Version Change Log
2013-01-27
* Release: phpaddedit-2.3
* Update/Fixes:
- Fixed small error in
includes/ajax_file_upload.inc.php
file (<?php=$_SERVER
→<?php echo $_SERVER
). If you aren’t using the AJAX file upload form field you can ignore this update. - Added jquery cluetip for the help tips included throughout the UI to replace the crappy javascript alert box which doesn’t support text formatting.
- Added
$addeditdir
as a global variable in relevant function inaddedit-steps.php
to correct problem whereinfo.gif
graphic wasn’t showing up.
2013-01-26
* Release: phpaddedit-2.2
* Update/Fixes:
- Attempted to fixed
eregi
deprecation (might have missed some) - Changed short tags to long tags:
<?
to<?php
- Added support for Bad Behavior script. Unfortunately, since the BB script writes cookies the calling code needs to be placed before any header output and normal use of phpAddEdit will embed the form in core HTML. So, to use it, just add a line like the following in your site’s main index or header file:
require_once("addedit/bad-behavior/bad-behavior-generic.php");
and obviously change the path to suit your specific phpAddEdit directory - Fixed an
addslashes
problem with the human verification question (addedit-create-form.php
) - Improved akismet functionality (
addedit-akismet.php
)
2010-03-25
* Release: phpaddedit-2.1
* Update/Fixes:
- Main fix is the addition of Akismet support for weeding out spam.
Files affected:addedit-akismet.php
(new),addedit-render.php
,addedit-error-check.php
,addedit-steps.php
- Fixed printMessage function that was incorrectly referencing the info2.gif graphic
- Changed
addedit-getversion.inc.php
filename toaddedit-getversion.php
to be more consistent with other file naming conventions.
Files affected: index.php - Modified
addedit-getversion.php
to include/includes/version.inc.php
file regardless of what directory the form is being run from (more path issues – arghh) - Updated
includes/style
to add a warning style – just bold red font… - Updated
includes/admin.css
to include a ‘working’ style as well - Updated
includes/javascripts.js
file to include a div withclass=warning
for the custom error alert box - Fixed error in
addedit-render.php
file (typo actually) where security check for editing form - Once again changed the URL setting in javascript code in
addedit-form-fields.php
this time to call theaddedit-ajax.php
file as a complete URI rather than a local file - Once again fixed the final step form calling info to remove extra slashes (
addedit-steps.php
) - Was debugging
cleanit-functions.php
script and forgot to uncomment an echo statement
2010-02-18
* Release: phpaddedit-2.0
* Update/Fixes:
- Added a second
db.php
include line indbconnect.inc.php
file to account for occasional errors (e.g., when running XAMPP) - Improved handling of relative paths
(a) changed the definition of existing variables ($addeditcwd
,$thispath
) inaddedit-render.php
(b) changed from using $addeditcwd to $addeditdir in most files
(c) fixed file inclusions inaddedit-render.php
to utilize the relative path variable
(d) added code inaddedit-render.php
to see if we are dealing with a windows system and if so, determine the local addeditdir…
(e) updated theaddedit-steps.php
file so that the finished step took advantage of new$addeditdir
variable info (just the directory name) - Changed all the select box form fields (
addedit-form-fields.php
) to only show the sql warning message if the debugging (sql or detail) is turned on. Instead, it will create a default blank option so no error will occur. - Modified
addedit-ajax.php
,addedit-form-fields.php
andaddedit-customize.php
to allow you to specify your own select and/or insert sql for selectbox_other and selectbox_multiple_other fields. The default behavior just adds the other value you specify to the relevant field, but if you had a more complex table (e.g., with two or more fields) then you might want to use this customization feature. You could have done it before with sample code in theaddedit-ajax.php
file but then you would have to remember to update that file each time you upgrade the script. Now you can do it in theaddedit-customize.php
script instead. - Removed redir() function from
addedit-functions.php
file as it wasn’t being used and apparently it caused problems when integrating the script into phpNuke. - Checked to see if function refresh_page exists before declaring it (
addedit-functions.php
) - Updated
addedit-rss.php
to convert carriage returns to new lines (<br />
) - Updated
addedit-form-fields.php
to improve path on include for fckeditor - Updated
addedit-form-fields.php
to include theaddedit-function.php
file for instances where you might want to use just the form fields file and functions in your own custom scripting - Updated
addedit-ajax.php
to check for SQL errors in selection process - Corrected some errors with descriptions (double display and lack of CSS specification)
- Commented out the
php_flag magic_quotes_gpc
line in.htaccess
– don’t think the script actually needs magic quotes but had it in there from early development days. Will have to monitor to see if that is actually true. What is true is it causes 500 internal server errors on lots of shared hosting accounts so if it’s not needed, best to get rid of it.
