Todo List

pls. see bugtracker

Process and release

committer acceptance guidelines
code contribution guidelines

Please help out where you can.

1. R 5.5

Roadmap
dev repo [bitbucket.org]
ChangeLog
Team Sessions

Main Focus: basic HTML5 support, address security related features

HTTP Strict Transport Security (HSTS)
Content-Security-Policy 2
Cookies, CSRF sectoken
https://www.owasp.org/index.ph[..]tication_Cheat_Sheet
SameSite Cookie attribute https://caniuse.com/#feat=same-site-cookie-attribute

Excursus

Strict-Transport-Security HTTP Response Header
- Instructs the browser to always request a domain using the HTTPS protocol instead of HTTP.
Content-Security-Policy (CSP)
- HTTP Response header, allows server to control how resources are loaded.

1.1. Security Headers

foster http_security_headers() implementation

Content-Security-Policy

Content-Security-Policy:
 default-src 'self';
 script-src 'self' 'unsafe-eval' ajax.googleapis.com google-analytics.com;
 style-src 'self' ajax.googleapis.com;
 connect-src 'self' https://api.myapp.com realtime.myapp.com:8080;
 media-src 'self' youtube.com;
 object-src 'self' youtube.com;
 frame-src 'self' youtube.com embed.ly

Content-Security-Policy:
 default-src 'self';
 script-src 'self' 'unsafe-inline';
 style-src 'self' 'unsafe-inline';
 img-src *;

replace inline scripts
disallow scripts without nonce

1.1.1. Replace inline JavaScript

see JavaScript

1.2. SafeHTML / HTMLPurifier

implement optional support for HTMLPurifier
1. http://htmlpurifier.org/download
2. http://repo.or.cz/htmlpurifier.git/shortlog/
http://www.bioinformatics.org/[..]_utilities/htmLawed/

1.3. PHP

1.3.1. PHP 7.4

https://secure.php.net/manual/en/migration74.php

1.4. MariaDB / MySQL type casting

https://dev.mysql.com/doc/refm[..]type-conversion.html
https://stackoverflow.com/ques[..]d-backticks-in-mysql

whOOt https://dev.mysql.com/doc/refm[..]ent-programming.html

1.5. Features

normalize links to other language versions of a page
- add table: lang_link[page_id, lang, target_id]
add debug option to send error log into separate file + rotate logs
add IP block to ban bad actors, bots
add timing method to prevent more bots from creating new accounts

1.6. M7

open issues (add)

relative linking seems not working for ((../ back to parent page)), it links to root level (?!)
parse and show backlinks from comments (seems broken)
wacko.all.php ($wacko_all_resource[]) is not available, when page_lang != user_lang, why?
- related issue: added LicenseIds[] to wacko.all.php, guess what...
add delimiter before page handler (_properties)
1. min_href()
2. router.conf
3. abandon standard_handlers (?)
Guide to build templates
Permalink to page vs page version
CSS does not get routed in RECOVERY_MODE
save failed $_POST data for reuse after forced logout or autologin
recognize audio and video files and use new html5 tags <audio> <video> using the link function
relative time
1. global / user setting
2. where to use relative time and where not
3. different schemes
invalidate SQL and page cache (with common function) (?), which is also checking against config settings
add also footer after hard return, GUI consistency
how to check access privileges for a group, e.g. has_access() for $ -> moderate handler : locking
upload of file without extension -> broken
allow only common reasonable extensions for upload
1. blacklist MIME types -> implement
2. blacklist extension -> update
3. white list
add notification for
1. new page -> Admin, Moderator, parent page owner
2. new attachments
  1. -> to page: watchers, Admin, Moderator
  2. -> global: Admin, Moderator
add default max value in actions: news, blog, files, etc. -> use list_count as default
empty body_r after page rename/relocation -> page needs rerendering
installer: rewrite_mode option ! – dysfunctional

https://wackowiki.org/doc/Bugs%2FWackoWikiStart ->

Not Found

The requested URL /doc/Bugs/WackoWikiStart was not found on this server.

redirect hashid url?
double click in edit / write comment form field should not load edit page, user looses his already written content, ANNOYING FIXED
1. additional user should get a warning like it is done for page edit: Do you really want leave .., you will lose your content
delete / reset pages with missing language, e.g. 'mo', upgrade or AP routine
allow multi logins (on/off)
1. add multi login warning: 'Jemand hat sich bereits an diesem Konto angemeldet'
2. This account is currently being used in 1 other location at this IP ().
add access throttling feature
- limit the number of page requests by a single IP address within a given time interval
~~revisions.xml handler adds falsely,~~
1. ~~</body></html>~~
2. ~~##<!~~ WackoWiki Caching Engine: page cached at 2017-05-21 07:41:20 ~~>##~~
3. ~~and diag output~~
4. ~~see final.php~~
load translation is loaded before resource for theme lang is set for theme_per_page, FIXED same issue for user theme
add array for 'default' AND 'user' menu so both can used independently (create/edit menu sets)
common header can't be reused for none template themes -> fix?
rewrite_mode setting in AP is pointless if it is overwritten in Setting class

wacko.all.php settings in themes were ignored! Fix?

