===============================================================================
=        LuxCal Development Notes  - produced by Roel - www.luxsoft.eu        =
===============================================================================

=== This file lists all changes since the start of LuxCal V5.3. It contains ===
=== the files affected by the change and a short description of each change ===

Change log - version 5.3.0
==========================

IMPORTANT: >>>> MINIMUM PHP VERSION REQUIRED: 7 <<<<

New features / improvements:
01. header.php, eventform1.php, dmarkform1.php, settings.php, ai-{lang}.php, 
    empicker.js, emoji.js: When enabled on the Settings page, in the Event and 
    Day Marker windows an emoji picker can be opened, which can be used to add 
    emojis to the title and description fields.
02. messaging.php, settings.php, cronjob scripts, language files and others: 
    The event notification system has been revised. In addition to email and SMS 
    notifications now also Telegram notifications are possible. Which service 
    for notification is used is now determined by each individual user, rather 
    than by the sending script. The user can select from the message services 
    enabled on the Settings page via which service to receive notifications. 
    The user can also select to receive notifications via more than one service, 
    for instance both via email and Telegram messages. For more details see the 
    admin_guide.html document.
02. toolboxx.php, index.php, account.php, login.php, users.php, ai-{lang}.php:
    To give certain users calendar access for a limited duration, an expiry date 
    for user accounts can be specified. To do so one needs manager rights or up.
03. toolboxx.php, categories.php, css.php, ai-{lang}.php: On the admin's Edit 
    Categories page you can now add a list with notification recipients to an 
    event category. When on the calendar an event is added, edited or delete in 
    this category, a notification will be sent to the recipients specified for 
    the category. If the event editor is part of the recipients list, he/she 
    will be excluded from the notifications to be sent. If the editor wants a 
    notification as well, he/she can check "send notification now" in the Event 
    window.
04. database.php. css.php: As background information, on the Manage Database 
    page a list with useful totals of database records is shown. Furthermore the 
    length of the date fields have been limited to 10 characters.
05. Settings.php, header.php, ai-{lang}.php: When not used the 'To approve', 
    'Upcoming' and 'Todo' side lists can now be disabled on the Settings page. 
    This will result in less database accesses and faster calendar load times.
06. settings.php, login.php, toolboxx.php, ai-{lang}.php: When specified on the 
    Settings page, a calendar logo will be displayed on the Log In page just 
    below the Log In dialog box. The height of the logo can also be specified. 
    The maximum width is 80% of the window width.
07. index.php, login.php, toolbox.php: The calendar can now remember multiple 
    user log ins from different devices. So for example when you log in from 
    your mobile phone and from your desktop computer, while in both cases 
    selecting "Remember me", the calendar will remember both log ins.
08. toolbox.js, header.php, ui-{lang}.php, css.php: When on the Thumbnails page 
    a thumbnail is clicked, a "Copied to clipboard" notification is shown for 2 
    seconds.
09. month.php: On narrow displays in Month view the "Previous year" and "Next 
    year" arrows in the navigation bar will float left and right respectively, 
    so that they are further away from the normal "Previous" and "Next" arrows.
10. settings.php, header.php, toolboxx.php: The settings specifying the view 
    buttons on the navigation bar for public and logged in users have been split 
    in settings for large displays and settings for small displays. This way the 
    admin can specify less buttons for small displays, so that the navigation 
    bar on small displays fits on one line.
11. thumbnails.php: On the Thumbnail Images page te Manage Thumbnails box has 
    been given a bit more padding and the Submit button is horizontally centered 
    now. Embellishment.
12. contact.php, css.php: The form on the Contact page has been redesigned. 
    Embellishment.

