds. The threshold in seconds can be set by using the config value "query_alert_threshold_seconds".
    • The new test wdk/security/cgivulnerability checks if the server is vulnerable to the cgi vulnerability described here http://www.php.net/archive/2012.php#id2012-05-03-1.
    • StringBBCodeToHtml() now also supports [list] and [*]
    • StringBBCodeToHtml() now also supports [table], [tr], [td], and [th]
    • Introduced CWebSite::AddHeaderRefresh() to add a header which tells the browser to redirect to the specified URL after a defined number of seconds
    • Introduced ArrayValueExists() as a wrapper for in_array()
    • Webservices and consumers now supports json as a format (but not json-rpc)
    • CWebServiceConsumer_WebApplication now allows to override the "format" configuration by using the "format" parameter.
    • CWebserviceConsumer_WebApplication now outputs the error code in case of into the trace log
    • CWebserviceDatabase now adds DATABASEQUERIES_SECONDS to the PROFILING section of the webservice result to report the number of seconds spent in sql queries.
    • CWebsite::GetCountry() will return the default country if no country is set yet.
    • Introduced StringCheckCamelCase() to check if a string is an alphanumeric camel-cased name without special characters and leading numbers
    • Introduced MakeUniqueTempFilePath()
    • Introduced GetDiskSpaceTotal(), GetDiskSpaceFree() and GetDiskSpaceUsed()
    • Introduced GetFileSize() that supports files larger than 2GB
    • Introduced CompressFiles() and CompressFilesInMemory() to create zip archives
    • The amount of IsFile() calls has been significantly reduced which improved overall performance.
  • Defects
    • The framework layout still used INDEXLINK instead of INDEXURL for the logo image link target. Has been corrected.
    • Webservice system/test command "testall" did not return any data. Defect has been corrected.
    • Webservice system/test command "alert": The alert mail did not contain any test logs. This has been rectified.
    • CUnitTestURL::TestURL() did not set the test result to false if the URL could not be loaded.
    • CParameterDefinition::CheckParameters() did not allow the min and max value for datetime parameters. This has been fixed now.
    • StringBBCodeToHtml() did not add "px" to font size definitions. This has been fixed. "[size=15]" will now start a span with a font size of 15px.
    • StringBBCodeToHtml() had difficulties to detect a pair of open and closing tags if there were line breaks in between. This has been fixed.
    • IsValidURL() did not detect some cases of incorrect URLs (e.g. "http://" was considered as valid)
    • Webservices fell back to xml output if invalid format parameters were supplied. In this case the default format was ignored. This has been fixed.
  • Quality
    • Added test script for IsFile()

Revision 46

Baselined 2012-03-15

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • cms/article entity and related modules and webservices are all work in progress. DO NOT USE!
  • Security
    • A test has been added to check if a .htaccess file is in place and the server configuration considers the file.
  • Refactoring
    • WARNING: FindStringMultiple has changed completely. It now returns the position of the nearest needle.
    • WARNING: CDatabaseEntityWebservice::CallbackCommandAdd() has been renamed to CDataBaseEntityWebservice::CallbackCommandAddPrepare() and the parameter $strEntity has been added (it was missing before).
    • WARNING: CDatabaseEntityWebservice::CallbackCommandSet() has been renamed to CDataBaseEntityWebservice::CallbackCommandSetPrepare() and the parameter $strEntity has been added (it was missing before).
    • WARNING: CDatabaseEntityWebservice::GetPublicFieldsList() and CDatabaseEntityWebservice::GetPublicFieldsGet() replace CDatabaseEntityWebservice::GetPublicFields() to support the new entity attribute property "excludefromlist"
    • WARNING: Webservice system/test: Several parameter names have changed. The webservice is now based on CDatabaseEntityWebservice.
    • WARNING: Webservice system/scheduler: Several parameter names have changed. The webservice is now based on CDatabaseEntityWebservice.
    • WARNING: Webservice system/entitlement: Several parameter names have changed. The webservice is now based on CDatabaseEntityWebservice.
    • WARNING: Webservice system/user: Several parameter names have changed. The webservice is now based on CDatabaseEntityWebservice.
    • WARNING: Webservice system/data: Several parameter names have changed. The webservice is now based on CDatabaseEntityWebservice.
    • WARNING: The "vintage" version of CDatabaseWebservice has been removed
    • WARNING: Introduction of new entity attribute naming scheme: Parameters are now aligned with database table names and contain underscores to separate name and type. Impacts webservice system/log, demo/databasedemo.
    • WARNING: AppendArray() now returns the resulting array instead of modifying the first input parameter.
    • WARNING: The "maintenance" area has been renamed to "systemadmin". Please check links the content files, navigation includes, module includes, and user privileges.
    • WARNING: Renamed generic output item LINK to URL. Please check your content files and modules!
    • WARNING: Renamed output item SELFLINK to SELFURL. Please check your content files and modules!
    • WARNING: Renamed output item INDEXLINK to INDEXURL. Please check your content files and modules!
    • WARNING: Renamed CWebsite::ReplaceOutputItemTags() to CWebsite::ReplaceOutputItems()
    • WARNING: CDatabaseEntityWebservice: "Item" was replaced by "Entity" where appropriate including some member function names.
    • WARNING: CMessageElement always uses {MESSAGE_TEXT} as a placeholder. This might affect existing custom layout files.
    • WARNING: ParseTestPath() now uses new naming convention: "site_path", "assembly_id", "group_id", and "test_id".
    • WARNING: Shell_GetUser() has been renamed to GetSystemUser() and is moved to wdk_system.inc
    • Removed most occurances of strlen, mb_strlen, strpos, and mb_strpos from wdk source code.
  • Deprecation
    • Removed function CTableElement::RenderTableTest()
  • New Features
    • Entities of type enums now require a default setting
    • CDatabaseEntityWebservice::CallbackCommandSetComplete() has been added
    • CDatabaseEntityWebservice::CallbackCommandAddComplete() has been added
    • CDatabaseEntityWebservice now creates twice as many filter parameter groups per configured filter to allow lower and uppoer bound filtering for all supported options.
    • Wiki Element now supports tables
    • Wiki Element now supports links to chapters within a wiki article like this: [ [Article#Chapter|Text]]
    • New generic output item "IMAGE" has been introduced to render an image element.
    • Image URL function (e.g. "www.example.com?image=test") now also supports non-layout images.
    • Introduced CTableElement::RenderTableEx() to allow any combination of header and data cells within a table.
    • Added example robots.txt files for two typical uses cases to the templates folder
    • Entities now support UNIQUE KEYs. Use "uniqueindices" in entity definition arrays!
    • Introduced webservice system/server with "status" command to retrieve some basic status information on the server (like available disk space)
    • Function ArrayRemoveValue() was added to remove a key from an array based on it's value.
    • Added function GetSystemAverageLoad() which encapsulates the shell uptime command
    • Added function GetSystemResourceConsumption() which provides current and maximum usage of various system resources (like memory, tcp sockets, etc.)
    • Introduced CWebSite::MakeImageLink() to create image links without unnecessary parameters to avoid unnecessary reloading of pictures.
    • CEntityManagerModule: If TID_MODULENAME_TABLEHEADER_ATTRIBUTE is empty, the module will try TID_MODULENAME_LABEL_ATTRIBUTE.
  • Defects
    • CModuleEntityManager erroneously cleared all form fields if a modify attempt failed.
    • GetAttributeFromXMLTag() did not extract attributes properly if one attribute name is the trailing part of another attribute name (e.g. if attribute "context" and attribute "ext" existed). This caused an error while creating image urls for images embedded using the generic output item IMAGEURL.
    • Module crm/feedback did not render it's form and hence did not work at all.
    • When loading wiki content in CContent output item tags were not replaced. This resulted in links not being identified as links. Example: "[{SOMEURL}file.pdf Some file to download]"
    • CHARSET_URL did not include ; - this caused some links in wiki content to be ignored.
    • Module maintenance/logmanager produced an error due to an invalid entity definition
    • Module maintenance/entitlementmanager produced an error due to an invalid entity definition. To fix this, entity definitions now allows "blocksize" to be 0 which will make sure, the blocksize parameter is not used in webservice calls.
    • Wiki Element: A simple line break in the wiki source code should lead to a line break in html - this is the case now.
    • CDatabaseWebserviceEntity did not produce an error in delete command id no index attrubute was specified.
    • Element Form did not render datetime controls at all. This has been fixed.
    • Database Entity Webservice returned "IMPLEMENTAION_ERROR" instead of "IMPLEMENTATION_ERROR" in some cases.
    • Module crm/wikipad did not handle errors properly. If loading or saving failed a proper error message is displayed.

