X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=CHANGELOG.txt;h=6e1977d998626f1ab18171f5d104d6d7d096b68b;hb=8ea6c4dd0d9b31b3456d012b0c94339b801bee0c;hp=71167cd0e484edebf84d251c60631589eb0f5922;hpb=d542ce4a94415648f7993f219963d683c372210a;p=fa-stable.git

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 71167cd0..6e1977d9 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,249 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+18-Oct-2009 Janusz Dobrowolski (merged changes for 2.1.7 from main branch)
+! Added html_entity_decode() in db_escape() for correct INSERT>SELECT>INSERT sequences.
+$ /includes/db/connect_db.inc
+# Fixed warnings on first page display
+$ /admin/company_preferences.php
+# Fixed erroneous message
+$ /gl/manage/gl_account_types.php
+# Security sql statements update against sql injection attacks.
+$ /admin/attachments.php
+  /admin/payment_terms.php
+  /admin/print_profiles.php
+  /admin/printers.php
+  /admin/shipping_companies.php
+  /admin/view_print_transaction.php
+  /admin/db/company_db.inc
+  /admin/db/printers_db.inc
+  /admin/db/voiding_db.inc
+  /admin/db/users_db.inc
+  /dimensions/includes/dimensions_db.inc
+  /dimensions/inquiry/search_dimensions.php
+  /gl/bank_account_reconcile.php
+  /gl/gl_budget.php
+  /gl/includes/db/gl_db_account_types.inc
+  /gl/includes/db/gl_db_accounts.inc
+  /gl/includes/db/gl_db_bank_accounts.inc
+  /gl/includes/db/gl_db_bank_trans.inc
+  /gl/includes/db/gl_db_banking.inc
+  /gl/includes/db/gl_db_currencies.inc
+  /gl/includes/db/gl_db_rates.inc
+  /gl/includes/db/gl_db_trans.inc
+  /gl/inquiry/bank_inquiry.php
+  /gl/view/bank_transfer_view.php
+  /gl/view/gl_trans_view.php
+  /inventory/cost_update.php
+  /inventory/purchasing_data.php
+  /inventory/includes/db/items_category_db.inc
+  /inventory/includes/db/items_codes_db.inc
+  /inventory/includes/db/items_db.inc
+  /inventory/includes/db/items_locations_db.inc
+  /inventory/includes/db/items_prices_db.inc
+  /inventory/includes/db/items_trans_db.inc
+  /inventory/includes/db/items_units_db.inc
+  /inventory/includes/db/movement_types_db.inc
+  /inventory/inquiry/stock_movements.php
+  /inventory/manage/item_categories.php
+  /inventory/manage/item_units.php
+  /inventory/manage/items.php
+  /inventory/manage/locations.php
+  /inventory/manage/movement_types.php
+  /manufacturing/search_work_orders.php
+  /manufacturing/includes/db/work_centres_db.inc
+  /manufacturing/includes/db/work_order_issues_db.inc
+  /manufacturing/includes/db/work_order_produce_items_db.inc
+  /manufacturing/includes/db/work_order_requirements_db.inc
+  /manufacturing/includes/db/work_orders_db.inc
+  /manufacturing/includes/db/work_orders_quick_db.inc
+  /manufacturing/inquiry/where_used_inquiry.php
+  /manufacturing/manage/bom_edit.php
+  /manufacturing/manage/work_centres.php
+  /purchasing/po_entry_items.php
+  /purchasing/po_receive_items.php
+  /purchasing/supplier_credit.php
+  /purchasing/supplier_invoice.php
+  /purchasing/includes/purchasing_db.inc
+  /purchasing/includes/db/grn_db.inc
+  /purchasing/includes/db/invoice_db.inc
+  /purchasing/includes/db/invoice_items_db.inc
+  /purchasing/includes/db/po_db.inc
+  /purchasing/includes/db/supp_trans_db.inc
+  /purchasing/includes/db/suppalloc_db.inc
+  /purchasing/includes/db/suppliers_db.inc
+  /purchasing/inquiry/po_search.php
+  /purchasing/inquiry/po_search_completed.php
+  /purchasing/inquiry/supplier_allocation_inquiry.php
+  /purchasing/inquiry/supplier_inquiry.php
+  /purchasing/manage/suppliers.php
+
+12-Oct-2009 Janusz Dobrowolski (merged)
+# Fixed sql injection vulnerability on some php/mysql configurations
+$ /admin/db/users_db.inc
+! Single quotes also encoded before database data insert
+$ /admin/db/maintenance_db.inc
+  /includes/db/connect_db.inc
+  /reporting/includes/tcpdf.php
+  /sales/includes/cart_class.inc
+
+16-Oct-2009 Janusz Dobrowolski
++ Access control system description.
