Subversion Repositories oidplus

RECENT STUFF

- Cookie law:

	Download CookieConsent code into _3p folder, do not hotlink it

	we need to log all consents

	do we need an explicit consent at the login form?

	do we need a consent for the cookie SSL_CHECK?

- Verify that logger works correctly, check if all logmasks are correct

- the inactivity timer is much too fast!

- Does the admin feature "600_log" also show all log events from all Objects and all RAs?

- at a lot of forms, if you press "enter", the "form" will not be submitted (e.g. "create ra" plugin), cannot reproduce?

- Test every function of OIDplus to ensure everything works after the recent changes in OOP

NEW FUNCTIONALITIES

- Admin plugin "Attachments" with following functionalities:

	* Show every object and its attachments, so that the admin knows what's going on

	  (Alternatively they can just look in the userdata directory using FTP)

	* Give the ability to enable/disable RA uploading/deleting

	  (Alternatively they need to do it in the configuration module and enter '0' and '1' by hand)

- Excel/CSV import tool for bulk data import

- RPC call to create OIDs via simple HTTP request

TINYMCE

- menu entry "formats" is empty. can it be removed?

- clicking "Paragraph" dropdown box does not work (Safari problem?)

WHOIS

- webwhois: beside TXT/XML/JSON more output modi?  CSV, S/MIME  (and add the S/MIME keypurpose to the X.509 certificates)

- whois query 'oid:' should show all root entries (subordinate entries), but there is only the message "not found"

RFC

- proof read

- should the whole WHOIS output be case insensitive?

- should "distance" be mandatory?

- try to use MUST, MUST NOT, SHALL etc. according to RFC 2119

- felder die nicht optional sind => mandatory kennzeichnen

SETUP

- There should be a "test database connection" button

WEBSVN UPDATER

- implement support for external repos!!!

DATA TRANSFER PLUGIN

- XML import: Let the user decide if existing OIDs shall be overwritten

- XML import: Let the user decide if RAs should be created

- XML import: Let the user decide if "created=now" should be set

- XML import: Waiting animation

- XML import: If output (errors) is too long, show them in a page rather than an alert() box

SMALL THINGS

- RA address data: Country selection box like in OIDInfo

- We should remove "die()" whenever possible, because it is very unflexible

- offer signature checker tool to verify WHOIS responses

- minimum-aufklappstufen fuer alle objekte und plugins einstellbar machen, sodass z.b. alle OIDs immer bis zur stufe 2 aufgeklappt sind, wenn man OIDplus frisch öffnet

- make use of autoloading of PHP classes

- Revive the idea of "information objects" = OIDs that contain content

- Things like "config()->minRaPasswordLength" should not be hardcoded functions, but rather queried with normal getValue() etc.

- API : Make a function that checks if a RA exists, and use it everywhere where needed

- Should we self-host polyfill due to GDPR stuff?

- Object type plugins : take care that "treeicon.png" and "icon_big.png" exist everywhere (become standard)

- when ajax.php generates a PHP error, the client gives a "syntax error" message... it would be better if the client shows the full php error? or something more user-friendly?

- freeoid: gmail app does not hyperlink the activation URL. why?

- how to avoid invite spamming?

- when a PHP error happens (i.e. the AJAX script did not manage to output a JSON), the AJAX script outputs "Error: SyntaxError: Unexpected token < in JSON at position 0" ... better show the user the actual message

- when login expired, remove entries in the treeview

- disable specific functions (e.g. invite, login, rainfo, forgot password) if the plugins are not installed (check if class type is registered using class_exists())

- make usage of Foreign Keys

	PROBLEM: we need foreign keys with no check, because

	a) we want to keep log entries even if an object/user is deleted

	b) log_user.username can also be 'admin' (and therefore not be a foreign key to table 'ra')

	c) not every object should have a registered RA. There should be "unknown" RAs where only the email address is known

- <abbr> in <code> wird doppelt unterstrichen

- wenn man eine well-known OID anlegen möchte, dann kommt fehler wegen replaceAsn1/replaceIri, aber die OID ist erstellt. Die API ist aber nicht reloaded. Man sieht also nicht, dass die OID erstellt wurde, und ein erneuter klick auf Insert führt zum Primary-Key fehler

- problem: wenn eine RA eingeladen werden möchte, muss man "update" drücken und die OID wird als updated markiert

- bei mehreren identifiern kann man nicht bestimmen, welcher identifier der bevorzugte sein soll!!

- show whois links only if folder "whois/" exists

- disable autocomplete on some forms

- graphical imporvements of forms (input edits aligned)

- "Documents" section: Make documentation for usage of OIDplus (for members only)

- admin config mehr user friendly, e.g. having the enable/disable object type stuff (like in registration wizard) also in the admin control panel

- it would be cool if after the login, the opened nodes in the tree would stay open

- should we log somewhere, when the admin account was logged in?

- html checkbox: "label for" verwenden

- when javascript fails, the form will be submitted to './' , that is not good! failed javascript must return false, so that the form does not get submitted

- admin: show privacy entries from RAs (but grey, so you know that it is private)

- admin soll contact data einer fremden RA ändern dürfen

- freeoid: asn.1 und iri spalten ausblenden, da dieser arc keine IDs vergibt?