Revision 45

Baselined 2011-10-11

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Refactoring
    • WARNING: CFormElement::RenderFormGeneric() has been replaced by RenderForm()
    • WARNING: CFormTemplateElement::RenderForm() has been introduced to replace CFormElement::RenderFormIndividual()
    • Generic output items are only replaced if CallbackRenderGenericOutputItem() returns a non-empty string.
    • Default layout css file has been cleaned of unused class definitions and is now using a more consistent naming scheme.
    • Default layout of tab navigation element uses IMAGEURL and default imagery is now part of the wdk assembly.
    • Removed all references to google.com in examples and tests.
    • Now using IMAGEURL instead of static image urls in all elements.
    • Added all imagery and layout files of the default layout to the wdk assembly.
    • Element Toolbar does no longer use tables for layout purposes.
    • Element ItemManager does no longer add   to header and data cells if they are not empty. This enables browsers to mark the cell contents without marking a whitespace. This prevented usernames or passwords to be copied correctly from table cells.
  • Deprecation
    • Module quality/w3cvalidation has been removed. It was defect anyway.
  • New Features
    • WARNING: Database model has changed: Test Status History table now includes the STATUS field in the PRIMARY KEY. Please see system/test documentation for more information.
    • WARNING: Database model has changed: Test Status table now includes the LASTEXECUTION_ATTEMPTS field. Please see system/test documentation for more information.
    • Introduced FileReadToArray() as a wrapper for php native function file().
    • Trace log output in websites is now always left aligned.
    • The test website now shows an explanation on what it is on it's default landing page.
    • Preparation of the W3CLINK is now part of CWebsite::__construct.
    • Introduced the module user/layoutselection which enables to select from a defined set of layouts.
    • "password", "passwordhash", and "authenticationpayload" are now obfuscated in parameter reflection and trace output. Up to now, only "accesscode" was obfuscated.
    • Introduced CDefinitionListElement class
    • Wiki Element now supports the __TOC_<>_ tag with numbering.
    • Wiki Element now supports the "----" syntax for a horizontal rule.
    • Wiki Element now uses Media wiki like styles for pre-formatted text.
    • Wiki Element layout definition supports to control if headers should be numbered or not
    • Wiki Element now support ";" and ":" tags to create definition lists
    • Added module WikiChapters: The module allows to display a lengthy wiki article chapter by chapter and allows to navigate to the toc, the previous page, and the next page.
    • Added icon images for "back" and "next".
  • Defects
    • The internal cache used in CWebsite::ReplaceText() caused test resources not to be used which were loaded _after_ CWebsite::ReplaceText() was used for the first time. Cache usage must now explicitly activated by parameter. This makes the function backward compatible.
    • Console element did not add line breaks for lines which are too long. This has been fixed.
    • Inclusion of css into the html file now produces valid html in case of urls containing "&" characters used in css.
    • ReadOnly controls in a form element contained a label tag which caused warnings when checked by the w3c validator.
    • Wiki Element did not ignore link tags within <pre> sections. This has been rectified.
    • Module EntityManager now checks if the modulevarname has been set for the index attribute of an entity.
  • Quality
    • Added a test for ReadFile().
    • Added a test for ReadFileToArray().

Revision 44

Baselined 2011-07-14

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Refactoring
    • RenderPathContent() and ParsePathContent() now uses '#' instead of '!' to indicate indexed array elements.
    • CInstaller::TestAll() has been renamed to CInstaller::Test(). By defaul the function will use the "testlocal" command of the system/test webservice instead of the "testall" command.
    • file_exists() has been replaced by IsFile()
    • GetAllLocales() now returns only utf8 locale ids
  • Deprecation
    • Checklist, glossary, and feature section has been removed from wdk.txt
  • New Features
    • Webservice now support csv as a result format. Each line in the csv result table contains a path comma separated to a value. The result format can be specified using the parameter "format". xml remains the default but CWebserviceConsumerWebApplication will request csv by default.
    • The output format can also be configurd in the webservice configuration: use index "format"="xml" to support dependencies to webservices based on WDK Revision 43 or earlier.
    • CSecureDataContainer::SerializeEncrypt() and CSecureDataContainer::UnserializeDecrypt() now use IsMcryptSupported() to check if mcrypt is supported or not.
    • CUsersEncryptionWebSite now checks if mcrypt is supported. If not a fatal error is reprted.
    • CDatabaseWebservice returns error DATABASE_INSTALL_REQUIRED if a table is not found.
    • IsDirectoryReadWriteAccess() to check if the script has read and write access in a directory.
    • StringCount() and StringCountIgnoreCase() count the number of occurances of a needle in a haystack (wrapper for mb_substr_count).
    • CModule::GetInstanceID() has been introduced
    • CWikiPadModule introduced. The module allows to edit one configurable wiki page. It uses the system/data webservice as a storage device.
    • Test pathes and test ids may now contain underscores.
  • Defects
    • IsDirectory() now always returns true for "/"
    • IsDirectory() will suppress warning messages caused by open_basedir restrictions and simply return false
    • ParsePathContent() had an error parsing multiple values within an indexed array element.
    • CWebsite::CallbackRenderNavigation() has been added for the case the the actual website class does not implement the function.
    • CWebserviceConsumer::GetResultArrayInsecure() contained a member function call for Trace() (which doies not exist). The Trace() call is now part of CWebserviceConsumerWebApplication::GetResultArrayInsecure().
  • Quality
    • Test profiling/xml-vs-pathcontent proves that path content is approx. 10 times faster than xml
    • Improved error reporting in test environment/envinc

Revision 43

Baselined 2011-05-31

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • New Features
    • WARNING: Database model has changed: Unit tests now display a hash value of the test script which is stored in the test result database if appropriate. The hash value is stored in a new database field in both tables "System-TestStatus" and "System-TestStatusHistory". The maintenance/testmanager module displays the hash value. Please see system/test documentation for more information.
    • Introduced IsValidConfigID() to check if a string is a valid configuration store identifier.
    • Improved IsValidURL() by added charset check and "ftp://" as an allowed protocol.
    • Introduced RenderPathContent() and ParsePathContent()
  • Quality
    • Added a test for IsValidConfigID()
    • Added a test for IsValidURL()
    • Added checks for GetRootURL() and GetWebservicesURL() in env.inc

