HotelDruid Wiki

User Tools

Site Tools

Trace:
changelog

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
changelog [2017/07/27 19:29] marcochangelog [2023/11/04 06:10] (current) marco
Line 1: Line 1:
-|  [[en|english]]  |  [[it|italiano]]  |  [[es|español]]  |  [[http://www.hoteldruid.come/en/|hoteldruid home page]]  |+|  [[en|english]]  |  [[it|italiano]]  |  [[es|español]]  |  [[http://www.hoteldruid.com/en/|hoteldruid home page]]  |
  
 =====HotelDruid CHANGELOG===== =====HotelDruid CHANGELOG=====
  
 <file> <file>
 +3.0.6 (03/11/2023)
 +======================
 +-when using a remote server smtp.gmail.com suggest to create an app password
 +-if email in structure data has a public provider suggest to use their remote server
 +-don't pass anymore unregistered _REQUEST variables (register globals off)
 +-when changing reservation client, possibility to replace him also in payments made
 +-added "doesn't contain" to "if" comparisons in document conditions
 +-new privilege for normal users to change their password
 +-updated Italian document ROSS1000 to use residence data from main guest if missing
 +-insert from modification page a copy of the reservation(s), also for deleted ones
 +-fixed bugs: XSS vulnerabilities (CVE-2023-43375) (CVE-2023-43376) (CVE-2023-43377)
 +-fixed bug: possible SQL injection in personalizza.php (CVE-2023-43374)
 +-fixed bug: possible SQL injection in interconnessioni.php (CVE-2023-43373)
 +-customization of upper/lower case format in names, surnames, nations, etc.
 +-don't upload files in documents table if user can't modify any document, no html
 + suffix if he can't mofify html documents (CVE-2022-45592)
 +-global privilege to don't allow users to modify documents in html format
 +-fixed bug: avoid cross site scripting in errors from database (CVE-2023-47164)
 +-fixed bug: custom comments deleted when inserting check-out and sometimes check-in
 +-fixed bug: remote code execution in backup from administrator user (CVE-2023-34854)
 + as disclosed by Glen Husman and Donovan Jasper
 +-fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2023-34537)
 +-fixed bug: SQL injection in creaprezzi.php (CVE-2023-33817) (CVE-2023-43371)
 +-fixed bug: sometimes extra bed not added when searching availability from main menu
 +-fixed bug: possible SQL injection from administrator user in privilegi_utente.php
 +-fixed bug: identity document type not inserted in clients data
 +-fixed bug: wrong update of api documents from 3.0.4
 +
 +
 +3.0.5 (16/03/2023)
 +======================
 +-in rules 1 table show rates in natural order
 +-insert deposits and commissions for "all rates" or all rates with existing value
 +-encode html characters in predefined variables in HTML documents (CVE-2023-29839)
 +-optional "transaction date" for reservations and cashbox payments
 +-optional "notes" when inserting reservation payments
 +-optional "payment id" when inserting a reservation or cashbox payment
 +-fixed bug: costs non added to reservations from pos with sqlite or postgres
 +-removed document last_payment_* variables, added last_payment (1 or empty) in [r5]
 +-for documents as API possibility to allow access only from some IPs
 +-for parts under condition in documents added & (and) or | (or) to conditions and >,
 + <, % (contains) or !% to comparisons
 +-new variables for attachments and don't select attachment if variable empty
 +-possibility to attach multiple files and in different languages to email documents
 +-when assigning a variable in document conditions added encode/decode in MIME
 + base64, in HTML and convertions between bases 10 and 2, 16 or 36
 +-added new variable [last_reservation_for_client] set to 1 only for last reservation
 + of current client in reservations repetitions
 +-added [client_number] to documents variables, also for guests
 +-added document variable [confirmation] equal to 1 if reservation is confirmed
 +-possibility to use a variable of the document as the name of the downloaded file
 +-multilingual subjects in email documents when the document is multi-lingual
 +-variable [extra_cost_days] set to number of days for costs not associated to days
 +-create future years only automatically on set date (new constant to change default)
 +-don't allow deleting current year if no constant set in includes/costanti.php
 +-added rule 3 for minimum number of people for each rate
 +-fixed bug: incompatible units were not registered from extra costs automatically
 + added as extra beds when inserting and modifying reservations
 +-fixed bug: sometimes it was not possible to change the list of units assigned to
 + reservations
 +-in document conditions variables are now always compared as strings
 +-fixed bug: arrays in conditions inside document text wrongly initialitiated with
 + null value
 +-when possible use mbstring functions instead of utf8_encode (deprecated in php 8.2)
 +-fixed bug: sometimes wrong total price in documents called from "check
 + availability" page