+$ /doc/access_levels.txt (new)
+
+14-Oct-2009 Janusz Dobrowolski
+# [0000173] Missing global systypes_array declaration.
+$ /purchasing/allocations/supplier_allocate.php
+
+14-Oct-2009 Joe Hunt
+# [0000172] Difference between Customer Balances and Print Statements
+$ /reporting/rep108.pp
+
+13-Oct-2009 Janusz Dobrowolski
+# Fixed default page access.
+$ /sales/inquiry/sales_orders_view.php
+
+13-Oct-2009 Joe Hunt
++ Added discrete users online in footer (from Wish List Forum) (New rerun)
+$ /admin/db/users_db.inc
+  /sql/alter2.2.sql
+  /sql/en_US-new.sql
+  /sql/en_US-demo.sql
+  /themes/aqua/renderer.php
+  /themes/cool/renderer.php
+  /themes/default/renderer.php
+! Changed Tag types in reports_classes to be the same as defined in types.inc. Suitable height=5
+$ /reporting/includes/reports_classes.inc
+! Code cleanup (old code removed)
+$ /includes/ui_view.inc
+  
+12-Oct-2009 Janusz Dobrowolski
+# Fixed sql injection vulnerability on some php/mysql configurations
+$ /admin/db/users_db.inc
+# Fixed broken table editor page layout on duplicate record.
+$ /gl/includes/db/gl_db_account_types.inc
+  /gl/includes/db/gl_db_accounts.inc
+  /gl/manage/gl_account_classes.php
+  /gl/manage/gl_account_types.php
+  /gl/manage/gl_accounts.php
+# [0000169],[0000174] Removed sparse session var unset firing error.
+  /sales/allocations/customer_allocation_main.php
+  /purchasing/allocations/supplier_allocation_main.php
+
+11-Oct-2000 Joe Hunt
+# [0000168] Undefined variable: paylink in file rep110.php
+$ /reporting/rep110.php
+  /reporting/includes/pdf_report.inc
+  
+11-Oct-2009 Janusz Dobrowolski
++ Added security area for sales quotes entry
+$ /applications/customers.php
+  /includes/access_levels.inc
+  /sql/alter2.2.php
+  /sql/en_US-demo.sql
+  /sql/en_US-new.sql
++ Standard SA_DENIED access level added.
+$ /includes/current_user.inc
++ Added helper function for setting page_security level depending on GET content and/or expression value
+$ /includes/session.inc
+# Fixed security areas sort order
+$ /admin/security_roles.php
+# Fixed page_security for various usage types.