Technical issues (refactoring):
01. retrieve.php: Non-recurring events and recurring events are retrieved with 
    one single database query, instead of two separate queries. This results in 
    faster calendar load times.
02. retrieve.php, retrievc.php: Several code optimizations to speed up calendar 
    load times.
03. header.php: In the options menu, the entries in the calendar selection table 
    were enclosed in redundant <div>-tags. <div>-tags removed.
04. settings: On the Settings page, in the Events section, for the Event drag 
    and drop setting, the "enabled" radio button was followed by a stray '>' 
    character. Character removed.
05. many.php, toolbox.js: In the JavaScript "onclick", "onmouseover" code, by 
    using the back-tick character the code has been made more consistent, better 
    readable and less prone to interference with quotes in text strings.
06. display0-3: For the Displays, in the <script>-tags where the toolbox.js file 
    is loaded the calendar version number is added to the toolbox.js, to ensure 
    the loading of the last toolbox.js version.
07. eventform1.php, css.php: In the Add / Edit Event window, both Help question 
    mark symbols (Description and To) have been replaced by more discrete 
    question marks.
08. database.php: On the admin's Database page, the number of characters in the 
    date input fields has been limited to 10.
09. eventform1.php: In the list of sub-categories, the first entry (None) was 
    hard coded and consequently the same in all languages. It's now taken from 
    the language file (ui-<lang>.php).
10. heading.php: In all functions the unused global variables have been deleted.
    Just cleaning up.
11. messaging.php: Empty and duplicate entries are removed from the recipients 
    list, before the list is used to send notifications.
12. account.php: On the User Profile page, when a field contained an invalid 
    value, the field was reloaded from the database so that the user could not 
    see why the value was invalid.
13. toolbox.php: The regex $rxPhone updated, so that a mobile phone number must 
    start with a + or a 0 (zero) character.
14. exportUsr.php, importUsr.php: Both pages Import Users and Export Users have 
    been revised. The telegram chat ID has been added to imported and exported 
    files. Further changes: When exporting all users, the Public User is skipped. 
    When importing users, the error handling and reporting of the file to import 
    has been improved.
15. index.php, toolboxx.php, upgrade530.php (MySQL): LuxCal versions 2.7 - 3.2 
    are not supported anymore and have been removed from the upgrade procedure. 
    If someone is still using a version < 4.1 and needs help, LuxSoft should be 
    contacted.
16. settings.php: On the Setttings page, section Reminders - SMS, the validation 
    of the calendar phone number has been added.
17. toolboxx.php: In the saveSettings function, to avoid leading and trailing 
    spaces, the values are trimmed before saving them to the DB settings table.
18. heading.php, css.php: In the right upper corner, on the navigation bar, the 
    Log In link overlapped the Full Screen symbol and the User Menu was not 
    aligned with the User name.
19. thunbnails.php, css.php: The Thumbnails page was not responsive and did not 
    show correctly on a narrow screen device.
20. messaging.php: The current date and time have been removed from the header 
    in email notifications because it was redundant. The email client already 
    shows the date and time of email messages.
21. toolboxd.php (MySQL), toolboxx.php: To cope with emoji and other special 
    characters, for the MySQL version the database collation is set to utf8mb4.

Bug fixes:
01. settings.php: To check the current settings against the $defSet entries in 
    the toolboxx.php file, the 'short-ternary' operator was used instead of the 
    'null coalescing' operator, which could result in showing wrong check box 
    values on the Settings page, whilst the actual $set value was correct.
02. account.php: When updating the user profile data, the "User profile updated" 
    message was shown in the error message color, instead of the confirmation 
    message color.
03. upcoming.php: In the Upcoming view events could not be clicked anymore to 
    open or edit event details (due to nested single quotes). Solved.
04. toolbox.php, display0.php, lcsbar.php: Thumbnail images in the onmouseover 
    pop attribute could cause strange effects. In some PHP versions < 8.1 single 
    quotes were not converted to HTML entities because ENT_QUOTES was missing in 
    the htmlspecialchars PHP function.
05. login.php: When a user self registered or asked for a new password, the 
    confirmation message was not displayed with the "confirm" color background 
    (green).


Change log - version 5.3.2
==========================

New features / improvements:
01. None.

Technical issues (refactoring):
01. thumbnails.php: In the getTnList function, when using scandir, non-thumbnail 
    file names are directly filtered out.
02. toolboxd.php (SQLite): When using scandir, the preg_grep function is used to 
    get only valid database file names. Code optimization.
03. search.php, groups.php, importIcs.php: A stray </div> removed just before 
    the footer <div>.
04. changes.php: A stray </span> removed on line 57.
05. categories.php: On Edit Categories page: misplaced </td> tag on lines 93-95.
06. users.php: On the Edit User page a <label> tag was missing twice.
07. exportUsr.php: The confirmation message File created was displayed in the 
    error message color, but should be in the confirmation message color.
08. footer.php: The RSS link in the page footer is now only displayed on the 
    pages with a calendar view.