Revision 42

Baselined 2011-05-17

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Refactoring
    • WARNING: GetWwwrunDir() is renamed to GetTempDir(). Please check your env.inc!
    • WARNING: CheckCharSet() has been renamed to StringCheckCharSet(), moved to wdk_string.inc, and is now UTF8 aware.
    • IsDirectory() will now return false if there is no trailing slash ("/") or if double slashes are contained ("//").
  • New Features
    • Introduced IsFloatString() with corresponding tests
    • Introduced IsUnsignedIntegerString() with corresponding tests
    • Introduced ArrayCheckCharSet() to check keys and/or values against a character set
    • Introduced CWebApplication::GetServerIP() as a wrapper for $_SERVER["SERVER_ADDR"]
    • CEntityManagerModule::AddTool() now supports to create external (target blank) links
    • CWebservice checks the charset of result tags before rendering the xml result.
    • CTestManagerModule: after executing a test in browse mode, the current view is pertained instead of showing the test details
    • CModule::GetPreviousState() returns the previous state.
    • CWebserviceConsumer::ConsumeWebService() now supports time out settings.
  • Security
    • Introduced LockParameterSources() to prevent developers from accessing global variable stores (e.g. $_GET). Developers must always use GetVar* or GetParam* functions.
    • allow_url_open is set to off in wdk_webapplication.inc - Data from remote hosts should be retrieved using HttpRequest().
    • Webservices now report a security warning if a valid access code is transferred using an insecure channel (e.g. GET) and the remote host is not the server itself.
    • CList::Sort() uses eval() which is a security risk in itself. Additional tests have been made to ensure that CList::Sort() is protected against a code injection attack.
  • Defects
    • UTF-8 characters were not stored correctly in mysql databases. This affected alphabetic sorting and caused symptoms when e.g. umlauts were involved. This has been fixed by issuing sql statement SET NAMES 'utf8' prior to the first UPDATE or INSERT statement. Please note that existing database entries will not be sorted or returned correctly before being updated.
    • A bug caused a quote " to be displayed in the head-area if embedded css files are used. This has been fixed.
    • Rectifed various defects in test webservice-system-data/context
    • Generic output item "IMAGEURL" now delivers html encoded urls
    • Module maintenance/datamanager caused a strict standards warning in CallbackPrepareWebserviceParams(). Is corrected now.
    • CUnitTestURL::TestURL now checks if HttpRequest returned false BEFORE Ccontrol characters are removed for pattern checks.
  • Quality
    • Added a test for GetFloatValue()
    • Added a test for IsBoolString()
    • Added a test for ArrayKeyExists()
    • Added tests for ArrayKeyUpperCase(), ArrayKeyLowerCase(), ArrayKeyUpperCaseRecursive(), and ArrayKeyLowerCaseRecursive()
    • Added a test for ArrayMaxStringLength() and ArrayMinStringLength()
    • Added a test for the generic output item mechanism in CWebsite
    • Added tests for CParameterDefinition::IsValid() to check float parameter settings
    • Added a test for MakeCSV()
    • Added a test for IsDirectory()
    • Added a test for the functionsdefined in env.inc
    • Added a test to check the php environment
    • All source code file (*.inc and *.php) are now checked for leading and trailing white space characters (not only files in GetWDKDir())
    • Add new standard command "selfcheck" in webservices. For database webservices it checks the mysql multi query capability.
    • Added test webservices/webservices which calls the new selfcheck command for all webservices in the webservice directory
    • The entity attributes filter options are now checked for consistency within the entity definition array.
    • CEntityDefinitions::CheckEntityDefinition() now checks for valid entity attribute type float precision settings.
    • CEntityDefinitions::CheckEntityDefinition() now checks for maxlen values for string entities. Maximum is set to 65535.
    • CEntityDefinitions::CheckEntityDefinition() now checks if blocksize has been set. blocksize and maxblocksize must not be greater than 1000.
    • Test added for MakeUniqueToken()

Revision 41

Baselined 2011-03-05
  • Inline include css files from assemblies. A layout's css file should be placed in the /layout folder of an assembly.

Revision 40

Baselined 2011-02-28
  • ReplaceTags() did not work if tag start was an empty string. This prevented generic output items to be replaced. This bug has been fixed.
  • ArrayMaxStrLen() has been renamed to ArrayMaxStringLength()
  • ArrayMinStringLength() has been introduced
  • Module maintenance/usermanager was defect: New users could not be added, because timezone, country, and language properties were missing max and min length settings.
  • CEntityManagerModule: empty index links are no longer rendered. This avoids the display of raw url links.

Revision 39

Baselined 2011-02-22
  • User's local settings are only used if they are set. E.g. the country is only set if a setting exists for the user.
  • Entity Config Array: Introduced "excludefromget" and "excludefromlist" attribute flags to indicate whether the webservice should send the attribute in get or list commands.
  • Entity Config Array: An attribute can now specify the way a data item is displayed and edited. A new config tag "control" can be either empty, "select", or "textarea".
  • CEntityManagerModule: Introduced CheckCondition() to control features based on given conditions.
  • CEntityManagerModule: The return code of CallbackCheckInputValues() is now ignored. Input is considered as fault if the arrayErrors is non-empty.
  • CEntityManagerModule: Introduced the support of text editing of type "numericid".
  • CEntityManagerModule: If input errors are detected during modification, the incorrect values were set back to their original values, making it difficult to the user to see what was wrong. This has been changed now. The incorrect input value stays as it is.
  • CEntityManagerModule: CallbackPrepareSelectOptions() now also receives the index value
  • CEntityManagerModule: Is now aware of upper- and lowercase of enums.
  • CEntityManagerModule: Checks string min and max length before sending it to the webservice
  • CEntityManagerModule: Checks the string charset before sending data to a webservice
  • CEntityManagerModule: Now gets the friendly name of an item AFTER modification.
  • Introduced ArrayKeysUpperCase() to uppercase all keys in an associative array.
  • Introduced CWebsite::IsError() to check if at least one error has been added.
  • CWebsite::RenderNumer() now supports to render numbers explicitly without digit separator
  • ArrayAppend() does now consider associative keys that "look" like numeric keys like "1". array_merge treats "1" like 1 which renders the php function useless.
  • CUserWebsite::LogUserAction() has been deprecated
  • CWebsite::Event() and CWebsite::CallbackEvent() have been introduced.
  • CLogManagerModule and CLogWebservice have been extended with additional filter, sorting, and display capabilities
  • Password Policy now also supports uppercase and lowercase letter requirements
  • Introduced ArrayKeysUpperCase(), ArrayKeysUpperCaseRecursive(), ArrayKeysLowerCase(), and ArrayKeysLowerCaseRecursive()
  • Introduced CList::CountValues() to return the number of occurences of values for each column.
  • CWebService: Supports result rendering with printr (but without envelope data)

Revision 38

Baselined 2011-01-09

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • WARNING: ReadDirectory() now appends a training slash for directory entries (THIS MAY RENDER EXISTING CODE INCOMPATIBLE!)
  • CEntityManagerModule has been introduced and used in several maintenance modules.
  • WARNING: CItemManagerModule has been deprecated.
  • Added icon png file for "externallink".
  • Added generic output item "ICON" which draws a default styled icon element.
  • Wiki Element now supports the <pre> tag
  • Added unit test for element wiki and the wiki integration feature
  • ArraySort() now supports to maintain index associations and ordered numeric keys (makes use of sort() or asort() internally)
  • ReadDirectory() now supports sub directory recursion
  • Introduced IsDirectory() as a wrapper for is_dir()
  • Added test to check if there are bad white spaces in wdk source code file - which may lead to various issues that are _very_ difficult to identify.
  • Module maintenance/sessionmanager now supports option to invoke the session cleanup command
  • Module maintenance/sessionmanager now uses local resources for all displayed text
  • Module demo/databasedemoitemmanager has been replaced by module demo/demoitemmanager (which is based on CModuleEntityManager)
  • Module maintenance/sessionmanager now uses local resources for all displayed text
  • Module maintenance/datamanager is now based on CModuleEntityManager
  • Element wiki: A bug prevented a bullet list to be displayed if it was at the end of the wiki source. This has been fixed.
  • Element Form: Add the control type "readonly" which is basically a "static" control with a label.
  • Element Form: Add the control type "datetime" which covers date and time input in one control.
  • Columbia has been added to the list of supported countries
  • Flag icons have been added for all supported languages
  • Layout framework files are now also loaded from assemblies