 +-fixed bug: documents variable [occupied_unit] not defined in web pages
 +-fixed bug: empty menus dates updated wrongly when adding periods with multiple
 + users
 +-when a backup is restored check that selectperiodi file is present for each year
 +-fixed bug: could not configure an external SMTP server
 +
 +
 +3.0.4 (16/04/2022)
 +======================
 +-New default Italian document "Dati per ISA" with total daily presences in period
 +-added constant C_MASSIMO_NUM_EMAIL_GIORNALIERE to limit emails sent in 24h from documents
 +-availability webpage now follows general value for email masquerading (option removed)
 +-if constant C_MASCHERA_EMAIL set to spf records, check spf before sending email with maquerading
 +-sent email subjects are now encoded in utf-8 with base64
 +-possibility to use external smtp server instead of php mail() function, using phpmailer
 +-when insering dates for users and for webpages accept when periods are not ordered in time
 +-possibility to select years older than 5 in statistics (limit to 8 years simultaneously)
 +-new default Italian document for ROSS1000
 +-when periods are added also import rules 1, dates in menus and periods of imported rates
 +-fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2022-26564)
 +-possibility for normal users to split a reservation when it can't be inserted in one unit
 +-use single quotes in dati/selectappartamenti.php (CVE-2022-22909)
 +-possibility to use cookies for session handling (CVE-2021-42948)
 +-better handling of session and transaction IDs (CVE-2021-42949)
 +-better handling of inconsistent sql logs, also when restoring backup
 +-don't make indicative availability table overflow in mobile and first row/column are now sticky
 +-better order of internal id number for variables of restored documents
 +-fixed bug: document arrays wrongly initialitiated with null value when present in conditions
 +-fixed more php 8 and 8.1 WARNINGs
 +
 +
 +3.0.3 (20/08/2021)
 +======================
 +-added a default document to export reservations data in csv
 +-added 2nd email, certified email, 2nd and 3rd telephone to "export clients data" document
 +-fixed vulnerabilities CVE-2021-32832, CVE-2021-38733 and CVE-2021-38559
 +-fixed more php8 WARNINGs
 +
 +
 +3.0.2 (20/07/2021)
 +======================
 +-when setting import between rates remember last selections
 +-set the document variable [email_already_sent] to the last sending date if email has been sent
 +-for reserevations not permanently deleted the deletion time and deleting user are shown
 +-fixed bug: documents not updated correctly in website pages when documents order changed
 +-fixed bug: in web pages the input that contaied a slash kept adding slashes at each creation
 +-in availability page consider minimum stay for dates selected by default
 +-fixed problem: in new chrome browser  the month table columns were not aligned correctly sometimes
 +-added to availability webpage theme the javascript to open calendar when clicking on dates menus
 +-default themes and framed mode in web pages now can load an external javascript file
 +-save documents with long names inserting reservation numbers in another ".dat" file
 +-added check-in and check-out times to document variables, empty if check-in or check-out not done
 +-fixed some bugs for reservations not permanently deleted
 +-fixed bug: variables and array repetitions not shown modifying a document with imported variables
 +-started fixing warnings in php 7.4 and 8.0
 +-added debug output (commented in release) for variables in GET/POST not set in list for each page
 +-fixed bug: could never modify a reservation if new extra cost applied to its rate had restrictions
 +-fixed bug: not possible to modify a reservation with new assignment rule 3 and people types
 +-fixed bug: it was not possible to delete rooms
 +-from top menu search reservations also by reservation code instead of only reservation number
 +-modified fast insertion of extra cost "number of children" in "number of infants"
 +-fixed bug: in Italian default document "alloggiatiweb" fixed state codes with new default values
 +-fixed bug: no start date for reservations beginning in previous year in documents from some pages
 +-fixed bug: reservation number in past year not imported correctly when creating new year
 +
 +
 +3.0.1 (11/02/2020)
 +======================
 +-for extra costs as extra beds select if the discount of person type must be applied to the cost
 +-possibility to multiply extra costs only by selected person types (or exclude them)
 +-possibility for certain extra costs to be shown as person type when inserting reservations
 +-let some buttons stay on top-right in their section while scrolling
 +-headers row and first column to stay visible in all tables
 +-show paid and total price of reservations from previous year in month table
 +-try to use the character set utf8mb4 for mysql/mariadb tables
 +-fixed bug: in "modify client" wrong display of reservations if there are current and deleted ones
