1. 01 Oct, 2019 1 commit
    • Ivo Fokkema's avatar
      Fixed only_rows option for VLs. · 216ffc38
      Ivo Fokkema authored
      - It was broken a few years ago when the VL settings moved to $_SESSION.
      - Let $_GET override the only_rows setting for VLs.
      - Make sure only_rows doesn't get saved in $_SESSION, to avoid problems the next time the VL is loaded not over ajax.
      - This fixes the problem where deleting a single log entry didn't load the next page's first log entry.
  2. 25 Sep, 2019 1 commit
  3. 28 Aug, 2019 1 commit
  4. 22 Aug, 2019 4 commits
    • Ivo Fokkema's avatar
      Fixed bug; Screening ViewList on Individual VE was authorized for Curators, but the Ajax-VL wasn't. · c50552ea
      Ivo Fokkema authored
      - This means Curators couldn't search for non-public Screenings on the VL on this VE.
      - Now it loads the needed authorization.
    • Ivo Fokkema's avatar
      Fixed bug; Variant ViewLists on Individual and Screening VEs were authorized... · 224504cb
      Ivo Fokkema authored
      Fixed bug; Variant ViewLists on Individual and Screening VEs were authorized for Curators, but the Ajax-VL wasn't.
      - This means Curators can't search for non-public variants on the VL on either of these VEs.
      - Now it loads the needed authorization.
    • Ivo Fokkema's avatar
      Made it a bit harder for ViewLists to get their ColsToSkip overridden. · 30a38232
      Ivo Fokkema authored
      - Hiding columns for a VL is stored in session upon defining the VL. However, VLs can be loaded independently of being defined first, for the External Viewer.
      - To allow for the External Viewer to hide columns, VLs could be told to hide additional columns. However, this was overwriting the current list of hidden columns, allowing special requests that would columns previously hidden.
      - For the Users VL, which was opened up to Submitters due to the Colleagues feature, overwriting the ColsToSkip was prevented in the VL code specifically, to hide sensitive data.
      - Added a global solution that makes sure for other VLs the list doesn't get overwritten either, but merged instead. This prevents pre-defined VLs to lose their ColsToSkip using specially crafted requests.
      - However, as the External Viewer just loads undefined VLs, it can be configured to show all columns in these VLs. As such, if the ColsToSkip feature is ever used to hide sensitive data, these columns need to be defined in the VL code itself.
    • Ivo Fokkema's avatar
      Fixed security issue in loading the authorization for ViewLists. · 849fcb82
      Ivo Fokkema authored
      - During Find & Replace implementation, the code was changed to load the gene-specific authorization using $_REQUEST rather than $_GET. However, the filtering of the results was still using $_GET. Hence, authorizations can be loaded forging a $_POST request while not necessarily filtering the results using $_GET.
      - This allowed Curators to craft special requests to load VLs with non-public data of other genes.
      - Solved this by enforcing filtering when authorizing Curators.
  5. 09 Aug, 2018 2 commits
  6. 16 Jan, 2018 1 commit
    • Ivo Fokkema's avatar
      Fixed bug; Security bug and broke external viewer. · a21c7d2c
      Ivo Fokkema authored
      - aColsToSkip was now trusted to be set in SESSION, but we did not check if it actually was set in SESSION. The recent removal of code that enforced the removal of certain columns for lower level users, allowed these users to forge an AJAX request that would show the links anyway. Reinstated this code.
      - aColsToSkip was needed for the external viewer. Not being able to set it anymore, resulted in lots of additional columns for the country node views.
  7. 20 Nov, 2017 1 commit
  8. 15 Nov, 2017 2 commits
  9. 01 Nov, 2016 1 commit
    • Ivo Fokkema's avatar
      Imported minor changes from LOVD+, not affecting LOVD3 behavior. · 51c5036c
      Ivo Fokkema authored
      - The code bases of LOVD3 and LOVD+ are brought closer together.
