summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Changelog11
-rwxr-xr-xLedgerSMB/Form.pm37
-rw-r--r--TODO28
-rwxr-xr-xtemplates/Brazilian_Portuguese-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Danish-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Default-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Dutch-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Estonian-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Estonian_UTF8-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/French-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/German-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Hungarian-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Italian-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Norwegian-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Russian-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Service-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Spanish_A4-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Spanish_Letter-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Swedish-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Traditional_Chinese_Big5-logo.pngbin12716 -> 15928 bytes
-rwxr-xr-xtemplates/Traditional_Chinese_UTF8-logo.pngbin12716 -> 15928 bytes
-rw-r--r--templates/demo/ar_transaction.tex27
-rw-r--r--templates/demo/logo.pngbin3970 -> 15928 bytes
23 files changed, 72 insertions, 31 deletions
diff --git a/Changelog b/Changelog
new file mode 100644
index 00000000..e9ce8cb4
--- /dev/null
+++ b/Changelog
@@ -0,0 +1,11 @@
+Changelog for LedgerSMB v 2.6.17
+
+(Changes relative to the pre-fork SQL-Ledger 2.6.17)
+
+* Corrected sessionid security hole allowing bypass of login to main application
+* Corrected sessionid security hole allowing one to list logins and more.
+* Changed acc_trans.amount to NUMERIC
+* Tightened browser caching rules to prevent problems with back button.
+* Added an open content manual to the main distribution.
+* New logo.
+* Began whitespace reformatting of main application.
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index 8b736e5c..73d9f4c5 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -1083,23 +1083,26 @@ sub format_string {
$format = 'tex';
}
- my %replace = ( 'order' => { html => [ '<', '>', '\n', '\r' ],
- txt => [ '\n', '\r' ],
- tex => [ quotemeta('\\'), '&', '\n',
- '\r', '\$', '%', '_', '#',
- quotemeta('^'), '{', '}', '<', '>',
- '?' ],
- utf => [ quotemeta('\\'), '&', quotemeta('\n'),
- '\r', '\$', '%', '_', '#',
- quotemeta('^'), '{', '}', '<', '>' ] },
- html => { '<' => '&lt;', '>' => '&gt;',
- '\n' => '<br />', '\r' => '<br />' },
- txt => { '\n' => "\n", '\r' => "\r" },
- tex => {'&' => '\&', '\$' => '\$', '%' => '\%', '_' => '\_',
- '#' => '\#', quotemeta('^') => '\^\\', '{' => '\{', '}' => '\}',
- '<' => '$<$', '>' => '$>$',
- '\n' => '\newline ', '\r' => '\newline ',
- '?' => '\pounds ', quotemeta('\\') => '/' } );
+ my %replace = (
+ 'order' => {
+ html => [ '<', '>', '\n', '\r' ],
+ txt => [ '\n', '\r' ],
+ tex => [ quotemeta('\\'), '&', '\n','\r',
+ '\$', '%', '_', '#',
+ quotemeta('^'), '{', '}', '<', '>', '£'
+ ],
+ utf => [ quotemeta('\\'), '&', quotemeta('\n'),
+ '\r', '\$', '%', '_', '#', quotemeta('^'),
+ '{', '}', '<', '>' ] },
+ html => { '<' => '&lt;', '>' => '&gt;','\n' => '<br />',
+ '\r' => '<br />' },
+ txt => { '\n' => "\n", '\r' => "\r" },
+ tex => {'&' => '\&', '\$' => '\$', '%' => '\%', '_' => '\_',
+ '#' => '\#', quotemeta('^') => '\^\\', '{' => '\{',
+ '}' => '\}', '<' => '$<$', '>' => '$>$',
+ '\n' => '\newline ', '\r' => '\newline ',
+ '£' => '\pounds ', quotemeta('\\') => '/'}
+ );
my $key;
diff --git a/TODO b/TODO
index 571b7e1e..50341113 100644
--- a/TODO
+++ b/TODO
@@ -8,29 +8,33 @@ Near immediate items (release-delaying?). * indicates completed.
