Subversion Repositories oidplus

RECENT STUFF

- Cookie law:

	Download CookieConsent code into _3p folder, do not hotlink it

	we need to log all consents

	do we need an explicit consent at the login form?

	do we need a consent for the cookie SSL_CHECK?

- Verify that logger works correctly, check if all logmasks are correct

- the inactivity timer is much too fast!

- Does the admin feature "600_log" also show all log events from all Objects and all RAs?

- at a lot of forms, if you press "enter", the "form" will not be submitted (e.g. "create ra" plugin), cannot reproduce?

- In plugins, we even see things like this:

	plugins/'.basename(dirname(__DIR__)).'/'.basename(__DIR__).'/page_pictogram.png

	=> This is very ugly! We need a function like this:  OIDplus::getRelativeWebDir(__DIR__) which outputs: plugin/...../page_pictogram.png

- When a DB connection fails or if setup must be run again, it is not so good that the "die()" command is executed.

	If it happens in ajax.php, we have a problem because then the HTTP response is not valid JSON

	=> We need a new exception type "SetupRequiredException"

		index.php will catch this exception and show a nice HTML message with setup link etc.

		webwhois will catch this exception and show a plaintext message

		ajax.php don't need to catch it, since it already catches all Exception-objects

	=> We should remove "die()" whenever possible, because it is very unflexible

WHOIS

- webwhois: beside TXT/XML/JSON more output modi?  CSV, S/MIME  (and add the S/MIME keypurpose to the X.509 certificates)

- whois query 'oid:' should show all root entries (subordinate entries), but there is only the message "not found"

RFC

- proof read

- should the whole WHOIS output be case insensitive?

- should "distance" be mandatory?

- try to use MUST, MUST NOT, SHALL etc. according to RFC 2119

- felder die nicht optional sind => mandatory kennzeichnen

OOBE/SETUP

- There should be a "test database connection" button

SMALL THINGS

- offer signature checker tool to verify WHOIS responses

- web svn updater: "black list" (do not overwrite specific files like favicon.ico)

- minimum-aufklappstufen fuer alle objekte und plugins einstellbar machen, sodass z.b. alle OIDs immer bis zur stufe 2 aufgeklappt sind, wenn man OIDplus frisch öffnet

- make use of autoloading of PHP classes

- Revive the idea of "information objects" = OIDs that contain content

- Things like "config()->minRaPasswordLength" should not be hardcoded functions, but rather queried with normal getValue() etc.

- API : Make a function that checks if a RA exists, and use it everywhere where needed

- Should we self-host polyfill due to GDPR stuff?

- Object type plugins : name all files "plugin.inc.php" and also take care that "treeicon.png" and "icon_big.png" exist everywhere (become standard)

- when ajax.php generates a PHP error, the client gives a "syntax error" message... it would be better if the client shows the full php error? or something more user-friendly?

- freeoid: gmail app does not hyperlink the activation URL. why?

- how to avoid invite spamming?

- when a PHP error happens (i.e. the AJAX script did not manage to output a JSON), the AJAX script outputs "Error: SyntaxError: Unexpected token < in JSON at position 0" ... better show the user the actual message

- when login expired, remove entries in the treeview

- can we put even more code (e.g. object CRUD) into the plugin directory?

- disable specific functions (e.g. invite, login, rainfo, forgot password) if the plugins are not installed (check if class type is registered)

- make usage of Foreign Keys

- <abbr> in <code> wird doppelt unterstrichen

- wenn man eine well-known OID anlegen möchte, dann kommt fehler wegen replaceAsn1/replaceIri, aber die OID ist erstellt. Die API ist aber nicht reloaded. Man sieht also nicht, dass die OID erstellt wurde, und ein erneuter klick auf Insert führt zum Primary-Key fehler

- problem: wenn eine RA eingeladen werden möchte, muss man "update" drücken und die OID wird als updated markiert

- bei mehreren identifiern kann man nicht bestimmen, welcher identifier der bevorzugte sein soll!!

- show whois links only if folder "whois/" exists

- disable autocomplete on some forms

- graphical imporvements of forms (input edits aligned)

- "Documents" section: Make documentation for usage of OIDplus (for members only)

- admin config mehr user friendly, e.g. having the enable/disable object type stuff (like in registration wizard) also in the admin control panel

- it would be cool if after the login, the opened nodes in the tree would stay open

- should we log somewhere, when the admin account was logged in?

- html checkbox: "label for" verwenden

- when javascript fails, the form will be submitted to './' , that is not good! failed javascript must return false, so that the form does not get submitted

- admin: show privacy entries from RAs (but grey, so you know that it is private)

- admin soll contact data einer fremden RA ändern dürfen

- freeoid: asn.1 und iri spalten ausblenden, da dieser arc keine IDs vergibt?