 +-fixed bug: possible wrong room assignment with php above 7.1
 +-check webpage directories for duplicates and delete existing webpages if directory removed
 +-now delimiters of html in webpages don't depend on translation and have the code of language
 +-fixed bug: table "prenotacanc" not locked when deleting a client
 +-fixed bug: wrong [document_progressive_number] variable inside documents with php above 7.1
 +
 +
 +3.0.0 (07/11/2019)
 +======================
 +-new default documents "welcome email" with link to web check-in
 +-fixed renaming with new reservation numbers of documents already created when creating new year
 +-upload photos for rates, rooms and logo if constant C_CARTELLA_CREA_MODELLI is defined
 +-added a new Italian default document "Ricevuta elettronica prova" for reservations incomes
 +-possibility to select documents from below a cashbox table or all payments in a cashbox from API
 +-added "modify" links in tables with rules 1 and 3 and possibility to overwrite existing rules 1
 +-in default themes added a lang tag to html element
 +-global privilege for users to create webpages
 +-added a confirmation step when adding periods
 +-privileges for users to insert/modify/delete assignment rules 1 or rules 2 and 3
 +-intechanged numbers between assignment rule 3 and assignment rule 4
 +-fixed bugs: errors when viewing rates tables with privilege to insert only inside rule 1
 +-when restoring a document backup add "_" before the p for existing variables that end with _p
 +-possibility to delete reservations not permanently (keeping their data)
 +-fixed bug: rounding of percentage extra costs could be set to zero
 +-added region to structure data and defined structure nation/region/city codes in documents
 +-added second email and certified email to client data
 +-possibility for a document to use a defined style for money and dates instead of the user ones
 +-new repetition with saved documents of reservation in document variables
 +-inserting nations or other lists, if admin has same code 1, use code 2 and 3 from admin if empty
 +-interchanged code 1 with code 2 in default nations and documents
 +-removed obsolete "Turistat" document from default Italian documents
 +-fixed bug: wrong roundig of money with resulting value minor than 0.1 (also in documents)
 +-in documents with a repetition inside [r] don't apply again conditions after the repetition
 +-multiple currencies in cashboxes and for reservations payments and discounts
 +-fixed bug: rates order not changed for prices imported in multiple dates 
 +-fixed bug: could not modify reservation in closed room
 +-locks work again with sqlite v3
 +-privileges to modify currencies and people types for all other users or users from own groups
 +-new global privilege to modify currency customization
 +-updated the format of default Italian document "fattura elettronica"
 +-in availability webpage the availability overview can be shown only when there is no availability
 +-fixed bug: when deleting rates corresponding rules 1 for closure not deleted
 +
 +
 +2.3.2 (27/02/2019)
 +======================
 +-fixed bugs: multiple cross site scripting vulnerabilities in backend
 +-fixed bug: sometimes reservations could not be moved if there were some rules 1 not for closure
 +-fixed bug: errors when wiewing reservations table with extra beds and without people types
 +-updated the format of default Italian document "fattura elettronica"
 +-fixed bug: search dates not escaped in reservation payments page
 +
 +
 +2.3.1 (20/02/2019)
 +======================
 +-new document variables for person types and person type for extra costs as extra bed
 +-extended custom person types support to availability check, webpages and reservations tables
 +-fiexd bug: custom comments and client fields not defined in document conditions if not in Italian
 +-updated the format of default Italian document "fattura elettronica"
 +-fixed bugs: multiple cross site scripting vulnerabilities in backend
 +-fixed bug: rate number not escaped in single rate page
 +-fixed bug: error when modifying final date of reservations begun in previous year
 +-fixed bug: user id not escaped when changing user groups
 +-fixed bug: cost multiplied by people may be wrong when inserting reservations with multiple rule 2
 +-set selection_starting_date and selection_ending_date variables in corresponding documents API
 +-fixed bug: error when setting a % deposit for a reservation with a rate with daily deposit
 +-fixed bug: values of custom client fields not escaped
 +-try again to alter a table in mysqli functions if error occurs (mariadb temporary table bug)
 +-fixed bug: errors when viewing deleted reservation
 +-fixed bug: error when viewing single rate table with one column
 +-php log of sql database errors
 +
 +
 +2.3.0 (09/11/2018)
 +======================
 +-initial support for different custom person types
 +-fixed bug: user id not escaped in privileges page