- *fix the session security problem in the main application
- *Tightened browser caching rules so that the back button is no problem.
- *hosting, Sourceforge import SVN (almost done)
-- *solve security problem for admin.pl (central db?) (Pending testing)
+- *solve security problem for admin.pl (central db?)
Suggest starting with a simple server-side cookie. Then when we
add authentication abstraction, this problem can be permanently
solved in a modular fashion.
- * finish removing references to sql-ledger
-- write upgrade/crossgrade script from SL -> LedgerSMB
+- write upgrade/crossgrade script from SL -> LedgerSMB (mostly done)
Database script is done. Just untar over the top?
If so, then this is done.
- write press release
- *write SL List announcement
-- SPI membership
+- SPI membership (Just time the request to Josh for proposal)
- *CONTRIBUTORS/AUTHORS file.
- Delete setup.pl file for released versions. (not in SVN).
-- Test db upgrade
+- Run final tests on applications
+ - crossgrade script-- missing SL directory unlink logic.
+ - *templates
+ - db upgrade (not working)
+- *Fix printing bug with LaTeX templates. Error:
+ Quantifier follows nothing in regex;
+ marked by <-- HERE in m/? <-- HERE / at LedgerSMB/Form.pm line 1107.
-Short term items
+Higher priorities
- update setup.pl, which has a lot of SL specific code.
- make utf-8 default
-- Add protection against duplicate id values.
+- Add protection against duplicate id values.
- Prevent printing without posting.
- Add last cost field to laber/overhead creation screen.
-- drop lynx support? (no, not short term anyway)
- I think it is better to abandon Lynx support than drop it.
- drop Oracle support? (ibidem)
Oracle support is already largely abandoned. Not sure if we should
the code though...
@@ -45,6 +49,8 @@ Short term items
- Remove Dieter's sessionid timestamp since it serves no purpose.
- authentication abstraction for Kerberos, LDAP authentication, and the like.
- Authentication module for PostgreSQL databases.
+- Account transactions available from Balance Sheets and Income Statements via
+links.
Medium-longer term
- Port SL-POS functionality into the fork.
@@ -56,3 +62,9 @@ Medium-longer term
a single insert and adding foreign keys.
- Fix printing for Windows.
- Portable Data Terminal integration.
+- Merge web directories so that maintaining frames and no-frames browsers
+ is not a problem.
+- Move to a template-based display system with main application logic being in
+ a separate Perl module.
+- Convert to use persistant database connections.
+- Basic payroll module
diff --git a/templates/Brazilian_Portuguese-logo.png b/templates/Brazilian_Portuguese-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Brazilian_Portuguese-logo.png
+++ b/templates/Brazilian_Portuguese-logo.png
Binary files differ
diff --git a/templates/Danish-logo.png b/templates/Danish-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Danish-logo.png
+++ b/templates/Danish-logo.png
Binary files differ
diff --git a/templates/Default-logo.png b/templates/Default-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Default-logo.png
+++ b/templates/Default-logo.png
Binary files differ
diff --git a/templates/Dutch-logo.png b/templates/Dutch-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Dutch-logo.png
+++ b/templates/Dutch-logo.png
Binary files differ
diff --git a/templates/Estonian-logo.png b/templates/Estonian-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Estonian-logo.png
+++ b/templates/Estonian-logo.png
Binary files differ
diff --git a/templates/Estonian_UTF8-logo.png b/templates/Estonian_UTF8-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Estonian_UTF8-logo.png
+++ b/templates/Estonian_UTF8-logo.png
Binary files differ
