v1.9.15: add composer.lock sync to bump script and compile test

Bug Fixes

• Fix session cookie generation — Random salt could include characters outside 0-9A-Za-z,
  producing invalid session cookies (#622)
• Fix PHP 8.1+ exceptions during wizard upgrade — Idempotent ALTER TABLE ADD statements
  threw uncaught mysqli_sql_exception on duplicate columns, causing HTTP 500 (#613)
• Fix user cannot confirm conflicts (#618)
• Fix determineServerUrl() when invoked from CLI (#620)
• Fix French translations — Encoding and wording corrections (#619)
• Fix fresh install missing default config — After wizard install, only
  WEBCAL_PROGRAM_VERSION was inserted into webcal_config, leaving 161 defaults missing and
  causing PHP 8.2+ undefined variable warnings on nearly every page
• Fix SQLite config validation — config.php required db_host and db_login to be non-empty,
  but SQLite databases don't use host or login credentials
• Fix undefined globals on login page after fresh install — $REMEMBER_LAST_LOGIN and
  $SERVER_TIMEZONE could be undefined, outputting warnings before headers and breaking
  redirects
• Fix event creation redirect failure — Undefined $dberror and $old_percent in
  edit_entry_handler.php output warnings before header('Location: ...'), silently breaking
  the redirect

CI/CD & Testing

• Add PHPStan static analysis — Level 0 analysis with baseline covering root PHP files,
  includes/, and wizard/
• Add multi-PHP-version CI matrix — PHPUnit and install tests run across PHP 8.1, 8.2, 8.3,
  and 8.4
• Add Selenium wizard installer tests — Automated install and upgrade tests for MySQL,
  PostgreSQL, and SQLite with post-install smoke tests (login + event creation)
• Add upgrade test fixtures — Schema fixtures for v1.9.10 and v1.9.12 across all DB
  backends
• Gate release workflow on all test suites — Release only proceeds when syntax, PHPUnit,
  install, and wizard tests all pass
• Capture screenshots on Selenium test failure — Uploaded as CI artifacts for debugging

Tooling

• Fix bump_version.sh — Now updates all 17 version references including
  wizard/WizardState.php, and runs composer update --lock automatically
• Fix compile_test.sh — Now checks for composer.lock drift and returns nonzero exit code on
  errors

v1.9.14

feat: Improve wizard upgrade logic and add MCP server integration

Enhance the WebCalendar installation and upgrade wizard for better reliability,
especially for no-op upgrades, and introduce Model Context Protocol (MCP) server.

• Wizard Upgrade Reliability:

  • Fixes for the upgrade process that was getting stuck

• MCP Server Integration:

  • Introduced a Model Context Protocol (MCP) server.
    This enables AI assistants to interact with WebCalendar data via API tokens.
  • Implemented JSON-RPC handling, API token validation, rate limiting, and CORS support
    for the MCP server.

• Enhanced Testing & Code Quality:

  • Added comprehensive unit tests in for date repetition
    logic, covering various scenarios, DST, and edge cases.
  • Included new unit tests.

v1.9.13

WebCalendar v1.9.13 Release Notes

New Features / Major Changes

• New Bootstrap 5 single-page installer wizard -- Replaced the legacy install/ directory with a modern
  installer in wizard/ featuring step-by-step AJAX navigation, real-time validation, database upgrade
  detection, headless CLI mode for automated deployments, and post-install security recommendations (#608)
• Switched rich text editor from CKEditor v4 to TinyMCE 7.x -- CKEditor v4 is no longer supported and has
  open vulnerabilities; CKEditor v5 is not open source, so TinyMCE was chosen as the replacement
• Dark/light theme support -- Added user option to choose between dark and light themes
• PostgreSQL improvements -- Full support for new installs and upgrades with PostgreSQL, including dev
  Dockerfile support
• Unique PHP session names per install directory -- Allows multiple WebCalendar installs on the same
  server without login session conflicts
• Added complete-translation.py tool -- Assists in completing partial translations using OpenAI

Security

• Fixed XSS vulnerability in report name
• Fixed CSRF vulnerability in reject_entry.php
• Fixed privilege escalation in user profile -- Users editing their own profile could set themselves as
  administrator

Bug Fixes

• Fix upgrade to v1.9.12 not extending the length of the user password field
• Fix JSON parsing for layers
• Fix reminders sent at the wrong time when recurring events cross DST boundaries
• Fix "remember me" on login page (#527)
• Fix undo button in UAC access.php (#530)
• Fix week view display issues (#529)
• Fix JavaScript global variables in edit_entry.php referring to non-distinct arrays
• Fix "Export All" checkbox on the export page
• Fix category bugs: could not create global categories (#510), global categories not loading after
  cat_owner NULL change, error when creating a new category (#496), could not set category for event (#507)
• Fix advanced search crash when category filter was used
• Fix username bug on groups.php -- usernames with special characters prevented editing groups
• Fix PHP error when rejecting an event with no participants
• Fix broken install/session when home directory contains invalid session name characters
• Fix alignment of mini-calendars on month view
• Fix purge.php -- missing database reference in FROM clause
• Fix edit_entry.php -- PHP 8 no longer considers empty string equal to 0
• Fix deleted users still being assignable to groups
• Fix Event class -- allow null $_dueDate to prevent fatal error in month.php