      - Introduced the LOVD_plus constant, which tells the code base whether this is an LOVD3 or LOVD+ installation.
      - Some changes specifically for LOVD+ are introduced in the LOVD3 code base, only active when LOVD_plus is set to true.
      - These changes are mostly cosmetic, but decrease the differences between LOVD3 and LOVD+, making it easier to share improvements.
      - Introduced changes:
        - Minimum user level needed for submitting data or seeing non-public data is now configurable, and is different for LOVD+.
        - LOVD+ has a different logo, and has submitter registration disabled by default.
  10. 07 Sep, 2016 2 commits
    • Ivo Fokkema's avatar
      Minor changes. · 0eedaa48
      Ivo Fokkema authored
      - Coding style fixes.
      - Some code simplifications.
      - Removed duplicate changelog entries.
    • Ivo Fokkema's avatar
      NULL values in columns are now handled properly. · 1082913b
      Ivo Fokkema authored
      - You could not prepend or append an empty field if it contained NULL.
      - Removed an unneeded underscore from the preview column.
      - Added information to the F&R warning that you'd better create a backup first.
      - Applied coding styles.
  11. 05 Sep, 2016 1 commit
  12. 02 Sep, 2016 3 commits
  13. 14 Jul, 2016 1 commit
    • Ivo Fokkema's avatar
      Fixed bug; Submitters could find a way to access the full users list. · fb9819b8
      Ivo Fokkema authored
      - Submitters have access to the Users object for access sharing.
      - This access was partially granted in 3.0-16, but the actual security issue was introduced later when the VL was released to submitters, so they could search and sort the access sharing VL.
      - Certain columns were hidden for security reasons by the access sharing page, but manipulating the VL directly allowed any submitter to get a full list of the LOVD users with full columns.
      - The columns hidden in the access sharing page are now forced to be hidden in any users VL for submitter level users.
      - Additionally, hid the username field, and unhid the ID field.
      - Fixed typo in changelog.txt.
  14. 01 Jul, 2016 1 commit
  15. 17 Jun, 2015 1 commit
    • Ivo Fokkema's avatar
      Reviewed r578: · 1a3d3527
      Ivo Fokkema authored
      - Unique variant view link to full variant view now does a full match search on the cleaned DNA field, not a partial search.
      - Fixed typo in variants.php.
      - Added relevant comments to class/objects.php.
      - Fixed typos in comments in class/object_custom_viewlists.php and improved comments.
      - Minor coding style fixes in class/object_custom_viewlists.php.
      - First replace odd characters, then trim() DNA field for obtaining the clean DNA format.
      - Changed separator for variant effect field to match other fields.
      - Other minor changes in class/object_custom_viewlists.php.
      - Fixed mistake in date in header of ajax/viewlist.php.
      - Fixed typo in changelog.txt and rephrased previous addition.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@582 a7477d18-a37e-46de-aef1-57953c184492
  16. 29 May, 2015 1 commit
  17. 13 Mar, 2014 1 commit
  18. 26 Sep, 2013 1 commit
    • Ivo Fokkema's avatar
      New feature while selecting transcripts for a variant, and minor other modifications: · bca09bb5
      Ivo Fokkema authored
      - While managing the transcripts for a certain variant, the distance between the variant and the transcripts are now shown. The default sort order is on this column, so nearly transcripts are easily picked.
      - For this, I needed to add the Genes and DistanceToVar custom viewlists, and adapt the Transcripts custom viewlist.
      - Adapted ajax/viewlist.php to allow for this new custom viewlist.
      - Widened the gene ID column in the transcripts viewlist to conform to the larger width used elsewhere.
      - Removed no longer needed FIXME's about the lovd_AJAX_viewListAddNextRow() function not working properly on IE7 and IE8.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@337 a7477d18-a37e-46de-aef1-57953c184492
  19. 28 Jun, 2013 1 commit
  20. 08 Mar, 2013 1 commit
    • Ivo Fokkema's avatar
      Added custom column full data download and fixed bug in user registration: · 2e076cc6
      Ivo Fokkema authored
      - Fixed bug; When registering, the password fields were optional. This bug was introduced over a year ago in r102 (3.0-alpha-07).