Revision 37

Baselined 2010-12-14

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • Introduction of the Developer Tools area: A new submenu and several content files have been added. Please note: The Element Gallery is no longer part of the maintenance area but has been moved to the devtools area. The devtools content files require the "devtools" condition to be set und the "devtools" resources to be loaded.
  • The Wiki Element now supports wiki style headers, bullet lists, numbered lists, italic and bold text format, as well as internal and external links.
  • The content class now also loads *.txt files and assumes that they contain wiki syntax and sends their contents into the Wiki Element.
  • Module cms/contentbrowser did not render the filtered list properly under php 5.2.14. Issue has been fixed.
  • Introduced CDatabaseEntityWebService. This class encapsulates the generic support of list, add, set, get commands for configurable database entities.
  • CDatabaseWebservice now only supports the actual database wrapper - it does no longer contain entity support functions.
  • CDatabaseEntityWebService::CommandList() had a bug when using "contains" or "in" filter operators. Bug has been fixed.
  • CWebservice::CallbackCheckParam() has been introduced. This callback function is called for each given parameter.
  • GetDateLocalFormat now delivers the correct date format for GBP, ESP, FRA, and the USA.
  • CUnitTestURL now supports to check an array of regular expression, too.
  • Fixed a bug that prevented static images to be provided properly (Caused by whitespaces in one of the include files).
  • Introduced TweakURL(). This function converts incomplete URLs into valid URLs. E.g. it adds "http://" if the URL string starts with "www.".
  • Renamed wdk_http.inc to wdk_url.inc
  • CListElement and CNumberedListElement did not manage empty arrays properly. This has been fixed.

Revision 36

Baselined 2010-10-11

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • WARNING: Webservice system/scheduler: DATABASE DESIGN CHANGED! TIMEOUT_SECONDS field has been added.
  • WARNING: String* functions no longer do UTF-8 conversion as this turned out to be too slow. Strings must be converted to UTF-8 before using WDK String functions.
  • Test wdk/wdk-w3c has been set inactive because the validator.w3c.org website seems to not realiable enough for continual testing. The test should only be used after layout changes have been put in place.
  • CWebservice::CallbackInit must be implemented and the parent function must be called.
  • CWebserviceDatabase::m_db has been renamed to CWebserviceDatabase::m_database
  • Hardened GetDataArrayFromCSV() against erroneous and empty line input.
  • Optimized ReplaceString() and FindString()
  • Introduced StringLength()
  • StringSlice() and StringGlue() are now UTF-8 ready
  • str_replace() has been replaced by ReplaceString()
  • ReplaceTagsWithStrReplace() has been renamed to ReplaceTagsWithReplaceString()
  • Fixed a rendering defect in CWebsite::RedirectAtOnce()
  • Fixed a defect in system/test TestRun command: If no database support was configured a syntax error occured.
  • Moved CWebsite and CWebservice specific profiling code into CWebApplication. Introduced CWebApplication::Profiling*() functions.
  • CUnitTest now always displays profiling information
  • Added profiling information in CWebserviceConsumer class for the request and the output parsing parts
  • Peformance of ReplaceTagsWithReplaceString() has been improved
  • Introduced CStopWatch::GetTotalSeconds(): The stopwatch can now resume (by calling Start() after Stop() and GetTotalSeconds() will return the total number of seconds passed during all Start/Stop phases until Reset() is called.
  • CWebApplication now also displays the total seconds passed during webservice consumption
  • Introduced ReplaceStringOnce[IgnoreCase]() which replaces only the first occurence of the needle.
  • Document type specific cleanup has been removed. Replacement of "/>" to ">" anymore.
  • Module user/login has it's own resource file. Some text IDs have changed. A recommendation is made to review existing text items overriding res files.
  • Introduced StringSection() as a UTF-8 aware wrapper for substr. Replaced all usage of substr() and mb_substr() in wdk source code except wdk_string.inc
  • Introduced StringLowerCase() and StringUpperCase() as UTF-8 aware wrappers for (mb_)strtoupper() and (mb_)strtolower()
  • Introduced CContent::CallbackGetRequiredConditons(): The callback function returns an array with conditions as keys and the ids of error message to be displayed if the condition is not set when loading the contents.
  • Introduced CUnitTestURL and TestURL() which supports to check an URL based on a list of expected and a list of unexpected string patterns. The TID check test is now using this class.
  • Class CModuleItemManager is on the way to deprecation. The include file is renamed to wdk_module_itemmanager_vintage.inc.
  • New class CItemManagerModule created but not yet completed. The new class name avoids naming inconsistencies.
  • Improved CContentManagerModule: The module can now be used to display only the tag cloud and link to another content.
  • FileRead() converts the result directly into UTF-8
  • LoadNamedArrayFromTextFileMultiLine() converts the result directly into UTF-8
  • CWebsite::ReplaceGenericOutputItemTags() is now UTF-8 aware
  • Module cms/contentbrowser support the global config setting "csvformat" to determine the preferred csv file format (classic or Excel)

Revision 35

Baselined 2010-07-01
  • Introduced RenderTimeNow()
  • Added test for RenderDateTimeNow(), RenderTimeNow() and RenderDateNow()
  • Introduced StringWordWrap() as a replacement for PHP's wordwrap function. wordwrap() does not support UTF8, StringWordWrap() does.
  • StringCutOff() now uses StringWordWrap() instead of wordwrap().
  • Element Console layout has been repaired. IE used to misinterpret wrapped text on a random basis while processing css 2.1 attribute "white-space: pre-wrap".
  • CWebService will only try a second time to execute the system/log webservice if the first attempt failed.