- Privacy: Mehr stufen, z.b. dass man den personal name evtl gar nicht zeigen möchte

- Man sollte "created" abändern dürfen! oder evtl ganz verstecken, wenn man es nicht weiß

- in der crud liste den titel des objekts zeigen

- natOrder() ist nur für OID gültig!!! andere sort-mechanismen für andere objekttypen erforderlich

- tinymce

	mce dirty flag:

		- wenn man wechsel (js tree select), dann soll abgefragt werden, ob tinymce dirty ist, und eine warnung bringen, also so, wie wenn man die seite neu laden würde

		- kritischer bug: seite öffnen, tiny mce editieren, speichern klicken. dann f5 neu laden (nicht strg+f5): dann ist der alte content wieder da. außer man drückt strg+f5

- jstree select: automatically scroll down

- optisch aufhübschen. dinge wie RA: mehr dinge zeigen, adresse, email etc

DATABASE

- check if the NULL and NOT NULL definitions are meaningful. It is not good at in *_ra everything is NOT NULL

- we need to make OIDplus more compatible with non-MySQL databases (different SQL dialects)

  (currently, only MySQL/MariaDB, PostgreSQL and MS SQL are supported)

- Implement database plugin for PHP's MSSQL extension?

FUTURE

- multilang

- make use of Composer. Problems:

  * What if composer installs a version of a component, which is incompatible?

  * We need a new publishing script, because simply checking out SVN is not enough anymore. The user needs to execute composer. But what is if the user don't have composer (or dont have shell access at all?)

- implement sitemaps xml

- admin should be able to change wellknown oids?

- move oid to different arc

- bei sehr großen arcs (z.B. PEN) sollen nicht alle angezeigt werden

- unterstützung für ORS?

- Mehr "Cutting Edge Technologie" soll in diesem Projekt zum Tragen kommen: AJAX, JSON, vollständig UTF8, CRUD frameworks, PDO, HTML5, Mobiles Design, Pure CSS, Autoloading, Objektorientierung (aber nicht unbedingt MVC), ...<br>

- "Search" plugin: Feature to search inside documentation (doc/ directory)

- "Search" plugin: I want to search in all object types and RAs. Not first select the type.

- How can we make sure that example objects are not exported using oid-info.com export?

- Administrator-Interface: enable and disable object types

- detailled change-history of each oid

BUGS?

- OIDplus does not work in Safari Mobile!

	1. You cannot scroll the OID grid, as the scrolling affects the whole page, not the grid.

	2. JQueryUI sliders cannot be dragged

REJECTED IDEAS

- sollte es mehere admins geben?

- record first RA and current RA => X.660 does not have this requirement

- markers DRAFT, LEAF and FROZEN etc. => use "Protected" if you want to make it invisible

IDEAS

- when a new oid is created, should we redirect to the newly created OID, so that the user can begin entering the description etc?

- when an object was not found, the error message could show the next possible known object (like WebWHOIS does)

- the "goto" quickbar (at the top right) could also be used to search something ...

- ... alternatively, the "object not found" error page could link to the search plugin

- make color plugin available for everyone. Admin may permanently save the colors, but users should be able to set their own theme, saved via cookies

- there should be a form where an RA can request an invitation, even if the superior RA did not invite them.

  the fact that a RA exists in the Object Table should permit the RA to invite theirself.

- beim verlassen der seite, z.b. wenn man links auf einen neuen menüpunkt klickt, soll eine abfrage kommen, ob man speichern möchte

- make a list of OIDs that do not assign ASN1/IRI identifiers (e.g. IANA PEN or ViaThinkSoft FreeOID), then reject any identifier the user provides

- sanitize IPv4, IPv6, GUID during creation

	bei IPv4 und IPv6: - if it is a single host address, don't put /32 or /128 suffix

	                   - strike unnecessary bits that are not defined in the netmask (also at the whois output)

- let the sysadmin decide if they want the title be "systemtitle - object title" or "object title - systemtitle"

- should a RA be able to mark their own oid as confidential, instead of asking the superior RA?

- sollte es eine oidplus projektseite geben anstelle nur das nackte system?

- vendor signature to plugins + viathinksoft signatures + "check" program if all signatures match

- have a menu item (plugin) "latest updates" which lists OIDs that have been changed or added recently?

- (unsure:) would it be good if the superior RA comment is shown in the object page itself?

- During an object insertion: If everything is empty (ASN1, IRI, comment), should then there be a warning?

QUESTIONS

- should the collation be case sensitive or case insensitive? For Java package names, it should be case senstivie

- wort "guid" oder "uuid" verwenden?

- bit or tinyint(1) ?

- should "OID updated" be split into two categories "updated by superior" (e.g. identifiers) and "updated by owner" (description etc)?

- "updated" nicht aktualisieren, wenn man nur auf "update" klickt aber nix geändert hat

- "Documents" section: Can base of URLs/images inside the HTML be changed automatically?

PRIVACY:

- make a config.inc.php setting to disable POLYFILL.IO feature

- bring back "3p/cookiecontent"? DM 28 May 2019: Removed CookieConsent temporarily, because it is placed at the beginning of the page and therefore ruins the Google index ...

	=> We might not need it, because cookies are only set during login, and at the login page itself, we already warn about cookies, in addition to the Privacy documentation

GUID Management

- Leaf nodes (GUIDs) should show/edit the Title in the CRUD, so you dont have to click the GUID to see the title

- seltsamer bug: wenn ich guid:oidplus editiere, dann öffnet sich links guid:activedirectory beim neuladen des baums nach dem update. irgendwie öffnet er den zuletzt geöffneten node beim reload nochmal