Rev 138 | Rev 144 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 2 | daniel-mar | 1 | |
| 88 | daniel-mar | 2 | IMPORTANT |
| 3 | - Verify: escape everything |
||
| 4 | - Cookie law: |
||
| 85 | daniel-mar | 5 | Download CookieConsent code into _3p folder, do not hotlink it |
| 6 | we need to log all consents |
||
| 7 | do we need an explicit consent at the login form? |
||
| 8 | do we need a consent for the cookie SSL_CHECK? |
||
| 88 | daniel-mar | 9 | - dsgvo datenschutzerklärung, agbs etc. |
| 117 | daniel-mar | 10 | - Verify that logger works correctly, check if all logmasks are correct |
| 43 | daniel-mar | 11 | |
| 138 | daniel-mar | 12 | ERRORS FOUND 14 JULY 2019 |
| 13 | - oid anlegen mit ungültigem asn1 : er bringt fehler, aber die OID ist angelegt! |
||
| 14 | - wenn man "insert" nochmal klickt, obwohl objekt schon existiert, dann wird trotzdem log entry geschrieben: "object 'oid:2.999.1.123.123' created, given to RA" |
||
| 15 | |||
| 115 | daniel-mar | 16 | ADMIN AREA |
| 17 | - Allow that the admin can change user's passwort/contact data |
||
| 18 | - Admin should see log events for each RA and OID |
||
| 19 | |||
| 20 | SETUP |
||
| 21 | - Add warning that with the insertion of the database, all tables will be droppped |
||
| 22 | |||
| 125 | daniel-mar | 23 | RFC |
| 24 | - proof read |
||
| 25 | - should the whole WHOIS output be case insensitive? |
||
| 26 | - should "distance" be mandatory? |
||
| 27 | - try to use MUST, MUST NOT, SHALL etc. according to RFC 2119 |
||
| 131 | daniel-mar | 28 | - felder die nicht optional sind => mandatory kennzeichnen |
| 125 | daniel-mar | 29 | |
| 25 | daniel-mar | 30 | SMALL THINGS |
| 122 | daniel-mar | 31 | - freeoid: gmail app does not hyperlink the activation URL. why? |
| 32 | - how to avoid invite spamming? |
||
| 115 | daniel-mar | 33 | - when a PHP error happens, the AJAX script outputs "Error: SyntaxError: Unexpected token < in JSON at position 0" ... better show the user the actual message |
| 34 | - "plugin.inc.php" => rename to *.class.php ? Or vice versa for object types? |
||
| 109 | daniel-mar | 35 | - when login expired, remove entries in the treeview |
| 36 | - can we put even more code (e.g. object CRUD) into the plugin directory? |
||
| 104 | daniel-mar | 37 | - disable specific functions (e.g. invite, login, rainfo, forgot password) if the plugins are not installed (check if class type is registered) |
| 103 | daniel-mar | 38 | - mobile design: if title is too long => make system title bar multi line? |
| 88 | daniel-mar | 39 | - make usage of Foreign Keys |
| 2 | daniel-mar | 40 | - <abbr> in <code> wird doppelt unterstrichen |
| 13 | daniel-mar | 41 | - wenn man eine well-known OID anlegen möchte, dann kommt fehler wegen replaceAsn1/replaceIri, aber die OID ist erstellt. Die API ist aber nicht reloaded. Man sieht also nicht, dass die OID erstellt wurde, und ein erneuter klick auf Insert führt zum Primary-Key fehler |
| 42 | - problem: wenn eine RA eingeladen werden möchte, muss man "update" drücken und die OID wird als updated markiert |
||
| 25 | daniel-mar | 43 | - bei mehreren identifiern kann man nicht bestimmen, welcher identifier der bevorzugte sein soll!! |
| 44 | - show whois links only if folder "whois/" exists |
||
| 46 | daniel-mar | 45 | - disable autocomplete on some forms |
| 46 | - graphical imporvements of forms (input edits aligned) |
||
| 68 | daniel-mar | 47 | - "Documents" section: Make documentation for usage of OIDplus (for members only) |
| 74 | daniel-mar | 48 | - admin config mehr user friendly, e.g. having the enable/disable object type stuff (like in registration wizard) also in the admin control panel |
| 49 | - it would be cool if after the login, the opened nodes in the tree would stay open |
||
| 75 | daniel-mar | 50 | - should we log somewhere, when the admin account was logged in? |
| 88 | daniel-mar | 51 | - multilang |
| 52 | - html checkbox: "label for" verwenden |
||
| 53 | - when javascript fails, the form will be submitted to './' , that is not good! failed javascript must return false, so that the form does not get submitted |
||
| 54 | - admin: show privacy entries from RAs (but grey, so you know that it is private) |
||
| 55 | - admin soll contact data einer fremden RA ändern dürfen |
||
| 56 | - freeoid: asn.1 und iri spalten ausblenden, da dieser arc keine IDs vergibt? |
||
| 57 | - Privacy: Mehr stufen, z.b. dass man den personal name evtl gar nicht zeigen möchte |
||
| 58 | - Man sollte "created" abändern dürfen! oder evtl ganz verstecken, wenn man es nicht weiß |
||
| 59 | - in der crud liste den titel des objekts zeigen |
||
| 60 | - natOrder() ist nur für OID gültig!!! andere sort-mechanismen für andere objekttypen erforderlich |
||
| 61 | - tinymce |
||
| 62 | mce dirty flag: |