 <?php
// tabs theme options =========
	$this->db->revisions_hide_cancel = 1;
	$this->db->footer_inside = 0;
// ============================
$theme_translation = [
	'EditIcon' => '<img src="' . $this->db->theme_url . 'icon/edit.png" alt="Edit included page" />',
	'' => '',
];
?>

1.7. Fix

invalidate / purge only a sub set of the SQL cache (?), do we always need to purge the entire cache?
check formatting of log() function -> html / wacko formatting
use common list count setting per user + use it as default in lists for paging
check for avoidable SQL roundtrip queries
1. e.g. translit: href() -> mini_href() -> slim_url() -> translit() ($this->config['multilanguage'] == true) -> load_page()
2. fix additional round trips gaining page_id in combination with has_access() and link() function (tag <-> page_id)
  1. options: use object cache or pass variable page_id via link() function:
    - // cache page_id for for has_access validation in link function
    - $this->page_id_cache[$page['tag']] = $page['page_id'];
  2. part 1: revision:f5f2295a85b9
3. add object for extending and array with default pages (accessible via theme) to preload_link() function
  1. -> ensure pre caching to avoid single lookup per intralink in DB on each page call
  2. -> ~~parse also page path for bread crumbs in page_link table~~
link() -> default: $anchor_link – should only active inside page_body (?)
- additional check if its better to prefix the id="doc.deutsch.konfiguration"
  - to avoid unintentional mix with CSS settings
- set anchor id only where needed, minimizes also size of attributes
add option help to action to show all parameters in a info box
1. echo ''
<#<kbd>F1</kbd>#> – add css class for kbd tag
broken list in tree action if levels changes not in order – e.g. depth 1.2 -> depth 2.4
1. show missing levels
add function to replace random isset($_GET|$_POST) ? .. : null
1. filter_input # gets a specific external variable by name and optionally filters it
search?phrase="sourceforge.net" -> paging fails with "term to search"
bug: news action takes all subpages – is this desired?
improve search (open since ages), add some measures to improve relevance (time, size, user, filter, ...) and provide more and better meta data for search results
~~add options to show/hide page related categories at the page bottom~~
- themes may overwrite these settings via $this->config['footer_tags'] = OFF
- allways ON as default for posts in the forum cluster
- do we need an additional option for the user?
get translation
1. put lang-strings for action and handlers into separate dynamically loadable lang-files
2. cache
audit comments, moderation handler
replace p tag in toc action -> avoid wrong p in p
should we allow page names like chicken.egg, might conflict with other settings like tikiwiki formatter option
review concept handling files per page file?get= -> performance, time, resources, necessity, alternatives
Form in preview breaks Edit / Preview form -> produces nested form -> filter?
revisit access right settings for forum posts and menu access
1. the menu won't show the page properties icon -> annoying
syntax
1. table header
  - /Dev/NewFeatures/SyntaxForTableHeader
  - add check button to WikiEdit for table headers
  - match syntax so it is possible to set TH per cell and not only per row
implement rating hack (but without mandatory JS)
1. https://www.youtube.com/watch?v=orPVEAipz2A
add graphviz formatter to /community/formatter
image action
1. resize, cache
2. using library
  - https://github.com/masterexploder/PHPThumb/wiki
3. store thumbnails in extra folder
  1. under files/ or _cache/ [..] thumbnails/
  2. global / per_page
add unique log message key to filter events (messages may differ)
use deleted field to mark deleted pages, comments, files
- basics implemented for page and files
- open: rollback/restore procedure and handling of final deletion
- check how we do this for files alone and/or with related page (matrix)
- WHERE clause from COUNT(*) queries
disable global upload for users
1. only local
2. only for cluster
add regex for this->config['users_page']/[*]/
- Yet the engine does not validate the namespace for the user cluster, so that nobody can create a page under /User except his own [UserName]
- Then we can disallow random pages for the first level in the users cluster except the own [UserName].
- The register action creates this page usually for the user.