2009-03-25
* Release: phpaddedit-1.4
* Update/Fixes:
- Modified
.htaccess
file to set max upload filesize and max execution time - Modified
addedit-functions.php
to add extra debug option (files uploading) - Added a custom javascript alert function to replace existing ones
Files affected:addedit-steps.php
,/includes/style.css
,/includes/javascripts.js
; added new image file,/images/alert-js.png
) - Added file_upload_ajax_single option; currently the ajax file upload is only for multiple files and assumes that they are being uploaded to a separate table than the main form table. You can just use the regular file upload for a single file with a field in the main form table, but why not also have a nice AJAX version?
Files affected:addedit-create-form.php
,addedit-steps.php
,addedit-form-fields.php
- Added two checkboxes beneath the FCKedit textarea form field, one to keep spaces and one to keep classes since by default the
cleanit
function strips both of these. Only are shown ifcleanit
function is enabled. - Fixed errors in the datefield form field (
addedit-form-fields.php
); specifically, was only showing through Nov (< vs. <=); also added two global variables,$yearminus
and$yearplus
, which are set in theaddedit-customize.php
file to dictate how many years to show. - Added ability to specify an include file in the email step.
Files affected:addedit-steps.php
,addedit-functions.php
(send_email and phpmailer functions),addedit-execute.php
,addedit-render.php
- Removed htmlentities function call in
addedit-form-fields.php
(hidden, textbox fiels) but added astr_replace
to replace quotation marks with " html entity - Changed default behavior of selectbox form fields (all 4 of them). Originally they included a blank option by default at the beginning of all SQL built lists but that is presumptuous so I added a variable called
$selectboxblank
which you can set to true in your addedit-customize.php file if you want to include a blank option o/w it won’t be.
Files modified:addedit-form-fields.php
,addedit-customize.php
- Updated install routine to add error checking, specifically to make sure the basic fields are actually entered and also to display the form again if there is an error rather than having to use the back button.
Files affected:/install/index.php
2008-12-16
* Release: phpaddedit-1.3.2
* Update/Fixes:
- Closed another potential security flaw involving local file include exploitation in
addedit-render.php
, index.php and /includes/header.php files - Changed feedburner RSS file to
from-feedburner.xml -fd.xml - Made small fix to trackback
printMessage
to remove extra margin
2008-12-12
* Release: phpaddedit-1.3.1
* Update/Fixes:
- Found a security flaw in the script (thanks to Sujith S.); if someone sets a cookie with the name “addedit” then they would be able to access the script unless other security measures are in place (like password-protecting your phpAddEdit directory).
Files affected:index.php
,addedit-login.php
- Improved
addedit-getversion.inc.php
to allow for minor version numbers (e.g., 1.3.1) before it only handled full versions (e.g., 1.3) properly
2008-11-12
* Release: phpaddedit-1.3
* Update/Fixes:
- Added a basic installation routine which allows install with no manual file editing and also checks to make sure the forms folder is writeable before allowing install (added
/install/
directory andinstall/index.php
file for this) - Added file
/includes/dbconnect.inc.php
to connect to the DB rather than doing it separately in multiple places in the script - Added
DB_CHARSET
constant to the config file (default is UTF8) - Added ability to toggle debug levels from the admin page rather than having to manually edit the config file
- Changed login approach (and added files
addedit-login.php
,includes/login.css
for this) - Changed location of user-created forms; were just being thrown in with the phpAddEdit files but now putting them in a separate forms folder. Should make it a bit easier for upgrading purposes…also should simplify form invocation code. Changed quite a few places in multiple files to accomodate this so I hope I didn’t miss something important.