+$ /sales/sales_order_entry.php
+  /sales/inquiry/sales_orders_view.php
+
+10-Oct-2009 Janusz Dobrowolski
+! Changed access control extensions support for modules/plugins to use unique extension ids
+$ /admin/inst_module.php
+  /admin/security_roles.php
+  /admin/db/maintenance_db.inc
+  /includes/access_levels.inc
+  /includes/current_user.inc
+  /installed_extensions.php
+  /index.php
+# Enabled error handling for extensions
+$ /frontaccounting.php
+# Page code rewrite
+$ /admin/inst_module.php
+# Fixed missing parameters in update_user_display_prefs call
+$ /admin/users.php
+! Non-accesable menu options displayed as text instead of link
+$ /applications/customers.php
+  /applications/dimensions.php
+  /applications/generalledger.php
+  /applications/inventory.php
+  /applications/manufacturing.php
+  /applications/setup.php
+  /applications/suppliers.php
+# Fixed error handling for duplicate table records
+$ /includes/errors.inc
+# Fixed php 5.3 function name conflict
+$ /includes/main.inc
+  /sales/inquiry/sales_orders_view.php
+# Fixed delivery note edition bug (introduced during systypes rewrite)
+$ /sales/includes/cart_class.inc
+! Changed page_security to SASALESINVOICE
+$ /sales/inquiry/sales_deliveries_view.php
+
+09-Oct-2009 Joe Hunt
++ Added option to print delivery notes as packing slip in reports and links.
+$ /includes/ui/ui_controls.inc 
+  /reporting/rep110.php
+  /reporting/reports_main.php
+  /reporting/includes/doctext.inc
+  /reporting/includes/doctext2.inc
+  /reporting/includes/header2.inc
+  /reporting/includes/pdf_report.inc
+  /reporting/includes/reporting.inc
+  /sales/customer_delivery.php
+  /sales/sales_order_entry.php
+  
+08-Oct-2009 Joe Hunt
++ Prepared the Report Engine for Tags handling.
+! Changed report::getDisplay() to use combo_input from ui_lists.inc insted of local function
+  dup_simple_codeandname_list().
+$ /reporting/includes/reports_classes.inc
+! Changed a parameter in report 301.php to be Summary Only instead of Detailed report.
+$ /reporting/reports_main.php
+  /reporting/rep301.php
+
+06-Oct-2009 Tom Hallman
+# moved commit_transaction and added a default use_transaction param in write_journal_entries
+$ /gl/includes/db/gl_db_trans.inc
+# Show Journal Entries from 2.1 as closed in Journal Inquiries.
+$ /gl/inquiry/journal_inquiry.php
+
+03-Oct-2009 Janusz Dobrowolski
+# Fixed false upgrade related error displayed in some situations on logout.
+$ /access/logout.php
+# Missing old_db declaration fixed.
+$ /includes/current_user.inc
+# Fixed combo_input and array_selector to accept array of selected items from POST.
+$ /includes/ui/ui_lists.inc
+!  Changed structure of tag_associations table.
+$ /sql/alter2.sql
+  /sql/en_US-new.sql
+  /sql/en_US-demo.sql
+
+03-Oct-2009 Joe Hunt
+# Bad conversion of timestamp value in report audit trail.
+$ /reporting/rep710.php
+
+01-Oct-2009 Janusz Dobrowolski
+! Added comment on add_access_extensions usage.
+$ /includes/access_levels.inc
+# Removed sparse add_access_extensions() call.
+$ /includes/session.inc
++ Added support for multiply select options in combo_input.
+$ /includes/ui/ui_lists.inc
+! Unaccesable menu options are now displayed as grey text.
+$ /themes/aqua/default.css
+  /themes/aqua/renderer.php
+  /themes/cool/default.css
+  /themes/cool/renderer.php
+  /themes/default/default.css
+  /themes/default/renderer.php
+
 ------------------------------- Release 2.2 Beta ----------------------------------
 30-Sep-2009 Joe Hunt
 ! Release 2.2 Beta
@@ -46,6 +289,17 @@ $ /includes/access_levels.inc
 $ /includes/types.inc
 # Message typo
 $ /sql/alter2.2.php
+# Fixed false error on payment without allocation.
+$ /purchasing/supplier_payment.php
+  /sales/customer_payments.php
+# Fixed access to payments when deposits are disabled.
+$ /gl/gl_bank.php
+! Access level checking moved to page() function to make session start 
+	and page access checks independent.
+$ /includes/main.inc
+  /includes/session.inc
+# Back link on upgrade help page
+  /includes/current_user.inc
 
 29-Sep-2009 Tom Hallman
 ! Changes in tags table structure, tags related security areas