      - Removed leftover comment in ajax/viewlist.php.
      - Fixed notice in inc-ini.php when using older config.ini file.
      - Custom columns can now be downloaded in the LOVD import format, to facilitate backups or to share custom column settings with other LOVDs.
      - Clarified difference between download formats in VL menus.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@290 a7477d18-a37e-46de-aef1-57953c184492
  21. 24 Jan, 2013 1 commit
    • Ivo Fokkema's avatar
      Fixed two bugs and some more work on the tab's menus: · 1b73837b
      Ivo Fokkema authored
      - Fixed bug; In emails sent when a screening entry had been edited, the "Edited by" field was numeric, instead of showing the user's name.
      - Fixed bug; The "Download selected entries" option didn't work because of an overly strict security feature.
      - Added links to Variant tab to check out the VOG columns.
      - Pages belonging to the Setup area now have the Setup tab highlighted.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@277 a7477d18-a37e-46de-aef1-57953c184492
  22. 03 Jul, 2012 1 commit
    • Ivo Fokkema's avatar
      Added Reference Sequence Parser (most of the work done by Gerard Schaafsma),... · b5ed8ea4
      Ivo Fokkema authored
      Added Reference Sequence Parser (most of the work done by Gerard Schaafsma), fixed some bugs, and minor additions:
      - Added more fixes to ajax/map_variants.php; fixed typo in SQL query and fixed more problems with removed transcripts or UDs without transcripts.
      - You can now open the Mutalyzer prediction page from the variant data entry form, by clicking on the mark besides the protein field after a successful prediction has been run.
      - LOVD 3.0 can no longer be configured for hg18, but existing installations will still be supported.
      - Fixed some typos and textual changes.
      - The template footer now flushes completely.
      - The quick download format for data lists are now only available for properly authorized users.
      - Included version 3.0-beta-07 of official LOVD Reference Sequence Parser script.
        * Compared to LOVD 2.0, the greatest improvement is that this script downloads the reference sequence from Mutalyzer, and therefore no longer requires GenBank files to be uploaded to LOVD.
        * It does not support generating GenBank files, like in LOVD 2.0.
      - Fixed incorrect calculation of number of transcripts for the gene VE.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@199 a7477d18-a37e-46de-aef1-57953c184492
  23. 11 May, 2012 1 commit
    • Ivo Fokkema's avatar
      More fixes, mostly on custom column handling: · 55ef271a
      Ivo Fokkema authored
      - Download format is now using Windows style newlines, so that Windows users can also easily read the files.
      - Fixed bug; When confirming variants with another screening, Internet Explorer showed all variants in the system instead of all variants in the individual. This was because the screeningids column was hidden twice in the code (in $aColsToSkip and $aColumnsViewList), then Internet explorer decided to remove the filter on this column. Double hidden columns are now no longer put in aColsToSkip twice, and I removed screeningids from $aColsToSkip.
      - Fixed bug; The "Select all" and "Select none" options in the viewlist menu didn't work on Internet Explorer.
      - Reviewed r176, some changes.
      - Implemented the XSS check exemption for the legend fields in object_columns.php and removed it from inc-lib-form.php.
      - Fixed bug; Curators could see the list of enabled columns, but they couldn't submit the viewList since ajax/viewlist.php didn't load their authorization level. This is also fixed for the standard columns overview which was opened to Curators.
      - Fixed bug; Curators could not add custom columns to their genes since their authorization was not loaded properly.
        * Improved error message when trying to enable custom columns that already have been enabled everywhere, since we don't have a working check on the menu links so people will end up trying to enable columns that already have been enabled everywhere.
        * Fixed bug; When curators tried to enable or remove a column that was already enabled or removed for all their genes, but still could be enabled or removed for others, there was no error message but a form with empty selection list instead.