- Added options for whether to display rss & trackback success messages on form completion
- Made slight change to
includes/db.php
, renamingwpdb
toaedb
- Updated
includes/admin.css
a bit - Made small changes to
printMessage
function inaddedit-functions.php
- Switched method of form rendering slightly to include the header and footer files from the file
addedit-render.php
instead of calling directly in theform.php
file - Modified the final step in
addedit-steps.php
file to simplify the suggested invocation code - Now automatically including
includes/style.css
– users can feel free to edit that to your taste, but the old way used it as the default in external css file settings, which works fine but screws up HTML validation - Was setting my own page title tag for directly called forms, but switched to using the form title specified in variables
- Fixed implode issue with
selectbox_multiple
andselectbox_multiple_other
fields (addedit-functions.php
) – basically if only one item is selected then implode will throw an error - Fixed small problem with index feature and enabled the delete option (though this may not work for some multi-table forms)
- Added some extra SQL injection protections (verify no $_GET variable exists before doing an eval() command)
- Changed default FCKeditor folder name to fckeditor (was FCKeditor) to math the default unzip case
- Changed the setting of a style width for the form to be conditional on whether one was actually entered; fixed small glitch (
addedit-steps.php
) where if a width had been set but then was set to blank it wouldn’t update – there are probably other fields (most, all?) like this so may be a future issue… - Added “bottom” option for displaying description texts
- Added function
slug()
toaddedit-functions.php
to create a slug name (remove special chars, spaces); also updated filesaddedit-execute-custom.php
andaddedit-ajax.php
to allow for wordpress demo (post name inwp_posts
table and adding a new term towp_terms
in the selectbox other field)
2008-10-15
* Release: phpaddedit-1.2
* Update/Fixes:
- Made some improvements while traveling but didn’t sync my 2 pc’s properly so this version is supposed to be the latest with the following changes but if you notice any issues please let me know
- Fixed small glitch in rendering the human verification question – if size was already set by the last element (e.g. for a FCKedit field with a large size) then that will be used for the verification text box size which we don’t want. Instead just default the call to a size of “3”
- Added a date form field
Files affected:addedit-form-fields.php
,addedit-create-form.php
,addedit-steps.php
,addedit-render.php
) - Improved handling of annoying issues like relative paths for images, etc. when a user has the freedom to install in whatever directory he/she chooses; basically…
- added new variable (
$addeditdir
) inaddedit-render.php
andaddedit-steps.php
- changed the definition of existing variables (
$addeditcwd
,$thispath
) inaddedit-render.php
- changed from using
$addeditcwd
to$addeditdir
in most files - fixed file inclusions in
addedit-render.php
to utilize the relative path variable
- added new variable (
- Updated a few more instances of get_variable and get_variables function calls in the generate_sql function (
addedit-functions.php
) where I needed to include a blank space (” “) – had done this in an earlier version but it seems I missed a few instances… - Fixed inclusion of user-specified css files – hadn’t been working properly (
addedit-render.php
) - Improved the cookie security check in
addedit-render.php
- Added
.pot
and.xls
extensions as default alloable upload files inincludes/ajax_file_upload.inc.php
- Removed htmlentities function call in
addedit-form-fields.php
- Added textbox_noedit to case selction in
addedit-steps.php
(hadn’t noticed it wasn’t included in earlier versions) - Updated to latest FCKeditor version (2.6.3)
- Added current year variable to copyright notice on the default email template
- Modified error checking in
addedit-form-fields.php
to only show my error text not the system error msg - Fixed the AJAX file upload preview feature so that if you click the preview image it will open in a new window
- Fixed hidden, textbox and textbox_noedit fields to convert default values to htmlentities for case where there may be quotation marks – maybe need to do this for other fields as well?
