Skip to content

2.8.4 #3392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
magicbug merged 9 commits into from
Dec 23, 2025
Merged

2.8.4 #3392

magicbug merged 9 commits into from
Dec 23, 2025
+172 −12

Conversation

@magicbug
Copy link
Owner

@magicbug magicbug commented Dec 23, 2025
edited by cursor bot
Loading

This pull request introduces several improvements across the application, focusing on enhanced logbook sharing and permissions, improved error handling, and additional user interface features such as logbook embedding. It also includes a new migration to tag the application as version 2.8.4.

Logbook Sharing, Permissions, and Access Control:

  • Expanded the logic in Logbook_model::check_qso_is_accessible to allow QSO access not only for the owner but also for users with read access to the active logbook, supporting shared logbooks and permissions.
  • Updated SQL queries in Setup_model to count logbooks that the user either owns or has been granted permissions to, ensuring accurate reporting of accessible logbooks. [1] [2]
  • Improved the delete_relationship method in Logbooks.php to use profile_clean for station lookup and to provide user feedback if the station location is not found. [1] [2]

User Interface Enhancements:

  • Added an "Embed Code" button and modal to the logbooks index page, allowing users to easily generate and copy an iframe code to embed their public logbook widget on external sites. [1] [2]
  • Included a "Powered by Cloudlog" footer in the embedded widget view.

Error Handling and Data Validation:

  • Improved error handling in the Logbook.php controller to guard against inaccessible or missing QSOs, preventing null dereference and redirecting users with a notice.
  • Added checks before assigning DXCC entity names to avoid errors when entity data is missing in various controller methods. [1] [2] [3] [4]
  • Enhanced the QRZ import process to log an error if station_callsign is missing in imported records.

Database Migration:

  • Added migration 240_tag_2_8_4.php to tag the application as version 2.8.4 and reset the version dialog confirmation for users.
  • Updated the migration version in the configuration to 240.

Note

Logbook sharing and access

  • Extends Logbook_model::check_qso_is_accessible to allow access via active shared logbooks (read permission), not just ownership
  • Updates Setup_model counts to include logbooks with granted permissions
  • Tightens unlink logic in Logbooks::delete_relationship using profile_clean and adds "not found" feedback

UI: embed widget

  • Adds "Embed Code" button and modal in logbooks/index.php to generate copyable <iframe> for widgets/qsos/<public_slug>
  • Appends "Powered by Cloudlog" footer in views/widgets/qsos.php

Error handling and robustness

  • Guards Logbook::view($id) against missing/inaccessible get_qso results
  • Safely set DXCC names only when entity data exists; avoid null dereferences
  • In Qrz import, default missing fields and log when station_callsign is absent

Migration

  • Adds application/migrations/240_tag_2_8_4.php and bumps config/migration.php to 240 (version 2.8.4)

Written by Cursor Bugbot for commit 30ee758. This will update automatically on new commits. Configure here.

@magicbug
Fix undefined index error for DXCC entity name
429d23f 
Added a check to ensure the DXCC entity is an array and contains a 'name' key before assigning 'dxcc_name' to prevent undefined index errors.
@magicbug
Handle missing or inaccessible QSO in logbook view
3c2d846 
Adds a check to ensure that if a QSO is not found or not accessible, the user is redirected to the dashboard with a notice. This prevents errors when attempting to access non-existent or unauthorized QSOs.
@magicbug
Add checks for entity name in DXCC lookup
e78dedc 
Wrapped assignments of 'dxcc_name' with checks to ensure the entity is an array and contains a 'name' key. This prevents potential errors if the entity lookup fails or returns unexpected data.
@magicbug
Handle missing station_callsign in QRZ import
1aeec6e 
Added a check and error log for missing station_callsign during QRZ import. This helps identify records with incomplete data and prevents potential issues when processing QSOs.
@magicbug
Improve logbook ownership checks and permissions
1583590 
Updated Logbooks controller to use profile_clean for station lookup and added a notice for missing stations. Enhanced Setup_model to count logbooks a user owns or has permissions for, ensuring accurate logbook statistics for users with shared access.

Fixes #3389
@magicbug
Revert "Handle missing or inaccessible QSO in logbook view"
3d77c3d 
This reverts commit 3c2d846.
@magicbug
Improve QSO access checks and error handling
d9e0fe0 
Enhanced the QSO access logic to allow access if the QSO belongs to the user or is part of a user's active logbook, including shared permissions. Added a guard in the controller to prevent accessing missing or inaccessible QSOs, redirecting with a notice if access is denied.
@magicbug
Add embed widget modal and attribution for logbooks
1a62e40 
Introduced an 'Embed Code' modal in the logbooks index to allow users to easily copy iframe code for embedding their logbook widget. Also added a 'Powered by Cloudlog' attribution to the widget view for better visibility and credit.
@magicbug
Add migration for Cloudlog version 2.8.4
30ee758 
Introduces migration 240 to update the application version to 2.8.4 and trigger the version info dialog for users. Updates migration configuration to reflect the new version.
@magicbug magicbug merged commit 339ba31 into master Dec 23, 2025
2 checks passed
cursor[bot]
cursor bot reviewed Dec 23, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on January 5

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

application/views/logbooks/index.php
title="Get Embed Code"
data-bs-toggle="modal"
data-bs-target="#embedModal"
onclick="setEmbedCode('<?php echo $row->public_slug; ?>', '<?php echo addslashes($row->logbook_name); ?>')">
Copy link

@cursor cursor bot Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incomplete JavaScript escaping breaks embed modal for special characters

The addslashes() function is used to escape logbook_name for a JavaScript string in an onclick handler, but addslashes() only escapes quotes, backslashes, and NUL bytes. It does not escape newlines, carriage returns, or other control characters. If a logbook name contains any of these characters, the resulting JavaScript string literal would be syntactically invalid, causing the embed button to fail silently. Using json_encode() would properly escape all special characters for JavaScript context.

Fix in Cursor Fix in Web

application/models/Logbook_model.php
$sharedQuery = $this->db->get($this->config->item('table_name'));
if ($sharedQuery->num_rows() == 1) {
return true;
}
Copy link

@cursor cursor bot Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Read-only users can delete/modify QSOs in shared logbooks

The expanded check_qso_is_accessible function now allows access when a user has only 'read' permission to a shared logbook. However, this function is used as a gatekeeper for destructive operations like delete() and paperqsl_update(). This means a user granted read-only access to a shared logbook can now delete or modify QSOs they shouldn't be able to change. The shared-logbook check uses check_logbook_is_accessible($activeLogbookId, 'read') but the calling code in Qso.php uses the result to authorize deletions and updates.

Fix in Cursor Fix in Web

application/views/logbooks/index.php
title="Get Embed Code"
data-bs-toggle="modal"
data-bs-target="#embedModal"
onclick="setEmbedCode('<?php echo $row->public_slug; ?>', '<?php echo addslashes($row->logbook_name); ?>')">
Copy link

@cursor cursor bot Dec 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incomplete JavaScript escaping breaks embed modal for special characters

The addslashes() function is used to escape logbook_name for a JavaScript string in an onclick handler, but addslashes() only escapes quotes, backslashes, and NUL bytes. It does not escape newlines, carriage returns, or other control characters. If a logbook name contains any of these characters, the resulting JavaScript string literal would be syntactically invalid, causing the embed button to fail silently. Using json_encode() would properly escape all special characters for JavaScript context.

Fix in Cursor Fix in Web

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@magicbug