changelog
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| changelog [2019/02/27 18:30] – marco | changelog [2023/11/04 06:10] (current) – marco | ||
|---|---|---|---|
| Line 4: | Line 4: | ||
| < | < | ||
| + | 3.0.6 (03/ | ||
| + | ====================== | ||
| + | -when using a remote server smtp.gmail.com suggest to create an app password | ||
| + | -if email in structure data has a public provider suggest to use their remote server | ||
| + | -don't pass anymore unregistered _REQUEST variables (register globals off) | ||
| + | -when changing reservation client, possibility to replace him also in payments made | ||
| + | -added " | ||
| + | -new privilege for normal users to change their password | ||
| + | -updated Italian document ROSS1000 to use residence data from main guest if missing | ||
| + | -insert from modification page a copy of the reservation(s), | ||
| + | -fixed bugs: XSS vulnerabilities (CVE-2023-43375) (CVE-2023-43376) (CVE-2023-43377) | ||
| + | -fixed bug: possible SQL injection in personalizza.php (CVE-2023-43374) | ||
| + | -fixed bug: possible SQL injection in interconnessioni.php (CVE-2023-43373) | ||
| + | -customization of upper/lower case format in names, surnames, nations, etc. | ||
| + | -don't upload files in documents table if user can't modify any document, no html | ||
| + | | ||
| + | -global privilege to don't allow users to modify documents in html format | ||
| + | -fixed bug: avoid cross site scripting in errors from database (CVE-2023-47164) | ||
| + | -fixed bug: custom comments deleted when inserting check-out and sometimes check-in | ||
| + | -fixed bug: remote code execution in backup from administrator user (CVE-2023-34854) | ||
| + | as disclosed by Glen Husman and Donovan Jasper | ||
| + | -fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2023-34537) | ||
| + | -fixed bug: SQL injection in creaprezzi.php (CVE-2023-33817) (CVE-2023-43371) | ||
| + | -fixed bug: sometimes extra bed not added when searching availability from main menu | ||
| + | -fixed bug: possible SQL injection from administrator user in privilegi_utente.php | ||
| + | -fixed bug: identity document type not inserted in clients data | ||
| + | -fixed bug: wrong update of api documents from 3.0.4 | ||
| + | |||
| + | |||
| + | 3.0.5 (16/ | ||
| + | ====================== | ||
| + | -in rules 1 table show rates in natural order | ||
| + | -insert deposits and commissions for "all rates" or all rates with existing value | ||
| + | -encode html characters in predefined variables in HTML documents (CVE-2023-29839) | ||
| + | -optional " | ||
| + | -optional " | ||
| + | -optional " | ||
| + | -fixed bug: costs non added to reservations from pos with sqlite or postgres | ||
| + | -removed document last_payment_* variables, added last_payment (1 or empty) in [r5] | ||
| + | -for documents as API possibility to allow access only from some IPs | ||
| + | -for parts under condition in documents added & (and) or | (or) to conditions and >, | ||
| + | <, % (contains) or !% to comparisons | ||
| + | -new variables for attachments and don't select attachment if variable empty | ||
| + | -possibility to attach multiple files and in different languages to email documents | ||
| + | -when assigning a variable in document conditions added encode/ | ||
| + | | ||
| + | -added new variable [last_reservation_for_client] set to 1 only for last reservation | ||
| + | of current client in reservations repetitions | ||
| + | -added [client_number] to documents variables, also for guests | ||
| + | -added document variable [confirmation] equal to 1 if reservation is confirmed | ||
| + | -possibility to use a variable of the document as the name of the downloaded file | ||
| + | -multilingual subjects in email documents when the document is multi-lingual | ||
| + | -variable [extra_cost_days] set to number of days for costs not associated to days | ||
| + | -create future years only automatically on set date (new constant to change default) | ||
| + | -don't allow deleting current year if no constant set in includes/ | ||
| + | -added rule 3 for minimum number of people for each rate | ||
| + | -fixed bug: incompatible units were not registered from extra costs automatically | ||
| + | added as extra beds when inserting and modifying reservations | ||
| + | -fixed bug: sometimes it was not possible to change the list of units assigned to | ||
| + | | ||
