Subversion Repositories oidplus

RECENT STUFF

- Cookie law:

	Download CookieConsent code into _3p folder, do not hotlink it

	we need to log all consents

	do we need an explicit consent at the login form?

	do we need a consent for the cookie SSL_CHECK?

- the inactivity timer is much too fast!

- at a lot of forms, if you press "enter", the "form" will not be submitted (e.g. "create ra" plugin), cannot reproduce?

- When you try to create an OID and have not entered an asn1 id, there should be a warning

- Multilang

	* Not yet translated:

		- includes\classes\http_class.class.php [Problem: This is a third-party code!]

		- includes\classes\phpsvnclient.class.php [Problem: This is a third-party code!]

		- plugins\publicPages\100_whois\whois\index.php [Problem: This page is kinda standalone and does not include the OIDplus code]

		- 3p\vts_fileformats\fileformats.conf [Problem: This is a third-party code!]

		- includes\classes\VtsBrowserDownload.class.php [Problem: This is a third-party code!]

	* Is there some useful German translation of the Apache 2.0 license?

- WebWHOIS: Open in new Window? Show URL without opening the page?

- Create a possibility to invoke cronjobs (VTS registration / automatic publishing) via crontab?

- Should oid_utils.inc.php, xml_utils.inc.php, oidinfo_api, etc. all be put into 3p/ (especially if they have an own ViaThinkSoft repository)?

	Note that external SVN repos need to be "hard coded" into includes/oidplus.inc.php and update/index.php

IDEAS FOR NEW FUNCTIONALITIES

- Admin plugin "Attachments" with following functionalities:

	* Show every object and its attachments, so that the admin knows what's going on

	  (Alternatively they can just look in the userdata directory using FTP)

	* Give the ability to enable/disable RA uploading/deleting

	  (Alternatively they need to do it in the configuration module and enter '0' and '1' by hand)

- Make a plugin that shows warning from plugins (via "feature-interface"), e.g. the registration plugin could warn that CURL is not working correctly etc.

	But it should also have JavaScript components, e.g. check if dev/ and other confidential folders can be accessed (see code in setup/)

- Excel/CSV import tool for bulk data import (as alternative to XML import. Maybe previous Excel->XML import tool?)

TINYMCE

- Menu entry "formats" is empty. can it be removed?

- Clicking "Paragraph" dropdown box does not work (Safari problem?)

WHOIS

- webwhois: beside TXT/XML/JSON more output modi?  CSV, S/MIME  (and add the S/MIME keypurpose to the X.509 certificates)

- whois query 'oid:' should show all root entries (subordinate entries), but there is only the message "not found"

SETUP

- There should be a "test database connection" button

WEBSVN UPDATER

- implement support for external repos!!!

DATA TRANSFER PLUGIN

- XML import: Let the user decide if existing OIDs shall be overwritten

- XML import: Let the user decide if RAs should be created

- XML import: Let the user decide if "created=now" should be set

- XML import: Waiting animation

- XML import: If output (errors) is too long, show them in a page rather than an alert() box

SMALL THINGS

- Copyright notice:

	* Currently, we have "2019", "2020" and "2019-2020". Change them all to "2019 - 2020"

	* Copyright <BY> Daniel Marschall ("by" is missing)

- RA address data: Country selection box like in OIDInfo

- We should remove "die()" whenever possible, because it is very unflexible

- offer signature checker tool to verify WHOIS responses

- minimum menu expansion level: make it configurable for all objects and plugins, e.g. so that when you open OIDplus, all OIDs till level 2 are expanded

- Revive the idea of "information objects" = OIDs that contain content

- Things like "config()->minRaPasswordLength" should not be hardcoded functions, but rather queried with normal getValue() etc.

- API : Make a function that checks if a RA exists, and use it everywhere where needed

- Should we self-host polyfill due to GDPR stuff?

- Object type plugins : take care that "treeicon.png" and "icon_big.png" exist everywhere (become standard)

- when ajax.php generates a PHP error, the client gives a "syntax error" message... it would be better if the client shows the full php error? or something more user-friendly?

