diff --git a/README.md b/README.md index 9cbde39ba..d8f1ab45b 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,26 @@ Developer Resources: - [WebCalendar-Database.html](http://htmlpreview.github.io/?https://github.com/craigk5n/webcalendar/blob/master/docs/WebCalendar-Database.html) - [WebCalendar-DeveloperGuide.html](http://htmlpreview.github.io/?https://github.com/craigk5n/webcalendar/blob/master/docs/WebCalendar-DeveloperGuide.html) +## Roadmap + +### v1.9.X +- Clean up bugs +- Resolve any PHP 8 issues +- New installer +- Better support for running as a container +- Improve translations for most popular languages (using new tools/complete-translation.py.) +- Testing/validation of databases other than MySQL (which has received most of the attention) + +### v2.0.X +- Stable release based on the v1.9 releases + +### v2.1.X +- Add support for database caching with Redis + ## Installation Instructions After unzipping your files (or transferring the files to your hosting -provider, you will need to go to the web-based install script. +provider), you will need to go to the web-based install script. If your files are installed in a "webcalendar" folder under your parent web server document root, you can access the script by going to: @@ -32,10 +48,44 @@ the shell: php webcalendar/install/headless.php ``` -You must create `includes/settings.php` yourself before running the headless -install script. +### Option 1: settings.php + +You should create an empty `includes/settings.php` yourself before running the headless +install script that the web service process has write permissions to. + +### Option 2: Environment Variables + +Instead of using the `includes/settings.php` file for your settings, you can use environment +variables instead. +This is primarily targeted towards those running WebCalendar in containers (docker, AWS Fargate, etc) +where it's easier to pass in environment settings than to write to a config file on a container. +You can do this with the docker-compose file if you are using docker. +If you want to do this with a standard Web Server, +you can set the evironment variables within your web server's configuration. +Depending on your web server, there may be more than one way to do this. You could +do this in your `php.ini` file, but those env vars would be available to all PHP apps +on the server. A better solution would be to setup a `.htaccess` file in your +WebCalendar directory that looked something like: + +``` +SetEnv WEBCALENDAR_USE_ENV true +SetEnv WEBCALENDAR_INSTALL_PASSWORD "da1437a2c74ee0b35eed71e27d00c618" +SetEnv WEBCALENDAR_DB_TYPE mysqli +SetEnv WEBCALENDAR_DB_DATABASE webcalendar +SetEnv WEBCALENDAR_DB_LOGIN webcalendar +SetEnv WEBCALENDAR_DB_PASSWORD "ChangeThisPassword" +SetEnv WEBCALENDAR_DB_HOST db +SetEnv WEBCALENDAR_DB_PERSISTENT true +SetEnv WEBCALENDAR_USER_INC user.php +SetEnv WEBCALENDAR_MODE prod +``` + +Note: Don't forget to enable mod_env for Apache for this to work, and to allow access to environment variables from PHP: +``` +php_value expose_php ON +``` -## Running WebCalendar with Docker (PHP 8.1) +## Running WebCalendar with Docker You can use a prebuilt WebCalendar image rather than building it yourself locally. You will need to shell into the MariaDb container to grant access. Because we also need a database, we use a local network with WebCalendar @@ -95,33 +145,6 @@ files in the container. Be sure to use the same MariaDb credentials specified above (Password _WebCalendar.1_ and Database Name _webcalendar_php8_.) -## Setting Up a Docker Dev Environment (PHP 7.4) - -You can setup a docker environment with PHP 7.4 and MariaDb with a few -steps. - -- Build the docker container with `docker-compose -f docker-compose-php7.yml build` -- Start the containers with `docker-compose -f docker-compose-php7.yml up` -- In order to grant the proper permissions inside of MariaDb, you - will need to run a few MySQL commands. First shell into the mariadb - container: `docker-compose exec db /bin/sh` -- Start up the db client: `/bin/mariadb -p` (the password will be - "Webcalendar.1" as specified in the `docker-compose-php7.yml' file. You - can change it to make your dev environment more secure (before you - build the containers in step above). -- Run the following db commands: - ``` - GRANT ALL PRIVILEGES ON *.* TO webcalendar@localhost IDENTIFIED BY 'Webcalendar.1' WITH GRANT OPTION; - FLUSH PRIVILEGES; - QUIT - ``` -- Start up your web browser and go to: - [http://localhost:8080/](http://localhost:8080/). -- Follow the guided web-based setup and choose "mysqli" as the database - type. - Be sure to use the same MariaDb credentials specified above - (Password _WebCalendar.1_ and Database Name _webcalendar_.) - ## Integrating WebCalendar with External Applications Web Calendar can be configured to pull user and configuration data from an external application. This diff --git a/edit_report.php b/edit_report.php index c01e91d79..ec18cbbf4 100644 --- a/edit_report.php +++ b/edit_report.php @@ -216,7 +216,7 @@ function print_options ( $textarea, $option ) {
'; + 'maxlength="50" value="' . htmlentities($report_name) . '">'; if ( $show_participants ) { echo '
diff --git a/report.php b/report.php index 62b1ba6bb..e4e95d54f 100644 --- a/report.php +++ b/report.php @@ -110,6 +110,7 @@ function event_to_text ( $event, $date ) { } else $id = $event->getID(); + $name_str = $description_str = ''; if ( $tempAcc == 'R' ) { if ( ( $login != $user && strlen ( $user ) ) || ( $login != $tempLog && strlen ( $tempLog ) ) ) { @@ -237,9 +238,9 @@ function event_to_text ( $event, $date ) { $addStr = translate ( 'Add new report' ); $unnamesStr = translate ( 'Unnamed Report' ); while ( $row = dbi_fetch_row ( $res ) ) { - $rep_name = trim ( $row[1] ); + $rep_name = htmlentities(trim($row[1])); if ( empty ( $rep_name ) ) - $rep_name = $unnamesStr; + $rep_name = htmlentities($unnamesStr); $list .= '