Revision 34

Baselined 2010-05-23
  • WARNING: Webservice system/scheduler: DATABASE DESIGN CHANGED! The JOB_NAME field is now unique. add and set commands will fail if an occupied name is supplied.
  • Module maintenance/schedulermanager: Adding a job failed if the url comtained an &-sign. This has been fixed.
  • StringEncodeUTF8() can now cope with mixed strings which contain ISO-8859-1 and UTF8 characters. PHP function utf8_encode() is no longer used.
  • u() is renamed to StringEncodeUTF8() and u() is now an alias for StringEncodeUTF8()
  • StringEncodeUTF8() is now safe for strings with only one non-ansi character - as a result ReplaceString() and ReplaceStringIgnoreCase() are now also unicode-safe. This was a symptom of a bug in mb_detect_encoding().
  • Introduced StringXMLEntities() which converts non-ASCII characters into XML entities
  • Introduced StringHTMLtoXMLEntities() which converts non-ASCII characters AND existing HTML entities into XML entities
  • Introduced StringHTMLAddEmbracingTags() and StringXMLAddEmbracingTags()
  • CHighlightElement now works properly due to utf-8 safety of new "add embracing tags" functions
  • CThumbnailImageElement now also works if active scripting is deactivated
  • CWebsite now also outputs profiling information in trace output. Please note: profiling info contained in trace is not the same as in the html comment. This is because adding trace output to the html output is a operation on its own.
  • Introduced StringCutOff() to cut off strings at a given position considering word wrapping.
  • Introduced the test translation/tidcheck to make sure that no untranslated text identifiers are on the root url of the application.
  • Introduced CModule::GetModuleVarNameState as an alias for GetModuleVarName("state")
  • SendMail() has been improved: Sender name and subject now support utf-8 strings, the line break before the first body text line has been removed
  • SendMail() now supports CC and BCC recipients
  • SendMail() now supports empty sender names and subject lines correctly
  • SendMail() NO LONGER ACCEPTS COMMA SEPARATED RECIPIENT LISTS. Use a string with a single email address or an array of strings instead.
  • Several html errors in element layout files have been fixed
  • Introduced RegExpMatch() as a wrapper for regualr expression matching functions
  • CWebsite: Session initialization is now done BEFORE assemblies are initialized. This enables to include or not include assemblies in the assembly line based on session stored variables.
  • CSV related functions are now UTF-8 safe
  • HtmlEncode() now also converts selected bbcode entities into html ("[br]" only at the moment)
  • Module maintenance/testmanager: Added tool bar option to re-test all failed tests at once (by executing the webservice in a new window)
  • Module maintenance/testmanager: Added alphabetical sorting for assembly, site, and group id dropdowns
  • Webservice system/test: command testlist can now combine status filter option and the dotest option (this was required for the new re-test failed tests option the the testmanager module)
  • Webservice system/test: if no database support was activated, the install command tried to establish a database connection anyway. This can cause errors if no database config is supplied. This has been fixed.
  • Webservice system/test: Added support alphabetical sorting for site, assembly, and group lists
  • Webservice system/test: Added support for retry interations in case of REQUESTERRORs for the test run command. The number of retries can be configured.
  • Webservice system/user: Added support for LASTAUTHENTICATION_DATETIME where the date and time of the last successful authentication attempt is stored.
  • Webservice system/test now ignores test group directory names and test file names that do not match CHARSET_TESTID (lowercase, dash, and digits).
  • Module maintenance/usermanager: Added support to set a user's password
  • Introduced MakeUniqueToken(): The function creates a numeric token which does not conflict with a given haystack and an array of other given token
  • ExplodeCSV() has been rewritten to support whitespaces between a quotes and separators and to be ignored character noise after an ending quote and the next separator
  • CInstaller::TestAll() now also considers tests that report request errors and as a result the installation fails
  • Introduced ShellEscapeArgumentString() as a replacement for the php escapeshellarg function which is obviously unable to deal with UTF8 strings or ASCII string containing umlauts in PHP 5.2.6. STRONG ADVICE: DO NOT USE escapeshellarg! ALWAYS use ShellEscapeArgumentString INSTEAD! Explanations in escaping can be found here: http://www.grymoire.com/Unix/Quote.html
  • CWebsite::GetDataFilePath() has been fixed.
  • The test wdk-encryption/encryption-symmetric has been split into 2 test scripts as sometimes the production took more than 30 seconds (whihc is used as a threshold for http requests)
  • Introduced ParseURL() to encapsulate php's parse_url()
  • Introduced ParseURLParameters() to encapsulate php's parse_str()
  • ReadFileCSV() now checks if the file exists before it tries to read it via file_get_contents. This avoids on screen error messages for non-existent files.
  • Introduced MakeHash() as a wrapper for sha1()
  • Moved MakePasswordHash(), MakePasswordHashSeed() into wdk_hash.inc. Please check your includes of "wdk_random.inc".
  • Trace was deactivated due to erroneous session data handling. As a result trace output was only generated if trace=1 was explicitly set via parameter. Bug has been fixed.
  • Introduced CWebsite::GetSubmitVar(). GetSubmitVar() returns the value passed with a submit button. A submit button generated using CFormDefinition::AddControlButtonSubmit() / CFormElement::RenderControlSubmitButton() will add the optional value to the value tag and as a comment into the button's inner area. GetSubmitVar extracts this value while considering differing behaviour of IE8 and FF3.
  • Introduced StringGetFromEmbracingTags() to extract a string that is embraced by a start and an end tag.
  • Introduced FileRead() as a wrapper for file_get_contents().
  • Introduced DownloadFileAndExit() to send files to a browser and exit script execution.
  • Introduced CWebsite::DownloadFile() and ::IsDownloadFileSet() to support file downloads from within the regular execution of CWebsite. The File Download is done after session writing instead of the actual website output. However, the complete website functionality including all modules are executed but remain invisible if a file is set for download.
  • Introduced RenderDateNow() to display current date in ISO format right away.
  • Introduced CheckEnvironment() to verify if all environment functions have been defined (in env.inc). The function is used in CWebsite::_construct().
  • Renamed Now() to GetTimeNow()
  • CWebService::CallbackInitCommandDefinition() must be called in derived member functions
  • CWebService::CallbackInitParameterDefinition() must be called in derived member functions
  • CWebService::SetError() now supports a parameter to override a previous error code.

Revision 33

Baselined 2010-02-17
  • SendMail() now removes ",<>" characters from sender names to avoid invalid mail headers to be generated.
  • SendMail() now fails with false if an invalid sender email is supplied.
  • CNavigationTree::AttachNavigationTree() now properly adds menu item levels in case of simply adding an included menu tree to the current end of the menu tree.
  • ReadDirectory() now uses ArraySort() instead of sort()
  • Webservice system/test alert mail now contains the date and time of the last execution of non-passed tests

Revision 32

Baselined 2010-02-08
  • CWebservice::SendMailToAdmin() message parameter can now be withheld.
  • CTagCloudElement: Division by zero bug if all tags have the same weight has been fixed.
  • Introduced CDownloadLinkElement for rendering file download links.
  • ReplaceTags now checks if the arrayTags parameter is really an array.
  • Introdcued CUnitTest::RequireWebservice() The functions checks if the given webservice has been configured, and if not deactivates the test.
  • CEventDispatcher::UnregisterEvent() has been removed for the time being as an incompatibility has been detected to PHP 5.2.6 when using array_diff
  • GetDateTimeNow() has been renamed to RenderDateTimeNow()
  • Now using Now() wherever time() has been used

Revision 31

Baselined 2010-02-01

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS
  • All test scripts no longer include env.inc and wdk_unittest.inc by themselves. Test scripts must be included by the CUnitTestHub. This allows to situate the /_source folder in subfolders of the DOCUMENT_ROOT folder.
  • Module maintenance/webservicemanager now only shows "local" tests for the selected webservice.
  • Webservice system/test: Counting of test executions was always adding 2 instead of 1.
  • Webservice system/test: A single test may now run for 30 seconds instead of 15 before it is reported as UNDEFINED.
  • CIconElement: HtmlEncode() is now also used on the image URL
  • CUnitTest now creates the instance of the test by itself. So the test script is no longer required to create the instance. Remove "$test = new CTest();" from the test script!
  • CWebsite::GetSessionAwareArrayVars() now als returns the current content parameter. This is to make sure that links which do not explicitly contain the target content work if the content id changes within the session after a page has been loaded (for example by requesting a page in another browser window with the same session id)

