Releases: agilare/ladecadanse
Releases · agilare/ladecadanse
v3.5.4
Fixed
- events : increase "horaire_complement", "ref", "prelocations" fields lengths which were a little too tight based on usage
Added
- events : split images in "evenements" dir by year to ease the load of the huge amount of files
- events : in edit form, title field, warn if user pastes text too large; it happens often and results in odd titles
Changed
- events : remove the "new" icon in the 2 infos about Noctambus which were put 1 year ago
- upgrades : PHPMailer, PHP dotenv, Whoops 2.16, PHPStan 1.12, PHP_Codesniffer 3.10, Magnific-Popup 1.1 to 1.2, Zebra Datepicker 2.2
Security
- Utils::urlQueryArrayToString() now sanitize its output; revealed by https://www.openbugbounty.org/reports/955861/
- headers: replace outdated configs, add CSP
- admin : add sanitize of new user affiliation
- add secure, httponly and mostly samesite to cookies sent
- security guidelines in SECURITY.md
v3.5.3
Fixed
- deploy : exclusions and inclusions in git-ftp-ignore
- js : main.js freshness, obsolete function calls
- mailing : in toAdmin() replace "from" by a "replyto" in order to allow sending with SMTP auth
Added
- edition : add partial edit mode a limited edition on current db version to avoid conflicts with an other DB version
- docs : CONTRIBUTING.md
- GitHub issue templates (bug report, feat request)
- dev : Browsersync config file
Changed
- docs : mention modernization project in README.md
- docs : clearer app/config.php
- remove obsolete attribute 'version' in docker-compose.yml
- build : mention licence in composer.json
v3.5.2
Fixed
- menus : pratique links 404
- session : back to default config
- library : order of parameters in 2 functions
- forms : rectify some calls to css files
- style : avoid page's css broken link
- forms : rm calls to inexistent validerEmail()
Added
- maintenance page
- Glitchtip error tracker
Changed
- contact : replace old email obfuscation method
- refactor js : reorganize by scope, use modules
- upgrade TinyMCE from 5 to 6
Removed
- liens page : obsolete links
v3.5.1
Fixed
- events : queries to fix horaires val of copied rows and some other
- events : a typo was breaking the sending process in send by email
Added
- Noctambus : add banner in home and explanation of partnership (and also for EPIC magazine) in user registration and add event
- api : nb of items returned in logging of each request
Changed
- timezone definition moved to config.php to improve portability
- update PHPMailer, whoops, phpdotenv, phpstan, var-dumper...
- update jQuery from 3.7.0 to 3.7.1
- update Zebra datepicker to v2.0
- php analyzers configs, plugins
Removed
- jQuery Migrate
Security
- replace apparently unsafe shiftcheckbox jQuery plugin by checkboxes.js
v3.5.0
Fixed
- users - edit : "avec affiliation" value must be sent in submit, rm conditions
- events
- in edit and copy form config of datepicker to allow adding event for today event after 0h
- copy of an event had horaire_fin before horaire_deb if original horaire_fin was after midnight; horaires of event copied were in the wrong day (the same day as dateEvenement) if horaires of original were after midnight
Added
- events : API to get night events "fêtes" of a day
- tests : setup Codeception and basic tests of API
- Symfony VarDumper component
Changed
- events form presentation improvements
- increase width of some fields
- put back horaire under date
- complete link for tooltip by a more visible help button
- clearer lieu manual fields
- forms : increase container width for lieu, organisateur, contact...
- tests : documentation revised, completed (readme, strategy, map)
- update jQuery from 3.6.4 to 3.7.0
Full Changelog: v3.4.5...v3.5.0
v3.4.5
Fixed
- users - password reset : in db table rm unique of idPersonne to avoid crash
- users - edit : affiliation text wasn't saved, display "avec affiliation" field only if pertinent
- add ini_set session.gc_probability to enable auto clean of old session in Debian
- UX : added missing icon ext links
- in small screens events lists right overflow
Added
- tests : added assertions, for most important cases in Selenium suites
- Doc link in menu 1 for admin users
Changed
- php libraries : whoops 2.15, phpmailer 6.8, phpstan
3.4.4
Fixed
- evenement : crash if lieu not found
- lieu : galerie image upload
- tests : some fixes in Selenium suites
Added
- tests : readme and strategy more detailed
Removed
- à propos : inactive in staff
Security
- update jquery link "latest" (actually freezed at 3.2.1) to lastest 3.6.4
3.4.3
Fixed
- home : mobile left col was unusable
- evenement : unpublish auth, in edit ref and prelocations length validation, calendar past days color
- lieux : header; in home, latests added only actives, logo size in mobile
- readme : create admin sql
Added
- basic end to end tests suites for Selenium IDE
Changed
- TESTS.md v1.1
- in home, agenda links iCal, report more visible