Topic: LuxCal 5.2.4 - MySQL and SQLite - released 16 November 2023
In this new LuxCal version 5.2.4 a number of technical issues have been addressed and a few bugs have been fixes. In addition an "About LuxCal " option has been added to the side menu.
>>>> IMPORTANT: FOR THIS VERSION THE MINIMUM PHP VERSION REQUIRED IS 7 <<<<
As always, John from Denmark took part in the beta testing of this new version and helped to make the LuxCal Web Calendar a better product. Thank you John!
Hereafter you will find a full summary of all changes since the previous LuxCal version 5.2.3.
New features / improvements
• In the side menu an option "About LuxCal" has been added, which is available for users with administrator rights. When this option is selected, an About LuxCal overlay is shown with the current calendar version and a message if a newer version is available at the LuxSoft website with download links. In addition, if important information is available, LuxSoft can add note or warning texts to this overlay. Calendar administrators are advised to select this menu option from time to time.
Technical issues
• A cross-site scripting / SQL injection vulnerability reported by JPCERT/CC has been solved. [VN: JVN#15005948 / TN: JPCERT#97783326]. Now all calendar input data, i.e. GET, POST and COOKIE variables, are sanitized and the variables with a fixed-format are validated at the start of the code.
• The email regex ($rxEML) has been improved. In special cases, when the event description contained a URL link, which included a @-sign, the regex to create email links didn't work. This resulted in an empty description field.
• In the post-processing of the upgrade function, when searching for old "sml" email links, the offset in strpos function has been removed. PHP 8.1 didn't like offsets outside the haystack.
• On the page Event File Import - iCal format the "Check all Ignore boxes" button has been changed into a "Toggle all Ignore boxes" button.
• Code simplification. For the user menu, side menu and options panel: the JavaScript code element.style.height.slice(0,1) > '0' has been replaced replaced by element.clientHeight > 'x' and element.style.width.slice(0,1) > '0' has been replaced by element.clientWidth > 'x'.
• General code simplifications in the JavaScript toolbox. Most of the times testing on undefined is not needed. Several others.
• Code simplification. The label-tags can be put "around" the item concerned, rather than using <label for='<id>', which makes most ids redundant and the code simpler.
• Code simplification. When using the scandir function, filtering of files is now done by a PHP preg_grep function.
• Code simplification. The long array definition notation (array()) has been replaced by the short notation ([]).
• Code simplification. In the calendar <head> section "onpageshow" has been combined with "onload".
• For events in a category with "to be approved" set, the "approved" check box and label in the Event window have moved inside the color of the page body.
Bug fixes
• If on the settings page for the Event date format a separator, other than '-' had been specified, then in reminder emails, the back-link to the calendar below the email message, did not work. This is because the date 'nD' is used in DD format (with the user-defined separator). The GET-parameter validation function however, requires a '-' separator. Validation regex updated.
• In the makeE function, under case 6, there was a break; after each line (nom and nos). There should however be just one break; after both lines.
• An error in the regex to extract an email address from the event's description field and produce the mailto-link, resulted in a mailto link which didn't work and could, when editing the event, not be converted back to the originally entered email address.
• To avoid SQL errors during the upgrade process, in the pre-processing section of the upgrade function the DB fields notRecip and notMail (< V4.5) have been added to the list of possible NULL fields that must be set to NO NULL.