libs

[N6REJ]

PR Type

Enhancement, Documentation, Localization, Configuration changes, Other

---

Description

• Enhanced UI elements and link handling in wizard pages, including new procedures and layout adjustments.

• Improved multi-architecture support and file selection logic for better compatibility.

• Added secure XML handling, ZIP extraction functionality, and PowerShell integration for runtime and compile-time tasks.

• Broadened architecture compatibility for x64 setups and improved timer management in DLL examples.

• Updated translations for multiple languages, including new support for Tamil and Hungarian.

• Modernized HTML structure, updated revision history, and improved documentation across various files.

• Updated PHP configuration files with revised settings, improved clarity, and updated documentation links.

• Fixed typos, improved code clarity, and enhanced security with SHA256 validation.

• Added a shortcut to the Inno Setup FAQ page and updated copyright information to 2025.

---

Changes walkthrough 📝

	Relevant files
Enhancement	14 files CodeClasses.iss Enhanced UI elements and link handling in wizard pages.    bin/lib/innosetup/app/Examples/CodeClasses.iss Added a new procedure LinkLabelOnLinkClick to handle link clicks with specific behavior for sltID and sltURL link types. Introduced new UI elements: TNewStaticText with multi-line support and TNewLinkLabel with link handling. Adjusted anchoring and layout for progress bars and labels to improve UI consistency. Replaced TNewStaticText with TNewLinkLabel for URL handling in CreateAboutButtonAndURLLabel. +49/-25  64BitThreeArch.iss Improved multi-architecture support and file selection logic. bin/lib/innosetup/app/Examples/64BitThreeArch.iss Updated architecture handling to include x64compatible and Arm64 for better compatibility. Refined file selection logic for different architectures with new checks like PreferArm64Files. Improved comments and documentation for file placement and architecture-specific logic. +32/-21  CodeAutomation.iss Added secure XML handling and ZIP extraction functionality. bin/lib/innosetup/app/Examples/CodeAutomation.iss Updated XMLURL to use HTTPS for secure connections. Enhanced user prompt for XML file download and processing. Added a new procedure UnzipButtonOnClick to download and extract a ZIP file using shell automation. Included a new button for the unzip functionality in the UI. +44/-2    PowerShell.iss Demonstrated PowerShell integration for runtime and compile-time tasks. bin/lib/innosetup/app/Examples/PowerShell.iss Introduced a new script demonstrating PowerShell usage at compile and runtime. Added functionality to generate a random password and copy it to the clipboard. Included logic to retrieve and display the system's serial number during setup initialization. +87/-0    64BitTwoArch.iss Enhanced support for x64-compatible architectures.              bin/lib/innosetup/app/Examples/64BitTwoArch.iss Updated architecture handling to include x64compatible for broader compatibility. Improved documentation for architecture-specific installation logic. +10/-10  64Bit.iss Broadened architecture compatibility for x64 setups.          bin/lib/innosetup/app/Examples/64Bit.iss Updated architecture requirements to include x64compatible for compatibility with Windows 11 on Arm. Improved comments and documentation for architecture-specific setup behavior. +9/-8      CodeDlg.iss Improved folder naming and security with SHA256 validation. bin/lib/innosetup/app/Examples/CodeDlg.iss Updated default folder name to use a localized message. Replaced SHA1 hash validation with SHA256 for enhanced security. +2/-2      CodeDll.iss Improved timer management and cleanup in DLL example.        bin/lib/innosetup/app/Examples/CodeDll.iss Added KillTimer function to clean up timers during deinitialization. Enhanced MyTimerProc to handle cases where WizardForm is nil. Introduced DeinitializeSetup procedure to ensure proper cleanup. +16/-5    CodeDownloadFiles.iss Enhanced download page display and URL handling.                  bin/lib/innosetup/app/Examples/CodeDownloadFiles.iss Enabled showing base names instead of URLs in the download page. Updated download URLs to include dontcount=1 for better tracking control. +4/-2      UnicodeExample1.iss Ensured compatibility with UTF-8 encoding in Unicode example. bin/lib/innosetup/app/Examples/UnicodeExample1.iss Added a version check to ensure compatibility with UTF-8 encoding without BOM. +5/-1      Tamil.isl Added Tamil language support for Inno Setup translations. bin/lib/innosetup/app/Languages/Tamil.isl Added a new Tamil language translation file for Inno Setup. Included translations for setup messages, wizard pages, and error messages. Customized installation and uninstallation messages in Tamil. Provided Tamil-specific font and layout options in the configuration. +392/-0  Slovak.isl Updated Slovak language file with new translations and metadata. bin/lib/innosetup/app/Languages/Slovak.isl Updated Slovak language translation file to version 6.4.0+. Added new translations for extraction wizard page and related error messages. Updated metadata including the last update date. +9/-2      Hungarian.isl Added Hungarian language support for Inno Setup.                  