||
| 63 | - wenn man wechsel (js tree select), dann soll abgefragt werden, ob tinymce dirty ist, und eine warnung bringen, also so, wie wenn man die seite neu laden würde |
||
| 64 | - kritischer bug: seite öffnen, tiny mce editieren, speichern klicken. dann f5 neu laden (nicht strg+f5): dann ist der alte content wieder da. außer man drückt strg+f5 |
||
| 65 | - jstree select: automatically scroll down |
||
| 66 | - optisch aufhübschen. dinge wie RA: mehr dinge zeigen, adresse, email etc |
||
| 2 | daniel-mar | 67 | |
| 25 | daniel-mar | 68 | FUTURE |
| 112 | daniel-mar | 69 | - make use of Composer. Problems: |
| 70 | * What if composer installs a version of a component, which is incompatible? |
||
| 71 | * We need a new publishing script, because simply checking out SVN is not enough anymore. The user needs to execute composer. But what is if the user don't have composer (or dont have shell access at all?) |
||
| 104 | daniel-mar | 72 | - implement sitemaps xml |
| 88 | daniel-mar | 73 | - record history of an OID? |
| 74 | - admin should be able to change wellknown oids? |
||
| 2 | daniel-mar | 75 | - move oid to different arc |
| 76 | - bei sehr großen arcs (z.B. PEN) sollen nicht alle angezeigt werden |
||
| 77 | - unterstützung für ORS? |
||
| 61 | daniel-mar | 78 | - Mehr "Cutting Edge Technologie" soll in diesem Projekt zum Tragen kommen: AJAX, JSON, vollständig UTF8, CRUD frameworks, PDO, HTML5, Mobiles Design, Pure CSS, Autoloading, Objektorientierung (aber nicht unbedingt MVC), ...<br> |
| 64 | daniel-mar | 79 | - "Search" plugin: Feature to search inside documentation (doc/ directory) |
| 104 | daniel-mar | 80 | - "Search" plugin: I want to search in all object types and RAs. Not first select the type. |
| 88 | daniel-mar | 81 | - How can we make sure that example objects are not exported using oid-info.com export? |
| 82 | - Administrator-Interface: enable and disable object types |
||
| 2 | daniel-mar | 83 | |
| 115 | daniel-mar | 84 | BUGS? |
| 85 | - AJAX requests won't contain BASIC AUTH, although the page itself is |
||
| 86 | loaded via BASIC AUTH. Happens only when the query comes from local, |
||
| 87 | acessed by domain name? |
||
| 88 | (Chromium 56.0.2924.84 Built on Ubuntu 14.04, running on Raspbian 9.9) |
||
| 89 | |||
| 104 | daniel-mar | 90 | REJECTED IDEAS |
| 2 | daniel-mar | 91 | - sollte es mehere admins geben? |
| 42 | daniel-mar | 92 | - change history of each oid |
| 88 | daniel-mar | 93 | - record first RA and current RA => X.660 does not have this requirement |
| 94 | - markers DRAFT, LEAF and FROZEN etc. => use "Protected" if you want to make it invisible |
||
| 2 | daniel-mar | 95 | |
| 4 | daniel-mar | 96 | IDEAS |
| 142 | daniel-mar | 97 | - make color plugin available for everyone. Admin may permanently save the colors, but users should be able to set their own theme, saved via cookies |
| 4 | daniel-mar | 98 | - there should be a form where an RA can request an invitation, even if the superior RA did not invite them. |
| 99 | the fact that a RA exists in the Object Table should permit the RA to invite theirself. |
||
| 100 | - beim verlassen der seite, z.b. wenn man links auf einen neuen menüpunkt klickt, soll eine abfrage kommen, ob man speichern möchte |
||
| 13 | daniel-mar | 101 | - make a list of OIDs that do not assign ASN1/IRI identifiers (e.g. IANA PEN or ViaThinkSoft FreeOID), then reject any identifier the user provides |
| 26 | daniel-mar | 102 | - sanitize IPv4, IPv6, GUID during creation |
| 103 | bei IPv4 und IPv6: - if it is a single host address, don't put /32 or /128 suffix |
||
| 104 | - strike unnecessary bits that are not defined in the netmask (also at the whois output) |
||
| 4 | daniel-mar | 105 | |
| 104 | daniel-mar | 106 | QUESTIONS |
| 4 | daniel-mar | 107 | - should the collation be case sensitive or case insensitive? For Java package names, it should be case senstivie |
| 16 | daniel-mar | 108 | - wort "guid" oder "uuid" verwenden? |
| 109 | - bit or tinyint(1) ? |
||
| 61 | daniel-mar | 110 | - should "OID updated" be split into two categories "updated by superior" (e.g. identifiers) and "updated by owner" (description etc)? |
| 111 | - "updated" nicht aktualisieren, wenn man nur auf "update" klickt aber nix geändert hat |
||
| 63 | daniel-mar | 112 | - "Documents" section: Can base of URLs/images inside the HTML be changed automatically? |
| 4 | daniel-mar | 113 | |
| 16 | daniel-mar | 114 | GUID Management |
| 115 | - Leaf nodes (GUIDs) should show/edit the Title in the CRUD, so you dont have to click the GUID to see the title |
||
| 116 | - seltsamer bug: wenn ich guid:oidplus editiere, dann öffnet sich links guid:activedirectory beim neuladen des baums nach dem update. irgendwie öffnet er den zuletzt geöffneten node beim reload nochmal |