Bug fixes:
01. dtpicker.js: When on the Settings page the 12-hour time format (am/pm) was 
    selected, then, because of a variable scope problem, on the Add / Edit Event 
    page the time picker didn't work anymore.
02. toolboxd.php (SQLite), toolbox.php, toolsaaf.php: SQLite version only: To 
    cope with database IDs (= DB file name) containing uppercase characters, the 
    regex for the DB name should accept [\w-] characters (was [a-z0-9_-]). 
    Before calendar version 5.3 it was allowed to use uppercase characters in 
    the calendar name.
03. search.php: When using the Search function, clicking an event in the search 
    results to open the event does not work. Single quotes replaced by backticks 
    solved the problem.
04. changes.php: When opening the Changes page, clicking a changed event to open 
    the event does not work. Single quotes replaced by backticks (on line 29) 
    solved the problem.
05. matrixc.php, matrixu.php: When opening one of the matrix pages, clicking an 
    event to open it resulted in a blank Add Event window. Single quotes 
    replaced by backticks (on line 21) solved the problem.
06. gantt.php: When opening the gantt chart pages, clicking an event to open it 
    does not work. Single quotes replaced by backticks (on line 45) solved the 
    problem.
07. categories.php If the category name contained an apostrophe, the delete 
    button did not work.


Change log - version 5.3.3
==========================

New features / improvements:
01. search.php: For the MySQL version of the calendar, independent of the MySQL 
    database in use, the Search function is now always case-insensitive. For the 
    SQLite version it was already always case-insensitive.
02. settings.php, messaging.php, msglog.php, index.php, header.php, toolbox.php, 
    ai-{lang}.php, ui-{lang}.php: A setting has been added to the Settings page 
    to enable the logging of all notification messages sent by email, Telegram 
    and SMS. The message log can be viewed on a new page "Notification Message 
    Log", which is available to users with admin or manager rights, via an 
    option in the ☰ menu.
03. eventform1.php, css.php, ui{lang}.php: In the Event Edit/Add window in the 
    notification section an icon has been added right next to the list with 
    recipients. When this icon is clicked a list opens from which recipients can 
    be selected. This list contains 1) a list with the recipients lists from the 
    reciplists folder, 2) the registered recipients and 3) a list with all 
    recipients specified in the file +recipients.txt. The latter file can for 
    instance contain often used recipients, who are not registered. It is still 
    possible to also type recipients in the "To" field.
04. texteditor.php, toolbox.js, ai-<lang>.php, css.php: The previous info text 
    editor has been upgraded to a general text editor which can be used to edit 
    the info-text in the right side bar, the file with public (not registered) 
    recipients and the recipients list files, which can can be added to the 
    recipients in its entirety.
05. display4.php: A new "display" (display4) has been added, which shows the 
    events in a very compact list with each event on one single line.
06. toolbox.php, events.php: The HTML <sub> and <sup> tags are now allowed in 
    the event title and description fields, so that chemical and mathematical 
    formulas can be used.
07. messaging.php, example-list.txt: In notification recipients list files on 
    each line text starting with a #-character is treated as comments and will 
    be flushed.
08. display0-2.php, display0-2.cnf: In the configuration section of display0, 
    1 and 2 the PDF button can now also be enabled for logged in users only.
09. messaging.php: In email and telegram notification messages the label in 
    front of the date and time field is now just "Date" when no event times have 
    been specified.
10. index.php, toolbox.php, ai-{lang}.php: When a public user (not logged in) 
    visits the calendar or one of the displays for the first time, the calendar 
    / display user interface language will be the same as the browser language. 
    If no browser language is found or if it is not a valid calendar language, 
    the default language specified on the settings page will be taken.
11. toolbox.php, eventform1.php: When entering event times on mobile devices the 
    decimal keypad will be forced, which makes entering times easier. To 
    separate hours from minutes the . (period) or , (comma) on the decimal 
    keypad can be used.