PHP 8 Compatibility

• Extensive fixes for PHP 8.0, 8.2, and 8.3 deprecation warnings and type errors across the codebase
• Removed legacy mssql and mysql extension code (not supported in PHP 8); added blob handling for mysqli
• Replaced deprecated HTML attributes and tags with HTML5 equivalents

Installer / Wizard

• SQLite3 fixes for dbi4php.php and SQL used during install (#587)
• Refactored headless installer with environment variable support and improved error handling
• Added button in installer to view PHP details (version, modules, etc.)
• Removed requirement to run MariaDB shell for install permissions

UI / UX Improvements

• Improved base image styling and typography
• Smooth scrolling instead of jumping
• Better paragraph spacing and multi-line alignment
• Layout fixes across calendar views
• Converted elements to elements

Translations / i18n

• Updated German translation with "Default Visibility" (#593) and completed missing entries
• Updated and converted Spanish translation to UTF-8
• Updated Polish (UTF-8) and French translations with missing entries
• Fixed HTTP charset header -- Apache was sending UTF-8 regardless of the HTML meta tag, causing rendering
  issues for non-UTF-8 charsets (#448)
• Standardized translation file naming and encoding; all new language files are UTF-8

Dependencies

• Bumped actions/checkout from 2 to 6
• Bumped actions/cache from 3 to 4
• Bumped docker/build-push-action from 5 to 6
• Bumped phpunit/phpunit to 9.6.16
• Updated bootstrap-icons to latest version
• Updated composer.json / composer.lock

CI / DevOps

• Added new GitHub workflow to perform automated test install with SQLite3
• Added PHP syntax checking GitHub workflow
• Docker: added PostgreSQL dev container, removed PHP 7 Docker files, updated Dockerfile
• Updated Docker Compose documentation to use docker compose (v2)

Code Quality / Maintenance

• Numerous spelling corrections, redundant code removal, and code style standardizations
• Added unit tests for Event.php class
• Ensured admin.php remembers the DEFAULT_VISIBILITY setting (#592)
• Added select_db call before queries in dbi_query function

WebCalendar v1.9.10

New Features:

• Added a git workflow to build and publish a development Docker image.

Improvements:

• Updated WebCalendar version to v1.9.10.
• Enhanced the logout link to include a CSRF token for added security.
• Reworked HTML files that were not created by Perl.
• Utilized new-ish PHP functions to shorten the code.
• Reworked PHPDoc for clearer documentation.
• Updated PHPUnit from version 9.6.12 to 9.6.13.
• System-wide default can now be set for access type, with users also being able to override with a personal setting.

Bug Fixes:

• Addressed a CSRF issue related to the logout link.
• Fixed Issue #147, where imports with 'webcal://' might not have been working.
• Resolved an issue in edit_entry.php where the date selection appeared instead of the time selection.
• Made corrections for the install page and settings related to cachedir.
• Resolved a PHP warning and fixed an issue with SVG files.
• Addressed a broken unit test and fixed URI in phpunit.xml.
• Fixed an issue related to an undefined variable.

Docker Related:

• Updated docker/build-push-action from v3 to v5.
• Updated docker/login-action from v2 to v3.
• Updated actions/checkout from v2 to v4.

Misc:

• Various corrections and typo fixes.
• Merged multiple pull requests to enhance the overall functionality and reliability of WebCalendar.

WebCalendar v1.9.8

Enhancements:

• Release Process: Improved the release process and addressed debugging.
• GitHub Workflow: Introduced a workflow for automatically creating releases on updates to the "release" branch.
• Testing: Enhanced testing with the introduction of pytest code for UI tests. Plans are in place to integrate it into GitHub actions for better validation during merges and PRs.
• Admin Settings: Added options in Admin Settings to disable CSRF check and to manage iframe restrictions. Tooltip issues in edit_entry.php have also been addressed.
• PHP Support: Made several PHP 8 related changes and fixes.
• Addressed issue with category selection for events.
• Introduced the bump_version.sh script for better version management.
• Updated third-party dependencies, including PHPMailer, ckeditor, and PHPUnit.
• Enhanced support for WebCalendar within Docker by allowing environment variables for application settings.
• Improved the upgrade process, simplifying updates when no DB changes are required.