- Updated ajaxAddOther (
addedit-form-fields.php
,addedit-ajax.php
) to set encoding if appropriate
2008-01-01
* Release: phpaddedit-1.1
* Update/Fixes:
- Added option to include a human verification question to prevent spam bots from using the form
- Replaced older
mysql_*
type database access commands with$db
class connections instead. The old connections could cause problems working with existing connections used in other parts of a site – don’t want that…
Files affected:addedit-execute.php
,addedit-form-fields.php
,addedit-render.php
NOTE: there are instances of usingmysql_insert_id()
statement – not sure if this will cause problems and I should replace it or not, haven’t done so this time though… - PHP 5.x support –
array_merge
function changed in PHP 5.x so modified instances of it in script - Added some validation code in the selectbox fields (
addedit-form-fields.php
) to print a user-friendly error message if someone sets up the selectbox populate with fields incorrectly… - Updated sql that retrieves information for forms that are editing information…hadn’t enclosed the primary key value in quotes (had been assuming primarykey would be an integer field) but for text-based primary keys this is necessary…
related: added use ofmysql_real_escape_string()
to sql for primarykey WHERE criteria to add a bit more security against sql injection… - Added variable $pre_submit to
addedit-create-form.php
file right before submit button. Can be specified in theaddedit-customize.php
file to add something… - Changed
addedit-render.php
file to more accurately determine whether the form is being called directly or is embedded in a page; if the former include html head/body tags, if the latter don’t - Changed
selectbox_multiple
fields inaddedit-form-fields.php
file to explode default value string to an array so the default selections will be properly selected. - Added form
onsubmit
action option in form setup (2) to allow the specification of aonsubmit=""
action for the form submission; prior versions allowed such a javascript event specification for every field except the actual submit button… - Changed
addedit-functions.php
: renamedphpmailer
function tophpaddeditmailer
because it seems logical that others might be using the open source phpmailer class and naming a function after it, but perhaps with different arguments. - Modified send_email function so that default email body will actually display the values of a posted variable that is an array (previously just said Array)
- Moved email notification sending code to section that only executes if the form was successfully submitted, o/w if someone submitted a form and got an error an email might have gotten sent
- Added a slash to the password error word “don’t” in the
addedit-error-check.php
file o/w it causes a javascript error; also changed the pwconfirm variable in same file and inaddedit-form-fields.php
file to passwordconfirm to avoid conflicting with pwconfirm variable used elsewhere… - Improved skip field handling – now you can choose to skip a field entirely or override the original field type and make it a hidden or textbox-noedit field type instead
- Modified
addedit-error-check.php
file to only check email, min and max (characters and values) if the field has a value. As it was, if you didn’t make a field required but did specify a min or max requirement (chars or value) or an email validity check then if someone didn’t fill in that field they would get an error. - Increased number of sections from 3 to 4 (Step 7)
- Fixed AJAX file upload bugs and made improvements:
- wasn’t properly displaying the contents of the specified files directory
- remove trailing slash in file_directory if appropriate so user can enter with or without
- changed the AJAX functionality to update a variable idname (had been static), which will allow for multiple file upload fields on one form
- added image preview to AJAX file upload
- changed function so that a user can only upload one file – if you want to allow multiple uploads set a variable called $allow_multiple_uploads = true in your
addedit-customize.php
file (or you could manually comment out line 48 inajax_file_upload.inc.php
but when you upgrade to a newer version of the script you’ll lose that change) - improved alignment and CSS – still not perfect, but now mostly classes instead of inline and iframe has has better height properties
- in case you may want to specify what directory to upload files to on the form itself, you can set a variable $allowsetdir = true in your
addedit-customize.php
file
- Changed all
$cwd
variable instances to$addeditcwd
b/c it was conflicting with a$cwd
variable I had set outside of the addedit script. - Added an id to selectboxes and added a class to options in
selectbox_multiple
fields that are populated with an SQL statement BUT right now it is not a variable that can be set. I think very few people will ever need this feature but for those that do they can change it manually (I am using it to change aselectbox_multiple
field based on the value of a prior selectbox) - Made small change to
addedit-form-fields.php