| + | -in document conditions variables are now always compared as strings | ||
| + | -fixed bug: arrays in conditions inside document text wrongly initialitiated with | ||
| + | null value | ||
| + | -when possible use mbstring functions instead of utf8_encode (deprecated in php 8.2) | ||
| + | -fixed bug: sometimes wrong total price in documents called from "check | ||
| + | | ||
| + | -fixed bug: documents variable [occupied_unit] not defined in web pages | ||
| + | -fixed bug: empty menus dates updated wrongly when adding periods with multiple | ||
| + | users | ||
| + | -when a backup is restored check that selectperiodi file is present for each year | ||
| + | -fixed bug: could not configure an external SMTP server | ||
| + | |||
| + | |||
| + | 3.0.4 (16/ | ||
| + | ====================== | ||
| + | -New default Italian document "Dati per ISA" with total daily presences in period | ||
| + | -added constant C_MASSIMO_NUM_EMAIL_GIORNALIERE to limit emails sent in 24h from documents | ||
| + | -availability webpage now follows general value for email masquerading (option removed) | ||
| + | -if constant C_MASCHERA_EMAIL set to spf records, check spf before sending email with maquerading | ||
| + | -sent email subjects are now encoded in utf-8 with base64 | ||
| + | -possibility to use external smtp server instead of php mail() function, using phpmailer | ||
| + | -when insering dates for users and for webpages accept when periods are not ordered in time | ||
| + | -possibility to select years older than 5 in statistics (limit to 8 years simultaneously) | ||
| + | -new default Italian document for ROSS1000 | ||
| + | -when periods are added also import rules 1, dates in menus and periods of imported rates | ||
| + | -fixed bugs: some cross site scripting vulnerabilities in backend (CVE-2022-26564) | ||
| + | -possibility for normal users to split a reservation when it can't be inserted in one unit | ||
| + | -use single quotes in dati/ | ||
| + | -possibility to use cookies for session handling (CVE-2021-42948) | ||
| + | -better handling of session and transaction IDs (CVE-2021-42949) | ||
| + | -better handling of inconsistent sql logs, also when restoring backup | ||
| + | -don't make indicative availability table overflow in mobile and first row/column are now sticky | ||
| + | -better order of internal id number for variables of restored documents | ||
| + | -fixed bug: document arrays wrongly initialitiated with null value when present in conditions | ||
| + | -fixed more php 8 and 8.1 WARNINGs | ||
| + | |||
| + | |||
| + | 3.0.3 (20/ | ||
| + | ====================== | ||
| + | -added a default document to export reservations data in csv | ||
| + | -added 2nd email, certified email, 2nd and 3rd telephone to " | ||
| + | -fixed vulnerabilities CVE-2021-32832, | ||
| + | -fixed more php8 WARNINGs | ||
| + | |||
| + | |||
| + | 3.0.2 (20/ | ||
| + | ====================== | ||
| + | -when setting import between rates remember last selections | ||
| + | -set the document variable [email_already_sent] to the last sending date if email has been sent | ||
| + | -for reserevations not permanently deleted the deletion time and deleting user are shown | ||
| + | -fixed bug: documents not updated correctly in website pages when documents order changed | ||
| + | -fixed bug: in web pages the input that contaied a slash kept adding slashes at each creation | ||
| + | -in availability page consider minimum stay for dates selected by default | ||
| + | -fixed problem: in new chrome browser | ||
| + | -added to availability webpage theme the javascript to open calendar when clicking on dates menus | ||
| + | -default themes and framed mode in web pages now can load an external javascript file | ||
| + | -save documents with long names inserting reservation numbers in another " | ||
| + | -added check-in and check-out times to document variables, empty if check-in or check-out not done | ||
| + | -fixed some bugs for reservations not permanently deleted | ||
| + | -fixed bug: variables and array repetitions not shown modifying a document with imported variables | ||
| + | -started fixing warnings in php 7.4 and 8.0 | ||
| + | -added debug output (commented in release) for variables in GET/POST not set in list for each page | ||
| + | -fixed bug: could never modify a reservation if new extra cost applied to its rate had restrictions | ||