1.8. Notifications

email body and subject message encoding is pure shit in multi-language mode
1. _t() function gives back html entities
Notifications

1.8.1. Notice digest

store events notices and compile digest for user [user|moderator|admin]
- new user
- comments
- files
- changes

1.9. Installer

installer: add missing form label fields
mode_rewrite is OFF / not available
- 'base_url' => 'https://example.com/wiki/' ?
- https://example.com/wiki/?page=OpenTasks
colliding page names with multiple languages with the same name -> insert_page()
1. creates only the first match, other page and menu creations will fail
2. Solution: (A) UTF-8, (B) different page names, e.g. index, index
legacy upgrade: SQL strict mode and missing default values -> HOTFIX: set default values manually via phpMyAdmin
1. see table structure and select all rows with Default -> None
2. chose change at the bottom and change Default -> None to As defined: and save
3. repeat this for all related tables if necessary

1.10. Handler

disallow white space in tags: new and moderate -> strip

preg_replace('/\s+/', '', $string);

add rel="canonical" to show handler?
review transliteration of file names in upload handler: white space, '-', '_'
clone entire cluster is only available foe Admins atm., it should also available for ...
improve global upload settings
1. allow groups
2. set individual rights (only images, quota, etc. for a user, group)
send page as email (like print)
show: add option 'Flag as Spam/Inappropriate'
diff: show time, revision, user and change note for side A and B
show: Delayed Indexing delay_index
- <meta name=“robots” content=“noindex,nofollow” />
see upload subpage
1. upload: check if the MIME type of the uploaded file matches the file extension
2. upload: add form field to chose another file name (?)
3. upload: add accept attribute depending on config settings https://www.w3.org/TR/html5/fo[..]ml#attr-input-accept
4. upload: send a notify mail on upload
unify form label style, see filemeta, properties, account handler
- make label secondary ->
add meta handler namespace ['page', 'account', 'file', 'service']
- This is the simplest way to standardize document locations and for the language-independent single instances of service pages, like login. Next step is the separated cluster for those pages, linked with prefix, for example, ((service:login)).
- this can be easily done with the new URI router
- handler/account/
file: apply access restrictions for global files if Wiki is closed -> $
1. add and enforce global Wiki mode, minimum access rights
2. route global files only for registered users

1.11. Action

template toc and tree

1.12. Formatter

Search Highlighter
(/Users/WikiAdmin UserSpace | WikiAdmin)) -fails on |

<# #> adds  on first and  on second appearance of double quote like class=""

<#<div class="" style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>
2
<#<div class="" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>

<!--notypo--><div class="<!--notypo--> style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#><br />2<br /><#<div class=<!--/notypo-->" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div><!--/notypo--><br />