Bug Fixes:

• Addressed issue with category selection for events.
• Fixed HTML error in admin.php.
• Addressed issues with the DB upgrade process, especially when using environment variables.
• Made several fixes related to PHP warnings.
• Addressed an XSS vulnerability in the location event field.
• Fixed a bug with ICS parsing related to line folding in event descriptions.
• Addressed an "Invalid referring URL" issue during user or calendar creation.

Dependencies & Integrations:

• Updated various dependencies for better performance and security.
• Added new workflows for CI/CD and Docker image management.
• Moved to using local installation of CKEditor rather than an external CDN.
• PHP 8 support has been introduced, which included various required syntax adjustments.

Miscellaneous:

• Simplified the WebCalendar updating mechanism, allowing for automatic updates when no DB schema changes are detected.
• Refactored configuration management (config.php) to support environment variables, paving the way for easier Docker deployments.
• Various minor fixes and adjustments to improve the overall functioning and security of the application.

v1.9.1

Version 1.9.1 of WebCalendar is an early release of the new Bootstrap-based user interface. Other changes include:

• Numerous security fixes (XSS, CSRF)
• Adopted use of composer for managing dependencies
• Many of the pages have been rewritten to remove old iframes (layers, remote calendar, resource calendars, user management) and replace with AJAX-based pages
• Switched UI to use Bootstrap v4.6.1 and jQuery 3.5.1
• Removed old prototype.js and other misc javascript files
• Updated PHPMailer to 6.6.0 from 5.2
• Upgraded password hashing to be more secure
• Switched icons to use bootstrap-icons
• Various bug fixes and pull requests submitted since 1.3.0 release
• Bugfix for install error on 1.9.0 release

v1.9.0

NOTE: Install 1.9.1 rather than this release. I've removed the installation files from this release. This release has an install bug that is fixed in v1.9.1.

Version 1.9.0 of WebCalendar is an early release of the new Bootstrap-based user interface. Other changes include:

• Numerous security fixes (XSS, CSRF)
• Adopted use of composer for managing dependencies
• Many of the pages have been rewritten to remove old iframes (layers, remote calendar, resource calendars, user management) and replace with AJAX-based pages
• Switched UI to use Bootstrap v4.6.1 and jQuery 3.5.1
• Removed old prototype.js and other misc javascript files
• Updated PHPMailer to 6.6.0 from 5.2
• Upgraded password hashing to be more secure
• Switched icons to use bootstrap-icons
• Various bug fixes and pull requests submitted since 1.3.0 release

v1.3.0

WIP! - Initial zip file was missing some stuff... will repost soon!

This 1.3.0 (15 Mar 2019) release of WebCalendar is the latest stable maintenance release.
Changes for this release focus on bug fixes, security improvements and PHP 7.2 compatibility.

The list of changes include the following (see git log for complete list of changes):

• Updated PHPMailer to 5.2.26 (includes security fixes)
• Issue #133: Can't Login to Admin account – PHP Fatal error – PHP 7.2
• PHP7 fix: split function no longer available
• Issue #98 - Global categories only visible for administrative users
• Issue #62 - "dbi_update_blob" is not implemented for mysqli
• Avoid PHP warning on ob_flush
• Merge pull request #114: improve custom trailer output
• Merge pull request #117: Fix Italian for "Location"
• Merge pull request #118: Update Italian translation
• Merge pull request #124: Fixed PHP warning
• Merge pull request #108: Fix "WebCalendar Error: Invalid referring URL" when adding entries or entering admin menus etc.
• Merge pull request #106: Truncate the cal_name data to 30 characters or less to avoid SQL errors on long filenames for event attachments
• Fix for PHP warning on addslashes param being an array
• Merge pull request #58: compressed/minified images
• Issue #80: PHP error for non numeric values when using undefined variables
• Issue #54 - Double quote appears around mail settings in admin.php
• Issue #64 - Change db call to check webcal_categories.cat_owner rather than webcal_entry_category to determine if a category is global
• Issue #76 - Javascript error in includes/js/users.php prevents access to certain tabs
• Issue #53 - PHP compile error on access.php
• Fix PHP warnings for undeclared array $tmp[]
• Updated unit tests for phpunit-8.0 compatibility

1.2.9

Version 1.2.9 (24 Aug 2017)

• Fixed PHP compile error in login.php.

1.2.8

NOTE: Please use 1.2.9 which fixes a PHP compile error in login.php

This is the latest stable maintenance release of WebCalendar.
Version 1.2.8 (11 Aug 2017)

• Cross-site scripting (XSS) fixes.
• Updates to supper PHP7. PHP 5.3 is now minimum PHP version required.
• Added missing code for mysqli support.
• Gracefully handle if the function ob_gzhandler is not available.