Revision 30

Baselined 2010-01-24

WARNING: PLEASE READ THE VERSION HISTORY CAREFULLY. EXPECT INCOMPATIBILITIES TO PREVIOUS VERSIONS!
  • The "core" assembly is deprecated. All modules, content files, navigation trees, and resources of the core assembly are now part of wdk itself. It might be required to remove the "core" assembly from the assembly line in the OnInitAssemblyLine() function of your website class.
  • Introduced CUnitTestHub which is a derived class of CWebApplication. It serves as a hub to unit test scripts which reside in assemblies now. Please add an index.php in <ROOTURL>/quality/ of your web application system to provide access to test scripts within your assemblies. Refer to /templates/testhub/readme.txt for more details.
  • Webservice system/test has been completely refactored. Test results are now stored in a database. The new command "testrun" will re-execute the oldest tests based on a test run configuration. New scheduler jobs need to be setup, install command must be executied after migration. Please also refer to the webservice's documentation for details.
  • Replaced the function ExplodeCSV: The previous version did not handle quoted values properly.
  • GetDataArrayFromCSV() now also deals with CRLF files
  • The "default assembly" is now called the "root assembly"
  • Introduced function Now() which returns the current time stamp using microtime(true)
  • ReadDirectory() now returns an alphabetically sorted file/folder list
  • CDatabase::Query() used ResourceToArray to convert the result handle into an associative array if the query string contains "SELECT " or "SHOW ". Now it only does this if the query begins with one of these patterns.
  • Scheduled jobs may run for 180 seconds (60 seconds was the default set in HttpRequest())
  • CItemManager::SetFilterOptions() has been renamed to SetFilterOptionsForm()
  • CItemManager::SetTabNavigation() has been renamed to SetColumnsTabNavigation()
  • Introduced CItemManager::SetFilterOptionsTabNavigation()
  • CList::Filter() has been extended to support the "in" operand
  • MakeSQL_Insert() now supports ON DUPLICATE KEY UPDATE syntax correctly.
  • CDatabase::Query() now supports multiple commands in a query
  • Introduced MakeSQL_Assignment(). The function create a part of an SQL statement of the form FIELD=VALUE. It uses MakeSQL_Value() internally and support special expressions like "++" to form an increment statement.
  • Module Webservice Manager now creates an "install" command link instead of "init" command

Revision 29

Baselined 2009-12-21
  • CWebsite::RenderWebsite() now replaces output items five times (also after managing generic output items)
  • Introduced ConvertToDateTime() to convert any date/time representation string into the ISO date/time format

Revision 28

Baselined 2009-12-20
  • Introduced CWebsite::RegisterGenericOutputItem and CWebsite::CallbackRenderGenericOutputItem (CWebsite::CallbackReplaceGenericOutputItemTags is deprecated)
  • Introduced CTagCloudElement
  • Introduced CThumbnailImageElement
  • CDatabaseWebservice: Added support for filter operator "in"
  • CModule::GetModuleVarName(), CWebsite::GetVar(), and CWebsite::GetVarInsecure() now check if the var name is correct by using CWebsite::CheckVarName(). A fatal error is produced if not.
  • Introduced IsFile() and DeleteFile() in wdk_filesys.inc. These functions are wrappers for is_file and unlink in the first place. However, they might use different means for cases where is_file and unlink don't work as expected.
  • CXMLElement::Parse() frees some memory during the interpretation process by using unset()
  • Introduced CAsymmetricEncryptionEngineGPG as one implementation of IAsymmetricEncryptionEngine. It wraps the use of gpg for creating key pairs, encrypt and decrypt messages. It requires the php safe mode to be deactivated.
  • HttpRequest now supports defining a request timeout (defaults to 60 seconds)
  • CWebserviceConsumer allows a webservice a timeout of 180 seconds. This might become configurable in the future.
  • Webservice system/test will timeout all test requests after 15 seconds
  • CWebsite::RenderNumber() and CWebsite::RenderCurrency() now return empty strings if $fValue is null or an empty string
  • CWebsite::RenderCurrency() uses LoadString to include the currency symbol
  • Introduced CInstaller::TestAll()
  • CWebService will not call CallbackLog if "nolog" config is set to true.
  • TID_METAKEYWORDS_DEFAULT is renamed to TID_META_KEYWORDS_DEFAULT
  • TID_METADESCRIPTION_DEFAULT is renamed to TID_META_DESCRIPTION_DEFAULT
  • One time parameters (command, password, username) are no longer added to links in non-session mode

Revision 27

Baselined 2009-11-08
  • Introduced ArraySort() to avoid accidental use of sort() which does not maintain associative array keys
  • Added country and currency support for Canada, Switzerland, Sweden, and Japan
  • Tag replacement functions have been moved from wdk_hardcore.inc to wdk_string.inc
  • GetRequestURL() has been moved from wdk_hardcore.inc to wdk_http.inc
  • MakeDocType() has been moved from wdk_hardcore.inc to wdk_html.inc
  • GetAttributeFromXMLTag() has been moved from wdk_hardcore.inc to wdk_xml.inc
  • FileAddText() has been moved from wdk_hardcore.inc to wdk_fileio.inc
  • ArrayAppend() has been reimplemented as a wrapper for array_merge
  • GetBoolValue() will now return true for arrays with at least one element, false for empty arrays
  • SetTimeLocaleByLanguage() has been deprecated
  • RenderDateTimeFormat() now accepts a country parameter
  • Introduced GetAllLocales() to get a multi-dimensional array with all locale ids and the mapping for supported languages per country
  • Introduced GetLocale() to get the locale id for a specific combination of country and language
  • Introduced GetLocaleSettings() get selected local formatting information (wrapper for localconv)
  • Introduced GetCountriesByLanguage() to receive all country which support the given language
  • GetTopLevelDomain() and GetSubDomain() have been moved to wdk_domain.inc
  • CParameterDefinition now allows unlimited charsets
  • Introduced CWebsite::AddHeader() to add additional lines in the html <head> tag
  • CWebService::SetResultValue() always uppercases all tag names
  • CFormElement uses the label tag for checkboxes and radio buttons, too
  • CFormElement provides specific error messages if CFormDefinition::IsValid() fails
  • CConsoleElement() does support word wrapping (75 characters) and the "additional new line" bug has been fixed
  • MakeNumericToken(), MakePasswordHashSeed(), and MakePasswordHash() moved to wdk_random.inc
  • wdk_encryption.inc is renamed to wdk_encryption-symmetric.inc

Revision 26

Baselined 2009-10-30
  • CWebsite performs utf8 encoding of the final output string only if the output string is not already utf8 encoded
  • Added function StringFilter to remove characters that are NOT part of a filter definition string
  • Renamed SaveNameArrayToTextFile() to SaveNamedArrayToTextFile()
  • Added function MakeID to convert user friendly names to IDs (compliant to CHARSET_TEXTID)
  • Webservice Log: Replaced calls to strftime by RenderDateTime()
  • Introduced SetTimeLocaleByLanguage() and GetTimeLocale()
  • RenderDateTimeFormat now accepts a language parameter

Revision 25

Baselined 2009-10-09
  • Introduced RenderDateTime, RenderDate, and RenderTime / DateTimeFormat, DateFormat, TimeFormat have been deprecated.
  • Introduced CWebsite::SetCountry and CWebsite::GetCountry
  • Introduced CWebsite::RenderDateTime, GetDateLocalFormat, and GetTimeLocalFormat with corresponding callback functions to override default behaviour
  • Introduced GetDateTimeLocalFormat, GetTimeLocalFormat, and GetDateLocalFormat (but yet without any real country specific format coverage)
  • Introduced CWebsite::SetTimezone and CWebsite::GetTimezone, var "usertimezone" is deprecated
  • DateIsValid and DateTimeIsValid renamed to IsValidDate and IsValidDateTime
  • Introduced CModule::GetModuleConfigBoolean()
  • CLinkIconElement: Encoding of icon url was missing. This caused HTML validation errors.
  • CWebsite: m_bCallbackInit member variable was missing.
  • CWebsite: Introduced CallbackRenderGenericOutputItemTags
  • SendMail function did not work with comma separated multiple email recipients. This has been fixed.