Technical issues (refactoring):
01. eventform1.php: In the catMenu function the $selected variable was set 
    twice.
02. toolbox.php, settings, lcsbar.php, display0.php: The use of the addslashes 
    and htmlspecialchars functions to "escape" quotes in the pop text of the 
    "pop" and "popM" functions is overkill and could possibly create problems 
    for some browser. Both functions have been replaced by a new "unQuote" 
    function, which only replaces single and double quotes by the respective 
    HTML entities &apos; and &quot;. HTML tags are left intact.
03. search.php, ui-{lang}.php: On the Search page the wild cards _ and & have 
    been replaced by the more common ? and *.
04. event.php: In fields title, venue, description, and extra fields, the "'" 
    character is replaced by &apos (HTML5) instead of &#039; (HTML401).
05. settings.php, toolbox.php: For the function htmlspecialchars the flag 
    ENT_HTML5 has been added to the flag ENT_QUOTES, so that single quotes are 
    converted to &apos; (HTML5) rather than &#039; (HTML401).
06. eventform1.php: Stray <td>-tag removed in the top bar of the Event Edit/Add 
    window.
07. toolbox.js: In the event functions and day marking functions newE, editE, 
    newM and editM the mode and state parameters were not used and have been 
    removed.
08. eventform1.php: The name and value of the repeat box OK button were not used 
    and have been removed.
09. eventform1.php, css.php: The Set Repetition box is now properly centered.
10. ai-nederlands.php, ug-nederlands.php, ui-nederlands.php, ai-polska.php, 
    ug-polska.php, ui-polska.php: The Dutch and Polish language files have been 
    updated.
11. dmarkform1.php: In the Day Marking window the option "rolling" has been 
    removed from the repeat section. Rolling is not relevant for day markings.
12. month.php, week.php, day.php: In the colgroup of the left column, the <col> 
    tag had a redundant </col> tag, which has been removed. The HTML <col> tag 
    has no closing tag.
13. retrieve.php, retrievc.php: Detection of "all day" and "no time" simplified.
14. retrieve.php, header.php, toolbox.php, search.php, notify.php, displayX.php, 
    rssfeed.php, pdf.php, pdfbc.php, lcsbar.php, exportics.php: The JPCERT/CC in 
    Japan reported an SQL injection vulnerability (ID: JVN#91510849) caused by 
    the retrieve function, due to the fact that a possible external filter, 
    including it's values, is directly embedded in the SQL statement. In all 
    scripts which are calling the retrieve function the values are now separated 
    from the filter and introduced in a prepared statement with placeholders.
15. dloader.php: The JPCERT/CC in Japan reported a path traversal vulnerability 
    (IDs JVN#89939615 and JVN#01069027, describing the same problem), caused by 
    the dloarder script. The validation part of the dloader.php script has been 
    redesigned to solve this vulnerability.
16. displayX.php, pdf.php: The JPCERT/CC in Japan reported an SQL injection 
    vulnerability (ID JVN#26024080), caused by the script that produces the pdf 
    file with events. Solved by using a prepared SQL statement.
17. toolbox.php, event.php, eventreport.php, users.php, account.php: In the 
    IDtoDD and ITtoDT functions, a date or a time starting with '9' is converted 
    to an empty date or time. This simplifies the calling scripts, which don't 
    need to test on '9' before calling these functions.
18. lcsbar.php, rssfeed.php, header.php, search.php: Rather than composing the 
    event time on the spot, these scripts are now using the makeTime function.
19. logvisit.php: Incrementing the hit counter is now better protected with a 
    file lock. Before, occasionally at random moments the counter file could be 
    deleted.
20. messaging.php:If the php.ini setting allow_url_fopen is disabled, then the 
    function file_get_contents cannot be used to communicate with Telegram. Web 
    hosts sometimes disable this setting to avoid Remote File Inclusion (RFI) 
    attacks and unauthorized access.
    Therefore, if the php.ini setting allow_url_fopen is disabled, the calendar 
    switches to the cURL library for the communication with Telegram.
21. tfpdf.php, ttfonts.php: The True Type fonts files, used when printing the 
    birthday calendar, have been updated. They caused PHP 'deprecation' warning 
    messages when running the calendar with PHP 8.2.

