Subversion Repositories oidplus

IMPORTANT

- Test all new prepared statements

- Cookie law:

	Download CookieConsent code into _3p folder, do not hotlink it

	we need to log all consents

	do we need an explicit consent at the login form?

	do we need a consent for the cookie SSL_CHECK?

- dsgvo datenschutzerklärung, agbs etc.

- Verify that logger works correctly, check if all logmasks are correct

- remove backtick operators due to sql compatibility

- the inactivity timer is much too fast!

- Does the admin feature "600_log" also show all log events from all Objects and all RAs?

- at a lot of forms, if you press "enter", the "form" will not be submitted (e.g. "create ra" plugin), cannot reproduce?

RFC

- proof read

- should the whole WHOIS output be case insensitive?

- should "distance" be mandatory?

- try to use MUST, MUST NOT, SHALL etc. according to RFC 2119

- felder die nicht optional sind => mandatory kennzeichnen

OOBE/SETUP

- There should be a "test database connection" button

SMALL THINGS

- Things like "config()->minRaPasswordLength" should not be hardcoded functions, but rather queried with normal getValue() etc.

- API : Make a function that checks if a RA exists, and use it everywhere where needed

- Should we self-host polyfill due to GDPR stuff?

- Object type plugins : name all files "plugin.inc.php" and also take care that "treeicon.png" and "icon_big.png" exist everywhere (become standard)

- when ajax.php generates a PHP error, the client gives a "syntax error" message... it would be better if the client shows the full php error? or something more user-friendly?

- freeoid: gmail app does not hyperlink the activation URL. why?

- how to avoid invite spamming?

- when a PHP error happens, the AJAX script outputs "Error: SyntaxError: Unexpected token < in JSON at position 0" ... better show the user the actual message

- "plugin.inc.php" => rename to *.class.php ? Or vice versa for object types?

- when login expired, remove entries in the treeview

- can we put even more code (e.g. object CRUD) into the plugin directory?

- disable specific functions (e.g. invite, login, rainfo, forgot password) if the plugins are not installed (check if class type is registered)

- make usage of Foreign Keys

- <abbr> in <code> wird doppelt unterstrichen

- wenn man eine well-known OID anlegen möchte, dann kommt fehler wegen replaceAsn1/replaceIri, aber die OID ist erstellt. Die API ist aber nicht reloaded. Man sieht also nicht, dass die OID erstellt wurde, und ein erneuter klick auf Insert führt zum Primary-Key fehler

- problem: wenn eine RA eingeladen werden möchte, muss man "update" drücken und die OID wird als updated markiert

- bei mehreren identifiern kann man nicht bestimmen, welcher identifier der bevorzugte sein soll!!

- show whois links only if folder "whois/" exists

- disable autocomplete on some forms

- graphical imporvements of forms (input edits aligned)

- "Documents" section: Make documentation for usage of OIDplus (for members only)

- admin config mehr user friendly, e.g. having the enable/disable object type stuff (like in registration wizard) also in the admin control panel

- it would be cool if after the login, the opened nodes in the tree would stay open

- should we log somewhere, when the admin account was logged in?

- multilang

- html checkbox: "label for" verwenden

- when javascript fails, the form will be submitted to './' , that is not good! failed javascript must return false, so that the form does not get submitted

- admin: show privacy entries from RAs (but grey, so you know that it is private)

- admin soll contact data einer fremden RA ändern dürfen

- freeoid: asn.1 und iri spalten ausblenden, da dieser arc keine IDs vergibt?