Revision 24

Baselined 2009-08-14
  • SendMail had a logic to replace "=" by "== ". This addition has been made to mitigate regression issues which started to appear when the quoted-printable header was introduced. After removing the quoted-printable encoding this effect went away.
  • SendMail now sends the sender's mail in the Return-Path header. This avoids false spam filtering.
  • Introduced CWebsite::UserNameInputCorrection - This function invokes CallbackUserNameInputCorrection to rectify user name inputs. The default implementation converts to lower case and removes whitespaces at the beginning and the end.
  • IsEmailValid no longer accepts commas and other special characters
  • CWebsite / CUsersWebSite: Introduced session deletion when user is logged out
  • Updated default layouts for different linkicon styles: Using empty alt attribute and providing the tooltip in the title attribute instead.

Revision 23

Baselined 2009-07-31
  • CDatabase::GetError() renamed to CDatabase::GetErrorText()
  • Introduced CDatabase::GetErrorCode()
  • Introduced CWebsite::UserCheckName() - This function invokes a callback function that checks the validity of a provided user name.
  • Introduced CWebsite::GetWebsiteTitle()
  • Introduced CWebsite::GetWebsiteDescription()
  • Introduced CWebsite::GetWebsiteKeywords()
  • CWebsite now loads "wdk" resources before content rendering and "default" resources after that. This ensures that the default resource file can override wdk and module resources.
  • Introduced CUserWebsite: LogArray to add log entries with details supplied as a array
  • Introduced CUserWebsite: LogUserAction to log user related events. Fields "operatinguserid" and "opertingusername" are automatically added to the details array.
  • CUserWebsite::CallbackUserLogout now returns true instead of false
  • CWebsite::UserDelete now checks if the currently logged in user is to be deleted. If so the user is logged out before deletion.
  • CUserWebsite::CallbackUserDelete now checks for errors and returns true or false
  • CWebsite::UserLogout now returns true or false depending on success
  • CWebsite::UserAuthentication now returns true or false depending on success
  • CUsersEncryptionWebSite::CallbackUserLogout now returns the result of its parent call.
  • CWebsite::GetAuthUsernameVar() added
  • CXMLElement::Parse: Memory usage optimization
  • CLinkIconElement: Now using CWebsite::GetLayoutImageURL function
  • CIconElement: Now using CWebsite::GetLayoutImageURL function
  • CMailIconElement: Now using CWebsite::GetLayoutImageURL function
  • CAssembly::GetResourceFile() function name rectified
  • CAssembly::GetFormLayoutFilePath() now supports fallback to default layout
  • Tab Navigation layout file now uses transparent background color

Revision 22

Baselined 2009-06-20
  • WARNING: Element Highlight cannot be used with input text containing html entities!
  • Webservice system/user: User names now must not start with a blacklisted name, too. So e.g. "badname22" does not work either.
  • CWebservice: Fixed a bug in Install_AddScheduledJob which led to the "?" missing in scheduled job URLs
  • CWensite: Bugfix: The event trigger for changing user passwords did not send the correct new password to the event handlers. As a result, the assembly callback function could not work properly.
  • CWebApplication: The constructor now initializes the time zone to "UTC"
  • CWebSite::UserLogin now returns true if the authentication was successful.
  • CWebservice: Renamed tag from REQUEST_TIME to REQUEST_DATETIME and RESPONSE_TIME to RESPONSE_DATETIME
  • XML Parsing and Rendering functions are now utf-8 aware
  • XSS prevention: SecureOutput does no longer decode utf-8 strings
  • webservice system/test: alertmails now only contain test output of failed tests (hence all other internal trace output is removed)
  • SendMail now supports UTF-8
  • Introduced utf8 conversion function: u($str). The function converts a non-UTF-8 string into UTF-8 while considering existing UTF-8 encoding.
  • MakeSQL_Value is changed to strictly escape all quotes. This avoids a sql injection vulnerability but it also renders sql statements in which '-quotes are used intentionally impossible. A trade off we can live with.
  • CUnitTest: Now includes it's own url in the test output
  • CUnitTest: Does no longer send Content-type: text/plain - as a result, IE displays the text, but without line breaks
  • CModuleItemManager: Introduced function GetItemModuleVarsInsecure()
  • CWebserviceConsumer: Introduced GetResultListInsecure() function
  • w3cValidate* functions now return "PASSED", "FAILED", "UNDEFINED" if the w3c validation service does not yield a defined result.
  • Renamed wdk_security.inc to wdk_encryption.inc
  • Renamed wdk_xss.inc to wdk_websecurity.inc
  • Introduced wdk_html with HtmlEncode and HtmlDecode functions
  • MakeDocType no longer supports the encoding parameter. All Output is utf-8 - always!

Revision 21

Baselined 2009-04-30
  • w3cValidateURL now uses HttpRequest (curl)
  • CWebservice: Callback_LogWebservice no longer uses GetWebserviceURL to obtain the log webservice url. The id is used instead which makes the way clear for accesscode to work.
  • CWebservice: Introduced Install_AddScheduledJob for use within the CommandInstall function. This function is a accesscode aware wrapper to the system/scheduler webservice.
  • CWebservice: An email is now issued if the webservice is called with an invalid access code.
  • CWebsiteSatellite: GetConfig now supports sub arrays (It did not before).
  • Webservices: Source code of system/* and demo/* webservices has been moved into the wdk assembly.

Revision 20

Baselined 2009-04-08
  • Introduced CAssembly and CAssemblyLine classes to support runtime selection of layout, content, navigation, and source code files.
  • Added GetQualityDir function to global env functions
  • CModule: Renamed "module name" to "module path" because the term better reflects the path character (within an assembly) of the value.
  • Introduced SecureOutput function (which is used by GetVar and its derivatives) to protect against xss issues by utf8 decoding and converting to html entities. Also introduced GetVarInsecure (and derived functions) to enable overriding.
  • Introduced CWebApplication::TraceArrayInsecure to avoid accesscode filtering from tracelogs if required.
  • CDatabaseWebservice: multiple filters can now be applied to the same field
  • Renamed class CInit to CInstaller and changed names of callback functions
  • Renamed generic "init" command for webservices to "install"
  • Added InstallWebservice and AddUser functions to CInstall class
  • Introduced the concept of log entry severities
  • Added GetSystemEmail and GetSystemEmailSenderName functions to env.inc
  • Standardized system email sender names
  • Element ItemManager: If a tab is not associated to any column, it will not be displayed.
  • Added GetOperationMode to env.inc. The function is supposed to return either "normal" or "readonly" to indicate whether database write access is possible. Database write access could be denied during maintenance slots or in a drbc scenario when a secondary database is used to recover from a primary database outage.
  • CList::Sort uses eval to invoke array_multisort. A theoretical code injection attack is now impossible.
  • HttpRequest is not completely curl-based. Mode "get" used file_get_contents previously.
  • Added DatabaseLockTable and DatabaseUnlockTables to CDatabaseWebService
  • Fixed a bug in CDatabase::LockTables that caused tables not to be locked (this should heal the system/log webservice race condition)

Revision 19

Baselined 2009-02-27
  • Added version to webservice trace output.
  • Function CallbackGetMessage is now deprectaed. Please remove it from your derived CWebSite classes
  • Introduced CStopWatch class and using it in CWebSite and CWebService to measure runtime
  • Removed microtime_float function as it is no longer required in PHP5
  • Introduction of CMessageStackElement, refactoring of message handling within CWebSite
  • Introduced XSS Protection mechanisms:
    • GetVar, GetParam, GetResultValue (and related functions) now use htmlentities.
    • Parameters with invalid names are dropped.
    • CUnitTest does not allow any parameters.
  • CDatabaseWebservice does no longer return -1 for current offset if the returned list is empty. It now returns 0.