| + | -fixed bug: not possible to modify a reservation with new assignment rule 3 and people types | ||
| + | -fixed bug: it was not possible to delete rooms | ||
| + | -from top menu search reservations also by reservation code instead of only reservation number | ||
| + | -modified fast insertion of extra cost " | ||
| + | -fixed bug: in Italian default document " | ||
| + | -fixed bug: no start date for reservations beginning in previous year in documents from some pages | ||
| + | -fixed bug: reservation number in past year not imported correctly when creating new year | ||
| + | |||
| + | |||
| + | 3.0.1 (11/ | ||
| + | ====================== | ||
| + | -for extra costs as extra beds select if the discount of person type must be applied to the cost | ||
| + | -possibility to multiply extra costs only by selected person types (or exclude them) | ||
| + | -possibility for certain extra costs to be shown as person type when inserting reservations | ||
| + | -let some buttons stay on top-right in their section while scrolling | ||
| + | -headers row and first column to stay visible in all tables | ||
| + | -show paid and total price of reservations from previous year in month table | ||
| + | -try to use the character set utf8mb4 for mysql/ | ||
| + | -fixed bug: in " | ||
| + | -fixed bug: possible wrong room assignment with php above 7.1 | ||
| + | -check webpage directories for duplicates and delete existing webpages if directory removed | ||
| + | -now delimiters of html in webpages don't depend on translation and have the code of language | ||
| + | -fixed bug: table " | ||
| + | -fixed bug: wrong [document_progressive_number] variable inside documents with php above 7.1 | ||
| + | |||
| + | |||
| + | 3.0.0 (07/ | ||
| + | ====================== | ||
| + | -new default documents " | ||
| + | -fixed renaming with new reservation numbers of documents already created when creating new year | ||
| + | -upload photos for rates, rooms and logo if constant C_CARTELLA_CREA_MODELLI is defined | ||
| + | -added a new Italian default document " | ||
| + | -possibility to select documents from below a cashbox table or all payments in a cashbox from API | ||
| + | -added " | ||
| + | -in default themes added a lang tag to html element | ||
| + | -global privilege for users to create webpages | ||
| + | -added a confirmation step when adding periods | ||
| + | -privileges for users to insert/ | ||
| + | -intechanged numbers between assignment rule 3 and assignment rule 4 | ||
| + | -fixed bugs: errors when viewing rates tables with privilege to insert only inside rule 1 | ||
| + | -when restoring a document backup add " | ||
| + | -possibility to delete reservations not permanently (keeping their data) | ||
| + | -fixed bug: rounding of percentage extra costs could be set to zero | ||
| + | -added region to structure data and defined structure nation/ | ||
| + | -added second email and certified email to client data | ||
| + | -possibility for a document to use a defined style for money and dates instead of the user ones | ||
| + | -new repetition with saved documents of reservation in document variables | ||
| + | -inserting nations or other lists, if admin has same code 1, use code 2 and 3 from admin if empty | ||
| + | -interchanged code 1 with code 2 in default nations and documents | ||
| + | -removed obsolete " | ||
| + | -fixed bug: wrong roundig of money with resulting value minor than 0.1 (also in documents) | ||
| + | -in documents with a repetition inside [r] don't apply again conditions after the repetition | ||
| + | -multiple currencies in cashboxes and for reservations payments and discounts | ||
| + | -fixed bug: rates order not changed for prices imported in multiple dates | ||
| + | -fixed bug: could not modify reservation in closed room | ||
| + | -locks work again with sqlite v3 | ||
| + | -privileges to modify currencies and people types for all other users or users from own groups | ||
| + | -new global privilege to modify currency customization | ||
| + | -updated the format of default Italian document " | ||
| + | -in availability webpage the availability overview can be shown only when there is no availability | ||
| + | -fixed bug: when deleting rates corresponding rules 1 for closure not deleted | ||
| + | |||
| + | |||
| 2.3.2 (27/ | 2.3.2 (27/ | ||
| ====================== | ====================== | ||
changelog.1551292246.txt.gz · Last modified: 2019/02/27 18:30 by marco