      - Enabled link from gene- and disease-specific column viewEntries to directly remove the column from the target.
      - Fixed bug; ViewLists, not loaded through Ajax, searched with $_GET variables, but not returning results, did not produce the last piece of Javascript such that the menu was unavailable and the search term couldn't be removed due to a JS error.
      - Fixed bug; The update checker returned errors if no diseases were configured in the database yet.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@177 a7477d18-a37e-46de-aef1-57953c184492
  24. 03 May, 2012 1 commit
    • Ivo Fokkema's avatar
      Many improvements to custom column handling, and bug fixes: · 2ad234ba
      Ivo Fokkema authored
      - Implemented a dropdown menu at the gene's and disease's detailed views, instead of one long row of links.
      - From a gene's or disease's detailed view, you can now view a list of its active columns. From there, you can also change the order in which the columns are shown in the system.
      - Fixed bug; The new template class was not activated correctly in objects.php and object_transcript_variants.php.
      - Fixed bug; PDO was not implemented completely in LOVD_Objects::loadEntry() and LOVD_Transcript_Variants::loadEntry().
      - Fixed bug; When running a query with arguments but not halting on a query error, the error was lost since the PDOStatement instance was deleted. Adapted LOVD_PDO to store the error in such case in the database handler, where LOVD_PDO::formatError() can find it.
        * Also created LOVD_PDOStatement::formatError() to get the error from the PDOStatement and not the PDO database handler, for handling non-fatal errors in prepared statements executed in the LOVD code.
      - On success, LOVD_Object::viewList() now returns the total number of hits, instead of true.
      - Moved jQuery from only the full printHeader to also the "clean" printHeader, since we needed it for sorting custom columns.
      - Fixed bug; The gene's external link field accepted input that did not result in a proper link.
      - From the custom column's list, you can now easily select only a specific category of columns.
      - The code in columns.php is now used to change the *default* order of shared object custom columns, clarified this in the code.
      - Fixed bug; One of the changes made in 3.0-beta-04 to the dropdown menu script had adverse side effects, so it was reverted.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@172 a7477d18-a37e-46de-aef1-57953c184492
  25. 24 Apr, 2012 1 commit
    • Ivo Fokkema's avatar
      Fixed several bugs and fully implemented the template class. · 0b5ef239
      Ivo Fokkema authored
      - Fixed bug; When not logged in, no variant descriptions on transcripts could be viewed.
      - SeattleSeq import will now describe variants as p.(=) only if they are more than 10 bases away from the nearest splice site.
      - Removed some old commented code in setup.php.
      - Added $_PE ($_PATH_ELEMENTS) for less typing and PATH_COUNT to prevent !empty($_PATH_ELEMENT[2]) calls.
      - Fixed bug; the "External links" field could not be filled in with link descriptions, because the XSS security check didn't allow it.
      - Fixed bug; lovd_checkXSS() was not properly protected against XSS itself.
      - Cleaned up the gene homepage, which had way too many columns enabled.
      - Added myself to the programmer's list where I forgot to do so in the past, and fixed "Programmer" header where it should be "Programmers" instead.
      - The install and uninstall procedures now also use the template, which was modified to look more like the install/inc-top.php and install/inc-bot.php files.
        * Removed ROOT_PATH references in Template::printFooter() that made image loads fail in the install directory.
        * Removed last inc-top and inc-bot includes and removed all 6 include files.
      - Fixed mistaken printHeader() that should have been a printFooter() in class/objects.php.
      - Renamed _NOT_INSTALLED_ to NOT_INSTALLED, which is according to the coding standards.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@165 a7477d18-a37e-46de-aef1-57953c184492
  26. 20 Apr, 2012 1 commit
  27. 21 Mar, 2012 1 commit
    • Ivo Fokkema's avatar
      Multiple bug fixes and changes after code reviews: · 79ca288b
      Ivo Fokkema authored
      - Reviewed r134, minor change.