~~Image links to other sites~~ FIXED
- ~~The automatically added symbol for an outerlink is misplaced here, e.g.:~~
  - ((http://example.com/ https://www.example.com/media/img/logo.png))
Wacko is spamming BRs, in between everything
add option to hide protected links
- You must login to see this link. Register now, if you have no user account yet.
- add 'nofollow' to protected link -> class="acl-denied"
Wacko is putting P.auto around DIV elements = Plain Simple Bullshit -> bugs:375
1. should not set paragraphs in cases like
2. ```
<p class="auto" id="p96596-1"><pre class="code">
<p class="auto" id="p21312-1"><div class="layout-box">
```
3. leads to invalid html tag nesting
Error: Bad value 4 for attribute type on element ol.
1. see $new_indent_type in wackoformatter -> error prone
  - ```
    1. hallo
      5. should not take the number but 1, same for i, I, a, A
```
2. Block elements inside inline elements
3. http://www.w3.org/TR/html5/gro[..]nt.html#attr-ol-type
even if wiki_links were turned off (disable_wikilinks) the formatter should try to form links for in intralinks with at least one slash (?) like
- /Dev/Release/R50/ReleaseNotes#h1433-7

place holder

<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR4nGP6zwAAAgcBApocMXEAAAAASUVORK5CYII="/>

div.image {
	width:            100px;
	height:           100px;
	background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR4nGP6zwAAAgcBApocMXEAAAAASUVORK5CYII=');
}

allow case insensitive matching of file links, e.g. File:image.jpg
breaks quote
```
<[http://www.example.com]>
```
((image.jpg)) shows images from image/ folder ???
~~display of correct headings inside wrapper %%(wacko wrapper="shade") with toc is broken~~
https://de.wikipedia.org/wiki/GehÃ¶rnte_Mauerbiene
- ```
https://de.wikipedia.org/wiki/Geh%C3%B6rnte_Mauerbiene
```
- https://de.wikipedia.org/wiki/Gehörnte_Mauerbiene
<[ ]> eats blank line in quote, undesired
broken nested quote
- ```
<[block
<[nested quote]>
quote
]>
```

1.13. Template Engine

Templatest deliberately eats all line breaks
- textarea issues <textarea>[ ' body ' ]</textarea>
  1. multi-line
  2. auto-indent
- edit, comment, permission, caption, ...
~~write templates.tpl for remaining actions and handlers where suitable~~ DONE
1. toc
2. tree

1.14. Cache

1.15. Admin Panel

add Check for Updates button in Admin panel: /Download/VersionCheck
Synchronizing data: update comment count for page if out of sync
Querying the RIPE Database: https://apps.db.ripe.net/db-web-ui/#/query
1. https://rest.db.ripe.net/search.json?query-string=
2. user approval
3. event log
4. Bad Behavior

upload module

PAY ATTENTION TO SECURITY RISKS
 

Before adding random file/MIME types: please think about possible security issues.

For example HTML (.htm, .html), JavaScript (.js) and PHP (.php) file are types you’d better avoid as they can be “executed” on your server where you really would not want that to happen. For most of these kind of files, this should not be a problem though as these files are better off being compressed into a ZIP file anyway.

Only add file types that you REALLY need and that you are comfortable with.

user management
- deactivate / delete inactive users
  - criteria
  - actions
add module to filter, moderate and manage pages, comments, (files)
1. see modules for content like pages
~~recovery mode: CSS and images won't load~~ FIXED

use collgroup for col span % width

<colgroup>
  <col span="1" style="width: 10%;">
  <col span="1" style="width: 5%;">
  <col span="1" style="width: 5%;">
  <col span="1" style="width: 45%;">
  <col span="1" style="width: 15%;">
  <col span="1" style="width: 10%;">
  <col span="1" style="width: 10%;">
</colgroup>

 <thead class="data-head">
        <tr class="">
        </tr>
        [...]
    </thead>

<tbody id="table-section-one">
[...]
</tbody>

<tbody id="table-section-two">
[...]
</tbody>

1.16. Database

1.16.1. Check for SQL STRICT mode violations

Using GROUP BY and selecting an ambiguous column
Inserting the non standard zero date into a datetime column
Inserting a 20 character string into a 10 character column
Division by zero
Inserting a negative value into an unsigned column

so far

#1406 – Data too long for column 'description' at row 1
1. set HTML maxlength="DB_FIELDSIZE" for all (VAR)CHAR form field
  - suggested (JS hint – might differ in some cases – smaller, e.g. meta description 160, meta title 60) + database field size (mandatory enforcement)
  - JS hint: You have <strong>60</strong> characters left
2. set PHP length check before passing to INPUT / UPDATE
#1055 – 'dev.g.group_name' isn't in GROUP BY

SELECT
`DIGEST_TEXT` AS `query`,
`SCHEMA_NAME` AS `db`,
`COUNT_STAR` AS `exec_count`,
`SUM_ERRORS` AS `errors`,
(ifnull((`SUM_ERRORS` / nullif(`COUNT_STAR`,0)),0) * 100) AS `error_pct`,
`SUM_WARNINGS` AS `warnings`,
(ifnull((`SUM_WARNINGS` / nullif(`COUNT_STAR`,0)),0) * 100) AS `warning_pct`,
`FIRST_SEEN` AS `first_seen`,
`LAST_SEEN` AS `last_seen`,
`DIGEST` AS `digest`
FROM
 performance_schema.events_statements_summary_by_digest
WHERE
((`SUM_ERRORS` > 0) OR (`SUM_WARNINGS` > 0))
ORDER BY
 `SUM_ERRORS` DESC,
 `SUM_WARNINGS` DESC;

1.17. WikiEdit

use only one popup for new link, having link and link description together
popup for tables

3. select rows and columns