bin/lib/innosetup/app/Languages/Hungarian.isl Added a new Hungarian language file for Inno Setup version 6.4.0+. Included translations for installation, error messages, and wizard prompts. Enhanced user experience with localized messages for setup and uninstallation. +393/-0  French.isl Updated French language file for Inno Setup 6.4.0+.            bin/lib/innosetup/app/Languages/French.isl Updated French language file to support Inno Setup version 6.4.0+. Added new translations for extraction-related messages. Improved compatibility with the latest Inno Setup features. +9/-1
Miscellaneous	1 files CodeAutomation2.iss Fixed typos and improved code clarity.                                      bin/lib/innosetup/app/Examples/CodeAutomation2.iss Fixed typos in comments for better clarity. Corrected structure names for consistency (TMonthyDate to TMonthlyDate). +3/-8
Documentation	4 files ISPPBuiltins.iss Updated copyright information for ISPP builtins.                  bin/lib/innosetup/app/ISPPBuiltins.iss Updated copyright years to reflect 2025. +2/-2      whatsnew.htm Updated revision history and modernized HTML structure.    bin/lib/innosetup/app/whatsnew.htm Modernized HTML structure and styling for better readability. Added revision history for versions 6.4.0 and 6.4.1 with detailed changes. Updated copyright information to 2025. +124/-60 license.txt Updated license copyright information to 2025.                      bin/lib/innosetup/app/license.txt Updated copyright years to reflect 2025. +2/-2      isfaq.url Added shortcut to Inno Setup FAQ page.                                      bin/lib/innosetup/app/isfaq.url Added a new shortcut file linking to the Inno Setup FAQ page. +2/-0
Localization	2 files Turkish.isl Updated Turkish translation for version 6.4.0+.                    bin/lib/innosetup/app/Languages/Turkish.isl Updated translation to reflect changes in version 6.4.0+. Added new messages for extraction and improved existing translations. +294/-287 Armenian.isl Updated Armenian translation for version 6.4.0+.                  bin/lib/innosetup/app/Languages/Armenian.isl Updated translation to reflect changes in version 6.4.0+. Added new messages for extraction and improved existing translations. +33/-27
Configuration changes	2 files php.ini-production Updated PHP configuration file with revised settings and documentation links. tools/php/php.ini-production Updated comments and documentation links from https:// to http://. Adjusted default values and descriptions for various PHP configuration settings. Added new configuration options and updated existing ones for better clarity and functionality. Removed deprecated or redundant settings and comments. +654/-585 php.ini-development Improved PHP configuration file with updated settings and comments. tools/php/php.ini-development Updated PHP configuration comments and settings for clarity and accuracy. Added or modified default values for several PHP directives. Replaced HTTPS links with HTTP in documentation references. Enhanced descriptions and examples for various PHP configuration options. +654/-583
Additional files	43 files composer.phar [link]    HashMyFiles.chm [link]    readme.txt +20/-8    Default.isl +8/-1      Example3.iss +0/-1      ISetup-dark.chm [link]    ISetup.chm [link]    Arabic.isl +393/-0  BrazilianPortuguese.isl +8/-1      Bulgarian.isl +8/-1      Catalan.isl +11/-2    Corsican.isl +56/-47  Czech.isl +9/-2      Danish.isl +8/-1      Dutch.isl +13/-6    Finnish.isl +9/-2      German.isl +9/-2      Hebrew.isl +8/-1      Italian.isl +12/-4    Japanese.isl +8/-1      Korean.isl +398/-0  Norwegian.isl +8/-1      Polish.isl +207/-199 Portuguese.isl +8/-1      Russian.isl +23/-3    Slovenian.isl +8/-1      Spanish.isl +12/-5    Swedish.isl +398/-0  Ukrainian.isl +331/-333 Setup.e32 [link]    SetupLdr.e32 [link]    lessmsi-gui.exe.config +16/-1    build-commons.properties +3/-3      php5ts.lib [link]    openssl.cnf +71/-111 install.txt +1797/-0 news.txt +169/-3  pharcommand.phar [link]    php.ini +10/-1650 php.ini.bak +1974/-0 php5embed.lib [link]    readme-redist-bins.txt +154/-392 snapshot.txt +141/-58

---

Need help?