Revision 18

Baselined 2009-02-24
  • CWebSite / CUserWebSite: Refactoring of UserAuthentication and introduction of UserInit. The change fixed issues around the initial authentication and privilege elevation process after and post login. This removes the symptom of privilege-dependent items not showing up until the next click after login.
  • CUnitTest::SetVerbose also controls ::SetTraceActive which indirectly tells all consumed webservices to activate tracing.
  • MakeSQL_Value now supports NULL values.
  • CFormElement now supports control ids that link labels to their respective input fields.
  • CWebService: renamed "INPUT" reflection xml tag to "REQUEST", "URL" is renamed to "GET" - this is to prevent IE to interpret the xml webservice output as html, since "input" seems to be an indicator to ie that this is a html form.
  • CWebsite: MakeLink and MakeProtocolLink now support the "bEncoded" parameter to define whether a link should use html character encoding
  • CWebsite: Introduced EnforceHTTPS function. This will RedirectAtOnce if https is supported while keeping the current request parameters.
  • CModule: Modules can now store their default layout files in the "layout/" subdir of the module dir
  • Introduction of CPasswordPolicy class and CPasswordPolicyElement
  • Extended ArrayGetValue and related functions by 3 additional levels
  • Support for canonical link for Google (and other search engines)
  • Support profiling in CWebsite based applications
  • CWebApplication::TraceArray: The key "accesscode" is set to "*" recursively before the array is added to trace output. This avoids trace output driven security leaks.
  • Added new function ArraySetValueRecursive

Revision 17

Baselined 2009-02-02
  • Warning: Revision 17 contains numerous class interface changes. Applications based on Revesion 16 or earlier have to undergo significant change in order to migrate to Revision 17.
  • Output items no longer use XML style: "<ITEM/>". Braces are used instead: "{ITEM}"
  • CWebsite::CallbackInit is now responsible to handle "commands" to the website. By default it supports the "login" and "logout" command.
  • CWebsite::CallbackInit will cause a fatal error if it does not return true.
  • Element Navigation: Major Refactoring. CNavigationTree and CNavigationElement have new interfaces
  • Element Form: RenderForm* functions now require an additional parameter to contain the actual values of the controls. The existing parameter in the AddControl* functions is now redefined as the default value. This enables to do to error checking, to transfer values via CModule::GetAllModuleVars, and reuse of form definiton for add and modify use cases.
  • Element Form: AddControl* functions require an additional parameter id as the first parameter. The id is used to identify tags in an individually rendered form.
  • Element Form: Supports error display for each individual control
  • Abstract classes are now marked as such
  • CWebSiteSatellite::m_website is now private. Added CWebSiteSatellite::GetWebsite().
  • SendMail function now supports attachments
  • Refactoring of Login/Logout functions. Renamed functions to obey new nomenclature: User* and CallbackUser*.
  • Modules are now organized in a two-tier structure (grouped). CWebSite::IncludeModule expects module names like "group/id" and verifies the name and path.
  • Fixed bug in the Error function implementation
  • CWebsiteSatellite now maintains its own output item array. Elements and modules have been migrated to avoid using ReplaceTags directly.
  • CTest class is deprecated. All test scripts must use CUnitTest.
  • CWebService: All result values are now stored in an associative array before converted into the xml tree. The Use of native XML functions by webservice implementations is deprecated.
  • CWebService: csv renderer is deactivated for the time being unless completely implemented
  • CWebserviceConsumer: Exclusive use of associated array for result data structures.
  • Introduced template scripts to the WDK repository
  • Added template for test script for webservices
  • DateIsValid and DateTimeIsValid now use checkdate for date validity checks
  • CParameterDefinition::IsValid function added and used in CWebservice
  • CParameterDefinition::CheckParams now considers date/datetime min/max values
  • Introduced CDataContainer
  • Introduced CConfig
  • CWebserviceDatabase uses database config from the array instead of loading it by itself.
  • Introduced Event Dispatcher pattern
  • CWebsite and CModule uses the dispatcher pattern to implement a post init, pre command event trigger for "registered" modules.
  • Webservice system/test: Improved job execution error mail
  • XML_* functions are now deprecated. Use CXMlElement class. CWebservice and CWebserviceConsumer classes have been updated.

Revision 16

  • Added FatalError function
  • Added generic access code support to webservices
  • CWebServiceConsumerWebApplication supports the webservices directory config tree
  • Introduced CUsersEncryptionWebSite to support session stored secret payloads for encryption purposes (and renamed CServicesWebSite to CUsersWebsite)
  • Introduced the use of __construct instead of class name style constructor functions
  • Introduced generic support for multiple list comamnds in database based webservices
  • Introduced Tab Navigation Element
  • Added tab groupings to itemmanager
  • XML_ElementSetRecursiveArray now supports numeric keys in arrays

Revision 15

Baselined 2008-10-15
  • Added function HttpRequest
  • CallbackInit in CWebservice
  • SortOption element introduced
  • ItemManager element introduced
  • IconElement introduced
  • CallbackInit in CDatabaseWebservice based system webservices is moved to CDatabaseWebservice
  • Filter and sorting parameter naming scheme updated
  • Added toolbar config array and IsToolVisible function to CModule
  • Introduced init framework (similar to unit tests)
  • Bugfix in wdk_mysql.inc: table name was not always quoted which ked to problems if table names contains a dash
  • Added documentation on development process model, and included webservice, module, and element checklists to wdk.txt

Revision 14

Baselined 2008-09-28
  • webservices: replaced the "performance" tag with a new "profiling" tag including RUNTIME_SECONDS and MEMORY_USAGE in byte.
  • Added third level of text id replacement
  • webservices now support a default CallbackCommand function for unified error handling of missing function implementations.
  • CUnitTest class added: A class representing a unit test script based on the CWebApplication class. The new CUnitTest class deprecates the existing CTest class. CTest is going to be removed from WDK in upcoming versions.
  • m_arrayConfig and m_arrayMeta are now members of CWebApplication
  • Revisied the webservices naming scheme. The internal name of the webservice now contains the "subdirectory" in which it is situated.
  • Introduced GetWebservicesDirectory function as a replacement to the previous global GetWebserviceURL function

Revision 13

  • Adapted the string to identify a successful w3c validation check
  • Added function GetCurrentURL to CWebservice
  • Switched to UTF-8 character encoding for websites and webservices
  • Added META tag in webservice output
  • Refactoring of PARAMETER tag in webservice output / added INPUT tag
  • Added CallbackSpecialContent to CContent class (e.g. to support authentication checks)
  • Added currency support to WDK
  • Added utf-8 encoding for all output

Revision 12

  • Refactoring: Content is now represented by a class
  • website config: language ids are now checked against a subset of ISO 639-2 Alpha 2 codes (refer to http://www.loc.gov/standards/iso639-2/php/code_list.php)
  • parameter "language" is now supported
  • Support for country ids added
  • Support for timezone ids added
  • country and language ids are all uppercase now

Revision 11

  • minor improvements

Revision 10

  • Added test class
  • Added toolbar element
  • Fixed a bug in the MakeProtocolLink function
  • PrepareContent considers now changes in the current content issued in CallbackPrepareContent
  • More new features and improvements

Revision 9

  • First baselined version