      - Reviewed r137, minor changes:
        * Columns can now only be removed when they're not created by LOVD, like in LOVD 2.0.
        * Standardized the columns?delete a bit, removed old LOVD 2.0 code from columns.php.
      - Reviewed r138, minor improvements added.
      - Replaced some old lovd_queryDB() calls with PDO calls in class/objects.php.
      - Fixed bug; The email sent after a submitter registers, did not contain a proper link directly to the user's profile.
      - Fixed notice directly after a submitter registers.
      - The email forwarded to the admin after a submitter registers, now has a proper Reply-To header.
      - Fixed bug; "Not authorized" messages would include the header even if the "clean" header was already included before.
      - Fixed bug; lovd_isAuthorized() returned false for users lower than managers when authorizing for variants, individuals, phenotypes and screenings.
      - Slightly optimized lovd_isAuthorized().
      - Fixed bug; lovd_matchURL() didn't correctly parse the given URLs that could result in false positives or false negatives.
      - Fixed problems with the viewList checkboxes; all checkboxes were enabled when removing a filter, after you had selected the full filter subset.
      - Fixed bug; It was not possible to activate the "Forward messages to database admin" or "Enable submitters to change data" settings.
      - Fixed bug; On servers where MySQL had the ONLY_FULL_GROUP_BY setting enabled, custom columns could not be edited nor enabled.
      - Updated variant viewLists; the genomic variants viewList no longer shows the internal type column and the variant effect column was moved to the left. The /variants/GENE viewList now correctly loads the columns active for that gene, in the correct order.
      - HGVS columns somehow not enabled had a "Delete column" link that led to a "Hack Attempt!" page.
      - The authorization unit test was expanded with authorization on variants for curators, collaborators and submitters.
      - Standardized the links to owners in various viewLists and viewEntries.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@140 a7477d18-a37e-46de-aef1-57953c184492
  28. 15 Mar, 2012 1 commit
    • Ivar Lugtenburg's avatar
      Fixed 1 bug & added some new functionalities: · 4fa528d3
      Ivar Lugtenburg authored
      - Fixed bug; Page navigation now reverts to the last page, when a page is requested that is too high.
      - Added the possibility to pass a callback function to lovd_AJAX_viewListSubmit() that will be executed when the viewList is done loading.
      - Added the possibility to add checkboxes to all entries in a viewList and a menu that allows you to perform actions to these entries.
      - Added a JS function cancelParentEvent() that prevents events from propagating to the parent elements.
      - Added a JS function lovd_recordCheckChanges() that records clicked checkboxes in a viewList and sends these ids to the viewList PHP code through GET.
      - Added a JS function lovd_showOptions() that shows a list of options(e.g. "select all/select none") in a small popup window.
      - Rewrote parts of the submission process code.
      - Implemented the new lovd_buildOptionTable() into the submission process.
      - Implemented a functionality to confirm ealier found variants with a screening.
      - Implemented a function generateRowID() in objects.php that sets the proper row_id in viewLists, because we needed this code in other parts of the viewList as well.
      - When removing a transcript from the variant descriptions LOVD will show a warning when the red cross is clicked.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@138 a7477d18-a37e-46de-aef1-57953c184492
  29. 18 Nov, 2011 1 commit
    • Ivo Fokkema's avatar
      Released 3.0-alpha-06: · b18e99ef
      Ivo Fokkema authored
      - Fixed bug; The viewLists of individuals, screenings and phenotypes has no functional anchor.
      - Fixed bug; "Owned by" and "Status" fields are now only editable for curators and higher. The status of entries edited by the data owner, will be lowered to Marked, if it was set to Public.
      - Fixed bug; Gene 'ASL' was hard coded in the VariantOnTranscript viewEntry code.
      - Fixed bug; Typing in a non-existing combo of VariantID and TranscriptID resulted in a query error without an error message.
      - Fixed bug; When leaving a Date data field empty, the database stored "0000-00-00".