- freeoid: gmail app does not hyperlink the activation URL. why?

- how to avoid invite spamming?

- when a PHP error happens (i.e. the AJAX script did not manage to output a JSON), the AJAX script outputs "Error: SyntaxError: Unexpected token < in JSON at position 0" ... better show the user the actual message

- when login expired, remove entries in the treeview

- disable specific functions (e.g. invite, login, rainfo, forgot password) if the plugins are not installed (check if class type is registered using class_exists())

- make usage of Foreign Keys

	PROBLEM: we need foreign keys with no check, because

	a) we want to keep log entries even if an object/user is deleted

	b) log_user.username can also be 'admin' (and therefore not be a foreign key to table 'ra')

	c) not every object should have a registered RA. There should be "unknown" RAs where only the email address is known

- <abbr> in <code> is double underlined; that's not good

- if you want to create a OID which is defined as well-known OID, then you get an error because of replaceAsn1/replaceIri, but the OID is still created. But the GUI will not be realoded. So, you cannot see that the OID was created, and another click at the "Insert" button will give a Primary Key Error therefore

- if you have multiple identifiers, how do you tell the system which identifier should be the preferred one?

- show whois links only if folder "whois/" exists

- disable autocomplete on some forms

- graphical imporvements of forms (input edits aligned)

- "Documents" section: Make documentation for usage of OIDplus (for members only)

- admin config mehr user friendly, e.g. having the enable/disable object type stuff (like in registration wizard) also in the admin control panel

- it would be good if after the login, the opened nodes in the tree would stay open

- should we log somewhere, when the admin account was logged in?

- html checkbox: make use of "label for"

- when javascript fails, the form will be submitted to './' , that is not good! failed javascript must return false, so that the form does not get submitted

- admin: show privacy entries from RAs (but grey, so you know that it is private)

- admin should be able to edit contact data of a foreign RA [XXX isn't that already implemented?]

- freeoid: hide asn.1 and iri columns, because the RA is not allocating these identifiers?

- .... maybe we should have a list of OIDs where the OID does not allocate ASN.1/IRI identifiers... then we can also make use of the OID-WHOIS attributes

- Privacy: More privacy levels, e.g. that you don't show your personal name etc.

- You should be able to change the "created" date for an object! Or maybe hide it completely if you don't know the original creation date?

- In the CRUD table, you should be able to see the name of the OID? But on the other hand, the title is not in the control of the Superior RA, and the CRUD table is actually the allocation table of the Superior RA.

- natOrder() does only work for OID namespace!!! other sort mechanisms are necessary for other object types

- tinymce

	mce dirty flag:

		- if you select something in the jstree, then you should be asked if you want to save your work (if tinymce is dirty); the same thing as if you would want to reload/close the page

		- critical bug: open page, edit tiny mce, click save. Then F5 reload (not Ctrl+F5): then the old content is there again. Except if you press Ctrl+F5

- jstree select: automatically scroll down

- upgrade the design; make things more pretty

- things like RA: show more things, address, email etc.

- note that we (and the RFC) talk about Objects, but actually OIDs only reference objects, but they are not the objects

DATABASE

- check if the NULL and NOT NULL definitions are meaningful. It is not good at in *_ra everything is NOT NULL

- SQLite3: Implement Natural OID sorting (natSort)

FUTURE

- make use of Composer. Problems:

  * What if composer installs a version of a component, which is incompatible?

  * We need a new publishing script, because simply checking out SVN is not enough anymore. The user needs to execute composer. But what is if the user don't have composer (or dont have shell access at all?)

- implement sitemaps xml

- admin should be able to change wellknown oids?

- move oid to different arc

- for very large arcs (e.g. PEN): maybe you should not show everything in the tree select?

- support for ORS?

- "Cutting Edge Technologie": AJAX, JSON, completely UTF-8, CRUD frameworks, PDO, HTML5, Mobile Design, Pure CSS, Autoloading, Object Oriented (maybe not MVC, though), Testing, ...

- "Search" plugin: Feature to search inside documentation (doc/ directory)

- "Search" plugin: I want to search in all object types and RAs. Not first select the type.