Type /help how to ... in the comments thread for any questions about Qodo Merge usage.

Check out the documentation for more information.

[qodo-code-review]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns Multiple security concerns: Sensitive information exposure: PowerShell script generates and copies passwords to clipboard without secure handling Unsafe PowerShell execution: Uses ExecutionPolicy Bypass which disables security restrictions Insecure downloads: Downloads files from external URLs without proper validation XML processing: Potential XXE vulnerability in XML handling without proper security controls

⚡ Recommended focus areas for review Security Concern The code downloads and executes files from external URLs without proper validation. The XML file download and processing could be vulnerable to XXE attacks. XMLHTTP, XMLDoc, NewNode, RootNode: Variant; Path: String; begin if MsgBox('Setup will now use MSXML to download XML file ''' + XMLURL + ''' and save it to the source folder.'#13#13'Setup will then load, modify and save this XML file. Do you want to continue?', mbInformation, mb_YesNo) = idNo then Exit; { Create the main MSXML COM Automation object } Security Risk PowerShell execution with bypass policy and password generation could expose sensitive information. The script allows unrestricted PowerShell execution which is a security risk. #define PowerShellExe "powershell.exe" #define PowerShellCommandParam "-ExecutionPolicy Bypass -Command" #define ExecPowerShell(str Command) \ Local[0] = PowerShellCommandParam + " " + AddQuotes(Command), \ Message("Executing PowerShell command: " + Local[0]), \ ExecAndGetFirstLine(PowerShellExe, Local[0]) #define Password ExecPowerShell( \ "Add-Type -AssemblyName 'System.Web';" + \ "[System.Web.Security.Membership]::GeneratePassword(12, 4);")

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Disable HTML errors in production The html_errors setting should be set to Off in production for security reasons to avoid potential HTML injection vulnerabilities and information disclosure through error messages. tools/php/php.ini-production [538] -html_errors = On +html_errors = Off [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 8 __ Why: Disabling HTML errors in production is an important security measure to prevent potential HTML injection vulnerabilities and sensitive information disclosure through formatted error messages.	Medium
Possible issue	Handle URL launch failures Add error handling for ShellExecAsOriginalUser to handle cases where the URL launch fails, preventing silent failures. bin/lib/innosetup/app/Examples/CodeClasses.iss [108-116] procedure LinkLabelOnLinkClick(Sender: TObject; const Link: string; LinkType: TSysLinkType); var ErrorCode: Integer; begin if (LinkType = sltID) and (Link = 'jrsoftware') then ShellExecAsOriginalUser('open', 'https://jrsoftware.org', '', '', SW_SHOWNORMAL, ewNoWait, ErrorCode) else if LinkType = sltURL then ShellExecAsOriginalUser('open', Link, '', '', SW_SHOWNORMAL, ewNoWait, ErrorCode); + if ErrorCode <> 0 then + MsgBox(Format('Failed to open URL. Error code: %d', [ErrorCode]), mbError, MB_OK); end; Apply this suggestion Suggestion importance[1-10]: 7 __ Why: Adding error handling for ShellExecAsOriginalUser is important for user experience as it provides feedback when URL launches fail instead of silently failing.	Medium
	Fix floating point serialization precision The serialize_precision value should be set to -1 instead of 17 to ensure proper floating point serialization and JSON encoding. The value -1 uses dtoa mode 0 which automatically selects the best precision. tools/php/php.ini-production [292] -serialize_precision = 17 +serialize_precision = -1 [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: Using -1 for serialize_precision enables automatic optimal precision selection via dtoa mode 0, which is better than hardcoding to 17 for both serialization and JSON encoding.	Medium
	Add null check for timer cleanup Add a null check for TimerID before attempting to kill the timer to prevent potential issues if the timer was never created. bin/lib/innosetup/app/Examples/CodeDll.iss [102-106] procedure DeinitializeSetup; begin - if TimerID <> 0 then + if Assigned(TimerID) and (TimerID <> 0) then begin KillTimer(0, TimerID); + TimerID := 0; + end; end; Apply this suggestion Suggestion importance[1-10]: 5 __ Why: The suggestion adds defensive programming by checking if TimerID is assigned and resets it after cleanup, which improves robustness and prevents potential issues with uninitialized timers.	Low