 +-fixed bug: dates values not escaped in some places in hoteldruid and created webpages
 +
 +
 +2.2.4 (01/10/2018)
 +======================
 +-added new document variable [extra_cost_max_daily_value] with daily price in repetitons of costs
 +-fixed bug: reservations not inserted when using "continue anyway" with an "ask before" rule 1
 +-new italian default document for "fattura elettronica" (alpha version)
 +-fixed bug: sometimes (empty) documents were saved even if there was an error message
 +-fixed bug: when creating new year, dates of imported rate prices not updated
 +-privileges to don't show money when modifying a reservation
 +-privilege to view and modify inserting reservation user
 +-Italian document "file alloggiatiweb" now replaces non-ascii characters for names and surnames
 +-better display of calendars to pick dates on mobile devices
 +-fixed bug: error when inserting an extra cost with no characteristics that could be mantained
 +-fixed bug: normal user without priviles to modify all rates could not modify imported prices
 +-fixed bug: saved documents not displayed correctly in reservations table
 +-fixed bug: sometimes reservations could not be moved with automatic assignment (from 2.2.3)
 +-fixed bug: rule 1 not working if room name had special html characters
 +
 +
 +2.2.3 (04/06/2018)
 +======================
 +-mantain confirmation status when modifying reservations as a group and only some are confirmed
 +-on mobile devices scroll horizontally tables larger than sceen (blue, colors and simple themes)
 +-show availability and minimum stay in rate table and possibility to modify prices and minimum stay
 +-possibility to add an extra cost inserted by administrator to all users or existing webpages
 +-fixed bug: could not delete last document without reservation number from documents table
 +-fixed bug: room not updated in extra costs when room name changed
 +-clicking on a price in rates table gives the possibility to edit it
 +-better compatibility with php 7.1 and 7.2
 +-in month table possibility to keep assigned rooms when a reservation is moved to not assigned one
 +-constants to limit the number of created backups and calls to documents API
 +-comment when passing over temporary reservations in month table explaining how they work
 +-select by default current date for date selectors in reservations payments table
 +-possibility to change the name of the room for all beds in the same room from rooms table
 +-privilege for normal users to manage credit cards password
 +-"rules 2" table now shows also rates without a rule and a "modify" link
 +-fixed bug: when changing rates order rates from which prices are imported were not updated
 +-when creating new year do not delete credit cards of clients with reservations in last 4 months
 +-delete cvc code of credit cards after being seen twice
 +-fixed bug: error when inserting a reservation with fixed room and extra cost incompatile with it
 +-fixed bug: reservations not always inserted when using "continue anyway" button for assignment
 +-better memory management when creating a backup file
 +-fixed bug: couldn't add custom fields to clients with postgresql database
 +-updated sqlite funtions for better memory management
 +-fixed bug: values not escaped when inserting in cashbox from point of sale
 +
 +
 +2.2.2 (28/02/2018)
 +======================
 +-with fast insertion of extra bed possibility to set a limit of extra beds per room
 +-warning when modifying rule 4 and there are rooms that can't host the selected number of people
 +-when rule 2 is modified give a warning if there are rooms in the rule not included in exception
 +-option to consider a document as an "API" that can be called from some URLs
 +-warning to add periods from main menu with less than 4 months from the last available date
 +-fixed residual amounts when importing cashboxes from previous year
 +-fixed bug: wrong dates in drop-down menus with php 7.1
 +-when modifying extra costs preselect the same minimum/maximum days also for non-selected rates
 +-added an html version of "last payment receipt" to default documents
 +-added a documents variable with default current hoteldruid url for webpages
 +-added functions for URL encode, md5, ASCII and lower/upper case in documents conditions
 +-constants to set default duration for credit card password, forbidding last x passwords
 +-restrictions for credit card password (at least 8 characters, letters and numbers/symbols)
 +-possibility to store credit cards data on an external module
 +-fixed bug: deposit could be higher than total price in availability webpage
 +-possibility to import also groups when user privileges are imported
 +-fixed bugs: missing theme files from "show source" and source not updated with missing directory
 +-option to modify title phrases in default themes in webpages
 +
 +
 2.2.1 (27/07/2017) 2.2.1 (27/07/2017)
 ====================== ======================
changelog.1501183786.txt.gz · Last modified: 2017/07/27 19:29 by marco