- Privacy: Mehr stufen, z.b. dass man den personal name evtl gar nicht zeigen möchte

- Man sollte "created" abändern dürfen! oder evtl ganz verstecken, wenn man es nicht weiß

- in der crud liste den titel des objekts zeigen

- natOrder() ist nur für OID gültig!!! andere sort-mechanismen für andere objekttypen erforderlich

- tinymce

	mce dirty flag:

		- wenn man wechsel (js tree select), dann soll abgefragt werden, ob tinymce dirty ist, und eine warnung bringen, also so, wie wenn man die seite neu laden würde

		- kritischer bug: seite öffnen, tiny mce editieren, speichern klicken. dann f5 neu laden (nicht strg+f5): dann ist der alte content wieder da. außer man drückt strg+f5

- jstree select: automatically scroll down

- optisch aufhübschen. dinge wie RA: mehr dinge zeigen, adresse, email etc

DATABASE

- check if the NULL and NOT NULL definitions are meaningful. It is not good at in *_ra everything is NOT NULL

- SQLite3: Implement Natural OID sorting (natSort)

FUTURE

- multilang

- make use of Composer. Problems:

  * What if composer installs a version of a component, which is incompatible?

  * We need a new publishing script, because simply checking out SVN is not enough anymore. The user needs to execute composer. But what is if the user don't have composer (or dont have shell access at all?)

- implement sitemaps xml

- admin should be able to change wellknown oids?

- move oid to different arc

- bei sehr großen arcs (z.B. PEN) sollen nicht alle angezeigt werden

- unterstützung für ORS?

- Mehr "Cutting Edge Technologie" soll in diesem Projekt zum Tragen kommen: AJAX, JSON, vollständig UTF8, CRUD frameworks, PDO, HTML5, Mobiles Design, Pure CSS, Autoloading, Objektorientierung (aber nicht unbedingt MVC), Testing, ...<br>

- "Search" plugin: Feature to search inside documentation (doc/ directory)

- "Search" plugin: I want to search in all object types and RAs. Not first select the type.

- How can we make sure that example objects are not exported using oid-info.com export?

- Administrator-Interface: enable and disable object types

- detailled change-history of each oid

BUGS?

- OIDplus does not work in Safari Mobile!

	1. You cannot scroll the OID grid, as the scrolling affects the whole page, not the grid.

	2. JQueryUI sliders cannot be dragged

REJECTED IDEAS

- sollte es mehere admins geben?

- record first RA and current RA => X.660 does not have this requirement

- markers DRAFT, LEAF and FROZEN etc. => use "Protected" if you want to make it invisible

- Giving the "goto" argument OIDs instead of names, so that there are no conflict

  with plugin vendors (like it was done with the "plugin" argument at ajax.php)

	Rejected due to following reasons:

	a) The "goto" parameter should usually be human readable (especially since it is shown at the right top)...

	   Having a ViaThinkSoft OID there might get the user confused because they could think that the

	   page is a OID page request for that OID instead of a plugin page.

	b) Vendors should use something like "?goto=oidplus:com.example...."

IDEAS

- when a new oid is created, should we redirect to the newly created OID, so that the user can begin entering the description etc?

- when an object was not found, the error message could show the next possible known object (like WebWHOIS does)

- the "goto" quickbar (at the top right) could also be used to search something ...

- ... alternatively, the "object not found" error page could link to the search plugin

- make color plugin available for everyone. Admin may permanently save the colors, but users should be able to set their own theme, saved via cookies

- there should be a form where an RA can request an invitation, even if the superior RA did not invite them.

  the fact that a RA exists in the Object Table should permit the RA to invite theirself.

- beim verlassen der seite, z.b. wenn man links auf einen neuen menüpunkt klickt, soll eine abfrage kommen, ob man speichern möchte

- make a list of OIDs that do not assign ASN1/IRI identifiers (e.g. IANA PEN or ViaThinkSoft FreeOID), then reject any identifier the user provides

- sanitize IPv4, IPv6, GUID during creation

	bei IPv4 und IPv6: - if it is a single host address, don't put /32 or /128 suffix

	                   - strike unnecessary bits that are not defined in the netmask (also at the whois output)

- let the sysadmin decide if they want the title be "systemtitle - object title" or "object title - systemtitle"

- should a RA be able to mark their own oid as confidential, instead of asking the superior RA?

- sollte es eine oidplus projektseite geben anstelle nur das nackte system?

- vendor signature to plugins + viathinksoft signatures + "check" program if all signatures match

- have a menu item (plugin) "latest updates" which lists OIDs that have been changed or added recently?

- (unsure:) would it be good if the superior RA comment is shown in the object page itself?

- During an object insertion: If everything is empty (ASN1, IRI, comment), should then there be a warning?

- The system should warn if there are two OIDs with the same ASN.1 identifier (it is allowed, but not recommended!)

QUESTIONS

- should the collation be case sensitive or case insensitive? For Java package names, it should be case senstivie

- wort "guid" oder "uuid" verwenden?

- should "OID updated" be split into two categories "updated by superior" (e.g. identifiers) and "updated by owner" (description etc)?

- "updated" nicht aktualisieren, wenn man nur auf "update" klickt aber nix geändert hat

- "Documents" section: Can base of URLs/images inside the HTML be changed automatically?

PRIVACY:

- bring back "3p/cookiecontent"? DM 28 May 2019: Removed CookieConsent temporarily, because it is placed at the beginning of the page and therefore ruins the Google index ...

	=> We might not need it, because cookies are only set during login, and at the login page itself, we already warn about cookies, in addition to the Privacy documentation

GUID Management

- Leaf nodes (GUIDs) should show/edit the Title in the CRUD, so you dont have to click the GUID to see the title

- seltsamer bug: wenn ich guid:oidplus editiere, dann öffnet sich links guid:activedirectory beim neuladen des baums nach dem update. irgendwie öffnet er den zuletzt geöffneten node beim reload nochmal

Repro:

- Can a previously deleted 2.999 not be created anymore? (during INSERT: "identifiers cannot be changed")