- How can we make sure that example objects are not exported using oid-info.com export?

- Administrator-Interface: enable and disable object types

- detailled change-history of each oid

BUGS?

- OIDplus does not work in Safari Mobile!

	1. You cannot scroll the OID grid, as the scrolling affects the whole page, not the grid.

	2. JQueryUI sliders cannot be dragged

REJECTED IDEAS

- should there be more than one admin?

- record first RA and current RA => X.660 does not have this requirement

- markers DRAFT, LEAF and FROZEN etc. => use "Protected" if you want to make it invisible

- Giving the "goto" argument OIDs instead of names, so that there are no conflict

  with plugin vendors (like it was done with the "plugin" argument at ajax.php)

	Rejected due to following reasons:

	a) The "goto" parameter should usually be human readable (especially since it is shown at the right top)...

	   Having a ViaThinkSoft OID there might get the user confused because they could think that the

	   page is a OID page request for that OID instead of a plugin page.

	b) Vendors should use something like "?goto=oidplus:com.example...."

IDEAS

- In regards multilinguality: Allow "oidplus_base$dede.css", so that languages can have their own CSS (e.g. wider "Go" button)

	But this means that a language change also need to reload the style sheet (like the color-plugin does when you click "Test")

- when a new oid is created, should we redirect to the newly created OID, so that the user can begin entering the description etc?

- when an object was not found, the error message could show the next possible known object (like WebWHOIS does)

- the "goto" quickbar (at the top right) could also be used to search something ...

- ... alternatively, the "object not found" error page could link to the search plugin

- make color plugin available for everyone. Admin may permanently save the colors, but users should be able to set their own theme, saved via cookies

- there should be a form where an RA can request an invitation, even if the superior RA did not invite them.

  the fact that a RA exists in the Object Table should permit the RA to invite theirself.

- make a list of OIDs that do not assign ASN1/IRI identifiers (e.g. IANA PEN or ViaThinkSoft FreeOID), then reject any identifier the user provides

- sanitize IPv4, IPv6, GUID during creation

	bei IPv4 und IPv6: - if it is a single host address, don't put /32 or /128 suffix

	                   - strike unnecessary bits that are not defined in the netmask (also at the whois output)

- let the sysadmin decide if they want the title be "systemtitle - object title" or "object title - systemtitle"

- should a RA be able to mark their own oid as confidential, instead of asking the superior RA?

- should there be an OIDplus project page at oidplus.viathinksoft.com instead of a "naked" system?

- vendor signature to plugins + viathinksoft signatures + "check" program if all signatures match

- have a menu item (plugin) "latest updates" which lists OIDs that have been changed or added recently?

- (unsure:) would it be good if the superior RA comment is shown in the object page itself?

- During an object insertion: If everything is empty (ASN1, IRI, comment), should then there be a warning?

- The system should warn if there are two OIDs with the same ASN.1 identifier (it is allowed, but not recommended!)

QUESTIONS

- should the collation be case sensitive or case insensitive? For Java package names, it should be case senstivie

- use word "guid" or "uuid"?

- should "OID updated" be split into two categories "updated by superior" (e.g. identifiers) and "updated by owner" (description etc)?

- Don't renew "updated" field if you just click "Update" but didn't change anything (e.g. because you just wanted to send an invitation again)

- "Documents" section: Can base of URLs/images inside the HTML be changed automatically?

PRIVACY:

- bring back "3p/cookiecontent"? DM 28 May 2019: Removed CookieConsent temporarily, because it is placed at the beginning of the page and therefore ruins the Google index ...

	=> We might not need it, because cookies are only set during login, and at the login page itself, we already warn about cookies, in addition to the Privacy documentation

GUID Management

- Leaf nodes (GUIDs) should show/edit the Title in the CRUD, so you dont have to click the GUID to see the title

- weird bug: when i edit "guid:oidplus", then, after reload the treeview after the update, "guid:activedirectory" will be opened. somehow, the last opened node will be opened during the reload?!

Repro:

- Can a previously deleted 2.999 not be created anymore? (during INSERT: "identifiers cannot be changed")