; basically, was seeing if a select box was populated by a SQL statement by seeing if first 6 chars of the population string was “select” but in theory you could have a non-SQL population string, e.g.,select=>select
that would get considered SQL so changed to check first 7 characters are “select “ - Added code to evaluate the desc1 and desc2 options in case someone wants to include, for example, a hyperlink with a passed variable drawn from the form; also added code to other eval statements to add slashes to double quotes to prevent T_STRING errors (
addedit-create-form.php
) - Made small change to SQL generation function (
addedit-functions.php
) to handle case where posted value is a zero since PHP converts it to boolean false automatically - Added ability to add two variables in the
addedit-customize.php
file –$files_find_string
and$files_replace_string
– to do a str_replace on the file information that gets added to the DB; this could be useful if the file directory you have to specify to add a file isn’t the same format you will be using with the script that pulls the information from the database… - Added some debug variables to the
config.php
file; set these if you want to see different things while you are working on your form. - Changed error checking to ignore a variable marked to be skipped even if it was setup as a required or other error checking option…
- Added ability to set a selectbox default selected option as a variable (e.g.,
=$var
) that will be eval’d - Added option in
config.php
file to usecleanit
function for FCKeditor fields (default is to use it) - Added setup option to set form encoding and then made some improvements to the cleanup function, notably to use the htmlentities function (based on the form’s encoding – default to ISO-8859-1)
- Added check for new version using either fopen or curl; hopefully that is good enough, but if not, I can use a more complicated getRemoteFile function (ref: http://www.php-mysql-tutorial.com/php-tutorial/php-read-remote-file.php)
- Fixed error checking for unique requirement by adding slashes in the query
- AJAX file upload wasn’t creating proper sql – need to treat it like a selectbox_multirow…changed the
addedit-functions.php
file appropriately. - Stopped replacing
&
with&
for RSS feed generation – seems that valid HTML rules for RSS feeds with regard to & are not the same, but should investigate this further… - Fixed small error in
addedit-create-form.php
when getting tablefield variables ($temp=…) needed to check for$tablefield." "
not just$tablefield
in case two variables that have common name (e.g., email, email2) - Changed email function to only email on a new form submission not on editing; should change to allow options for specifying emails for submission and editing separately (added to TODO)
- Added
//<![CDATA[ ... //]]>
statements toajaxAddOther
JavaScript function (addedit-form-fields.php
) to prevent it from causing validation errors – may need to do the same for some other functions… - Fixed security check using cookie values (
addedit-render.php
); before was using thestristr
function but that could be thwarted, e.g. if you set it to admin but someone had a cookie value of adminx they would be validated also… - Added code to set default encoding if not already set in
addedit-functions.php
- Fixed error with including trackback in
addedit-execute.php
(had been only checking if trackback on edit was set to yes regardless of whether we were adding or editing content) - Added google blog search in automatic pinging for RSS (
addedit-rss.php
)
2007-09-01
* Release: phpaddedit-1.0 RC1
* Update/Fixes:
- Ability to specify an existing FCKeditor installation…
- Changed selectbox_other and selectbox_multirow_other to AJAX implementations
- Added AJAX file upload option
- Added ability to selectively display a field
- Changed multiple row select boxes so that default options appear at top of list
- Fixed some minor inaccuracies in how default selected values are set
- Fixed some minor XHTML validation errors
- Fixed render file so that direct calling of the script includes HTML header and footer
- Added working.gif to images directory – use it with AJAX file upload function
- Added a couple of classes to
style.css
file - Added routine to set variables on render – may want to think about this more for security purposes…
- Added
cleanit
function (includes/cleanit-functions.php
) to process FCKeditor textareas (ref: http://www.webmastersherpa.com/content/useful-code/cleanup/) - Set form width to the form width setting – had forgotten to do that previously
- Added/improved login system – before you had to specify the information in the
config.php
file or use the default (user: x, pass: x); now the first time you use a new installation it prompts you to set the username and password - Added form specific header and footer file includes. Now, if you want a form to have a header and/or footer, just edit the files named
and-header.inc.php
which are created automatically when you generate a new form.-footer.inc.php - Improved the help message for for element types (step 5 of form generation process).
2007-08-01
* Release: phpaddedit-0.9b
* Update/Fixes: First Release