- Privacy: Mehr stufen, z.b. dass man den personal name evtl gar nicht zeigen möchte

- Man sollte "created" abändern dürfen! oder evtl ganz verstecken, wenn man es nicht weiß

- in der crud liste den titel des objekts zeigen

- natOrder() ist nur für OID gültig!!! andere sort-mechanismen für andere objekttypen erforderlich

- tinymce

	mce dirty flag:

		- wenn man wechsel (js tree select), dann soll abgefragt werden, ob tinymce dirty ist, und eine warnung bringen, also so, wie wenn man die seite neu laden würde

		- kritischer bug: seite öffnen, tiny mce editieren, speichern klicken. dann f5 neu laden (nicht strg+f5): dann ist der alte content wieder da. außer man drückt strg+f5

- jstree select: automatically scroll down

- optisch aufhübschen. dinge wie RA: mehr dinge zeigen, adresse, email etc

FUTURE

- we need to make OIDplus more compatible with non-MySQL databases (different SQL dialects)

- make use of Composer. Problems:

  * What if composer installs a version of a component, which is incompatible?

  * We need a new publishing script, because simply checking out SVN is not enough anymore. The user needs to execute composer. But what is if the user don't have composer (or dont have shell access at all?)

- implement sitemaps xml

- admin should be able to change wellknown oids?

- move oid to different arc

- bei sehr großen arcs (z.B. PEN) sollen nicht alle angezeigt werden

- unterstützung für ORS?

- Mehr "Cutting Edge Technologie" soll in diesem Projekt zum Tragen kommen: AJAX, JSON, vollständig UTF8, CRUD frameworks, PDO, HTML5, Mobiles Design, Pure CSS, Autoloading, Objektorientierung (aber nicht unbedingt MVC), ...<br>

- "Search" plugin: Feature to search inside documentation (doc/ directory)

- "Search" plugin: I want to search in all object types and RAs. Not first select the type.

- How can we make sure that example objects are not exported using oid-info.com export?

- Administrator-Interface: enable and disable object types

- detailled change-history of each oid

BUGS?

- OIDplus does not work in Safari Mobile!

	1. You cannot scroll the OID grid, as the scrolling affects the whole page, not the grid.

	2. JQueryUI sliders cannot be dragged

REJECTED IDEAS

- sollte es mehere admins geben?

- record first RA and current RA => X.660 does not have this requirement

- markers DRAFT, LEAF and FROZEN etc. => use "Protected" if you want to make it invisible

IDEAS

- make color plugin available for everyone. Admin may permanently save the colors, but users should be able to set their own theme, saved via cookies

- there should be a form where an RA can request an invitation, even if the superior RA did not invite them.

  the fact that a RA exists in the Object Table should permit the RA to invite theirself.

- beim verlassen der seite, z.b. wenn man links auf einen neuen menüpunkt klickt, soll eine abfrage kommen, ob man speichern möchte

- make a list of OIDs that do not assign ASN1/IRI identifiers (e.g. IANA PEN or ViaThinkSoft FreeOID), then reject any identifier the user provides

- sanitize IPv4, IPv6, GUID during creation

	bei IPv4 und IPv6: - if it is a single host address, don't put /32 or /128 suffix

	                   - strike unnecessary bits that are not defined in the netmask (also at the whois output)

- let the sysadmin decide if they want the title be "systemtitle - object title" or "object title - systemtitle"

- should a RA be able to mark their own oid as confidential, instead of asking the superior RA?

- sollte es eine oidplus projektseite geben anstelle nur das nackte system?

- vendor signature to plugins + viathinksoft signatures + "check" program if all signatures match

QUESTIONS

- should the collation be case sensitive or case insensitive? For Java package names, it should be case senstivie

- wort "guid" oder "uuid" verwenden?

- bit or tinyint(1) ?

- should "OID updated" be split into two categories "updated by superior" (e.g. identifiers) and "updated by owner" (description etc)?

- "updated" nicht aktualisieren, wenn man nur auf "update" klickt aber nix geändert hat

- "Documents" section: Can base of URLs/images inside the HTML be changed automatically?

GUID Management

- Leaf nodes (GUIDs) should show/edit the Title in the CRUD, so you dont have to click the GUID to see the title

- seltsamer bug: wenn ich guid:oidplus editiere, dann öffnet sich links guid:activedirectory beim neuladen des baums nach dem update. irgendwie öffnet er den zuletzt geöffneten node beim reload nochmal