Bug fixes:
01. header.php: When on the admin's Category page the IDs are not identical to 
    the sequence numbers, then when in the Options Panel one single category 
    has been selected, when adding a new event the default category in the Add 
    Event window will not be the selected category in the Options Panel. Solved.
02. events.php: In the array $evtArr the event end date was not converted to ISO 
    format. For multi-day events this resulted in the "full" date / time of 
    notification messages in a garbled end date.
03. retrieve.php, retrievc.php: The conditions to determine the value of the 
    variables $ald and $ntm were not enclosed in brackets and therefore for the 
    search page and the displays "all day" was shown for events with no time 
    (blank).
04. retrieve.php: In LuxCal V5.3.1 a bug was introduced which resulted in the 
    fact that events that need approval, but are not yet approved were visible 
    to other users. Events that need approval should only be visible to other 
    users after approval by a user with manager rights.


Change log - version 5.3.4
==========================

New features / improvements:
01. login.php, account.php, users.php toolbox.js: On the User Profile page and 
    the Edit Users page the eye symbol has been added to the password fields.
02. eventform1.php, dmarkform1.php,search.php, exportIcs.php, cleanup.php: On 
    the Event, Day marker, Search, CleanUp and Event File Export pages, the date 
		input fields, which are initially blank, now contain a placeholder showing 
    the date format.
03. index.php, settings.php, header.php, css.php: On the administrator Settings 
    page the header with the Save Settings button has now been excluded from the 
    scroll area, so that the Save Settings button remains always visible.

Technical issues (refactoring):
01. messaging.php: The Message-ID field containing the event ID has been added 
    to the email headers. This can be useful when troubleshooting the sending of 
    emails.
02. dmark.php, dmarkform0.php, dmarkform1.php: The dmark scripts still contained 
    code which was related to processing of normal events, which however was not 
    relevant for day markers. The redundant code has been removed from the 
    scripts.
03. logvisit.php: When the hit/bot counter is read from the file, it's directly 
    converted to an integer. This resolves a PHP deprecate warning.
04. events.php, toolbox.php: In the fields title, venue and text1-3 HTML tags 
    which are not closed are annulled by adding a closing tag directly following 
    the opening tag.
05. messaging.php: Before using the event title in an email subject field and 
    the event title and venue in SMS messages, possible HTML tags are removed.
06. eventform1.php: In the Add/Edit Event window in the help (red ?) text for 
    the description fields, the image description was only shown when on the 
    Settings page "Show images in month view" was checked. Images can always be 
    added, so they should always be mentioned in the help text.


Bug fixes:
01. toolbox.php: The ITtoDT function returned a blank time when the time started 
    with a '9'. See V5.3.3 - Technical issues no. 17. Ok for dates, but not for 
    times. The test should be: when the time starts with '99'.
02. ui-dansk.php: Double quote ( " ) missing in the Danish language file at the 
    end of line 253.
03. retrievc.php: When the page "Changes" is selected and changed events are 
    found, PHP error messages appear in the background of the page. Because on 
    lines 105 - 107 the variable name $evt has accidentally been replaced by 
    $row.
04. retrievc.php, retrieve.php: when at the start of the the retrieve function 
    the filter is built and a selection on one or more event categories has to 
    be made, the category sequence number was used, rather than the category ID. 
    If on the administrators Category page the category sequence numbers have 
    been changed and in the option panel one or several event categories were 
    selected this led to the display of wrong events in the calendar views.
05. dmark.php: When editing one occurrence of a recurring day marker, and SQL 
    error occurred because of a "notify" field in the SQL statement, while for 
    day markers notifications are not relevant.
06. toolboxx.php: When upgrading from calendar V5.1 or V5.2, the sub-categories 
    were not copied to the 5.3 database. Bug in upgrade function solved.
07. pdf.php: When producing PDF files, day markers were not displayed correctly.
    The text and background colors were not applied correctly and <b> tags were 
    present in the title.