      - Each object now has a fixed $aCheckMandatory array, since it's actually senseless to construct it using lots of conditions. Anyway fields in there will only be mandatory, when the field is actually in the generated form.
      - Fixed bug; When editing a variant with effects on multiple transcripts, changes to only the first transcript was stored.
      - Fixed bug; Internet Explorer users could be having some trouble with links from the "variants affecting transcripts" page, because Internet Explorer's Javascript engine does not respect the <BASE> tag.
      - The screenings edit form did not remove the user's password when the form was returned to the user.
      - Some minor code cleanups.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@99 a7477d18-a37e-46de-aef1-57953c184492
  30. 14 Nov, 2011 1 commit
    • Ivar Lugtenburg's avatar
      - Added a style for bold text to styles.css. · 66b05401
      Ivar Lugtenburg authored
      - Added a viewentry.php to the ajax folder.
      - Now put an "AND" in the WHERE clause of the SQL if there already was one defined in Objects::viewEntry().
      - Added an hidden input in viewLists for sending the nID, which is currently only used by LOVD_Transcript_Variant().
      - Row ids are now also stored in $_SESSION to make them persist when the viewLists is refreshed.
      - Removed $nID from the global statement in object_custom and made it an argument of LOVD_Transcript_Variant().
      - Objects::LOVD_Transcript_Variant() now has a working viewEntry and is already implemented in variants/<variantid>#<transcriptid>.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@97 a7477d18-a37e-46de-aef1-57953c184492
  31. 22 Aug, 2011 1 commit
    • Ivo Fokkema's avatar
      Implemented PDO connect and query interface, added custom viewList, lots of other changes: · da0ea220
      Ivo Fokkema authored
      - Implemented a PDO database connection and a PDO class overloading PDO's query methods to catch errors the LOVD way.
      - Implemented a custom viewList class, allowing easy implementation of flexible viewLists with several different data objects linked to each other.
      - objects::viewList() will no longer try and predict the column types first, it will first read out the suggested type and if none, query the database to find out the column type.
      - Added chromosome to genomic variant viewList.
      - Updated INSTALL.txt.
      - Fixed bug; Added XSS fix to lovd_displayError().
      - Moved lovd_getColumnData(), lovd_getColumnLength() and lovd_getColumnType() from inc-lib-form.php to inc-lib-init.php, since it is used by all viewLists() also.
      - Fixed bug; MySQL handles 01 very different than '01' for VARCHAR columns, so lovd_queryDB() will now always quote integers.
      - Added STATUS_IN_PROGRESS and STATUS_PENDING for unfinished submissions and completed, non reviewed submissions.
      - Reviewed r81, added some FIXME's, and applied many optimizations and minor fixes.
      - Standardized database variable usage in class/object_individuals.php.
      - Fixed bug; Could no longer select a disease to link to a gene of interest.
      - Implemented the /variants/chr# URL showing a viewList of all genomic variants on a specific chromosome.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@84 a7477d18-a37e-46de-aef1-57953c184492
  32. 25 May, 2011 1 commit
    • Ivar Lugtenburg's avatar
      Fixed 3 bugs and made some minor changes: · 1f8781d6
      Ivar Lugtenburg authored
      - FIXED BUG: Phenotype now collects the right shared custom columns.
      - FIXED BUG: Genes can now contain a "-" in their symbol.
      - FIXED BUG: Users are now redirected properly after logout.
      - Added some SQL queries to inc-upgrade to prepare the database for alpha-01
      - Added phenotype viewList and viewEntry pages.
      - Implemented a reset password functionality.
      - Variants can now be added to a screening.
      - GenomeVariants can now be created and edited using variants?create&reference=Genome and variants/<variantid>?edit respectively.
      - implemented lovd_wrapText() for the reset password functionality.
      - added a password authorization field to individuals?edit.
      - Made some minor changes.
      git-svn-id: https://humgenprojects.lumc.nl/svn/LOVD3/trunk@57 a7477d18-a37e-46de-aef1-57953c184492