diff --git a/templates/French-logo.png b/templates/French-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/French-logo.png
+++ b/templates/French-logo.png
Binary files differ
diff --git a/templates/German-logo.png b/templates/German-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/German-logo.png
+++ b/templates/German-logo.png
Binary files differ
diff --git a/templates/Hungarian-logo.png b/templates/Hungarian-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Hungarian-logo.png
+++ b/templates/Hungarian-logo.png
Binary files differ
diff --git a/templates/Italian-logo.png b/templates/Italian-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Italian-logo.png
+++ b/templates/Italian-logo.png
Binary files differ
diff --git a/templates/Norwegian-logo.png b/templates/Norwegian-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Norwegian-logo.png
+++ b/templates/Norwegian-logo.png
Binary files differ
diff --git a/templates/Russian-logo.png b/templates/Russian-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Russian-logo.png
+++ b/templates/Russian-logo.png
Binary files differ
diff --git a/templates/Service-logo.png b/templates/Service-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Service-logo.png
+++ b/templates/Service-logo.png
Binary files differ
diff --git a/templates/Spanish_A4-logo.png b/templates/Spanish_A4-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Spanish_A4-logo.png
+++ b/templates/Spanish_A4-logo.png
Binary files differ
diff --git a/templates/Spanish_Letter-logo.png b/templates/Spanish_Letter-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Spanish_Letter-logo.png
+++ b/templates/Spanish_Letter-logo.png
Binary files differ
diff --git a/templates/Swedish-logo.png b/templates/Swedish-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Swedish-logo.png
+++ b/templates/Swedish-logo.png
Binary files differ
diff --git a/templates/Traditional_Chinese_Big5-logo.png b/templates/Traditional_Chinese_Big5-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Traditional_Chinese_Big5-logo.png
+++ b/templates/Traditional_Chinese_Big5-logo.png
Binary files differ
diff --git a/templates/Traditional_Chinese_UTF8-logo.png b/templates/Traditional_Chinese_UTF8-logo.png
index 5edcdfe5..e8c8b84f 100755
--- a/templates/Traditional_Chinese_UTF8-logo.png
+++ b/templates/Traditional_Chinese_UTF8-logo.png
Binary files differ
diff --git a/templates/demo/ar_transaction.tex b/templates/demo/ar_transaction.tex
index 1c3c44f3..31e20fdb 100644
--- a/templates/demo/ar_transaction.tex
+++ b/templates/demo/ar_transaction.tex
@@ -1,18 +1,32 @@
\documentclass{scrartcl}
\usepackage[latin1]{inputenc}
\usepackage{tabularx}
-\usepackage[letterpaper,top=2cm,bottom=-3cm,left=1.1cm,right=1.5cm]{geometry}
+\usepackage[top=2cm,bottom=-1cm,left=2cm,right=1cm]{geometry}
\usepackage{graphicx}
\setlength{\parindent}{0pt}
\begin{document}
-\pagestyle{myheadings}
-\thispagestyle{empty}
+\pagestyle{empty}
\fontfamily{cmss}\fontsize{10pt}{12pt}\selectfont
-<%include letterhead.tex%>
+\parbox{\textwidth}{%
+ \parbox[b]{.42\textwidth}{%
+ <%company%>
+
+ <%address%>
+ }
+ \parbox[b]{.2\textwidth}{
+ \includegraphics[scale=0.3]{ledger-smb}
+ }\hfill
+ \begin{tabular}[b]{rr@{}}
+ Tel: & <%tel%>\\
+ Fax: & <%fax%>
+ \end{tabular}
+
+ \rule[1.5em]{\textwidth}{0.5pt}
+}
\centerline{\textbf{A R} \hspace{0.3cm} \textbf{T R A N S A C T I O N}}
@@ -27,7 +41,7 @@
<%city%>
<%if state%>
-\hspace{-0.1cm}, <%state%>
+, <%state%>
<%end state%>
<%zipcode%>
@@ -37,9 +51,10 @@
<%if contact%>
<%contact%>
-\vspace{0.2cm}
<%end contact%>
+\vspace{0.2cm}
+
<%if customerphone%>
Tel: <%customerphone%>
<%end customerphone%>
diff --git a/templates/demo/logo.png b/templates/demo/logo.png
index e3a4ac13..e8c8b84f 100644
--- a/templates/demo/logo.png
+++ b/templates/demo/logo.png
Binary files differ