set table header
select color for text and highlighting
resize textarea
undo / redo
javascript search&replace
symbols

1.18. Translations

-> /Dev/Release/R55/Translations

add

"\n\n"
"Click on the following link to view the page:\n\n"

function notify_watcher

Refactor message sets, e.g. use only a common set for generic messages 'CancelButton'

199: 'ACLCancelButton' => 'Cancel',
242: 'CategoriesCancelButton' => 'Cancel',
277: 'MetaCancelButton' => 'Cancel',
280: 'EditCancelButton' => 'Cancel',
964: 'ModerateDecline' => 'Cancel',
1.066: 'PollsCancel' => 'cancel',

1.18.1. improve notifications

-> Notifications

'EmailRegistered' => 'You\'ve successfully registered at %1.'."\n".'Your username: %2'."\n\n".'If you want to receive notifications, you must click on the link below or copy it to a web browser.'."\n".'%3'."\n\n".'Please return to the Wiki and login with your new username and password.'."\n\n\n".'If you did not request any registration, ignore this message and nothing will happen.'."\n\n".'Do not reply to this message'."\n\n".'',

revisit all email message sets

1.19. Usability issues

indicate page [language|permissions]
add double-click support for editing comments
When should I use a select box instead of radio buttons?
1. https://www.nngroup.com/articl[..]es-vs-radio-buttons/
Not indicating an active form field
- e.g.
```
textarea:focus {
    border: 1px solid red; }
```
- You can use the ‘:focus’ selector on lots of elements, but it’s super handy when used on inputs and textareas to indicate that the field is active. Add CSS styling such as a highlighted border, or a subtle change to the background color.
forms with checkboxes and options in lists
- e.g. ~~category handler~~ or users in admin panel
- assignment of form buttons
usage of new page handler
- seen in many fresh installs, users adding sub pages to HomePage/subpage
  - this is possible but is it really desired and understood, should we filter out system pages as pre-provided cluster in the /new [page] handler?
make name spaces for users and groups more intuitive accessible
1. users/nickname/userspace/..
2. groups/usability/groupspace/..
add ability to easily create groups and to add group members
1. suggestions?
GUI inconsistencies
1. handler
2. actions
3. message boxes
Your session has timed out. Please sign in again.

Readings

1.20. Libs

~~update PHPMailer to v6.0~~
~~update Hashids to v2.0~~

1.21. Extentions

foster gallery action
1. replace fancybox
  1. http://www.jacklmoore.com/colorbox/ [MIT license]
  2. https://brutaldesign.github.io/swipebox/ [MIT license]
  3. https://github.com/dimsemenov/Magnific-Popup [MIT license]
provide Web Player
https://github.com/google/code-prettify

1.22. Refactoring

start replacing magic numbers at least with true and false where possible
erode the mountain of technical debt
https://www.owasp.org/index.php/Logging_Cheat_Sheet

1.23. Staging Area

blog action (will replace news action)
snippet action
forum, topics action
Admin Panel
1. refactor -> antipatterns
2. bad behaviour module
3. list and check each module, assign status
moderate handler -> quite a mess
poll actions -> quite a mess

1.24. Ideas

spam / badword handling -> bad_words($text) function
1. https://en.wikipedia.org/wiki/Wordfilter
2. https://stackoverflow.com/ques[..]ood-profanity-filter
3. What you need is a good way for users to flag inappropriate content and a mechanism to deal with it swiftly. One way is to automatically hide/remove content if it's been flagged more than X times.
HTML5 media action: {{media type="[audio|video|flash]" source=http://.... [width=000] [height=000] [...some other options...]}}
rel="edit" -> https://tools.ietf.org/html/rfc686
enforce ACL-Policy, e.g. set read to $, user can't overwrite the setting
test PHPThumb alternatives
1. https://github.com/mosbth/cimage
Composer
https://github.com/openpgpjs/openpgpjs
https://highlightjs.org/
https://github.com/FineUploader/react-fine-uploader as extension
https://www.w3.org/TR/css3-page/
1. https://www.smashingmagazine.c[..]-for-print-with-css/

1.25. Themes

Clean up themes section
- update repo links and info section
- foster or (re)move theme
default theme:
1. switch from pixels to (root) ems
2. increase global font-size from 13px to 16px
3. add flexbox support
new mobile ready theme / layout -> on hold (we got a new template engine!)
https://github.com/KDE/breeze-icons
https://developers.google.com/web/fundamentals/
https://www.w3.org/Style/Examples/007/leaders

Flexbox vs Grid

Flexbox: content dictates layout
Grid: container dictates layout (to some extent)

Flexbox is great, it just isn't the best thing for overall page layouts.
Flexbox and grid play well together, and are a huge step forward from the float & table hacks they replace. The sooner we can use them both in production, the better.

CSS Varibles

CSS colums for index <div class="gimme-columns"><ul>

 
.gimme-columns {
	columns: 20em 3;
	column-count: 3;
	column-width: 20em;
}

default theme

change blockquote
- box-shadow: 0 0 6px rgba(0, 0, 0, 0.5);
add option to hide $this->config['site_name'] in theme header, e.g.: WackoWiki: To Do R5.5 -> To Do R5.5
min-height: 200px for .article, #page

1.25.1. SVG

Icon setting: add viewBox="0 0 16 16" AND height="16" width="16"

explain

1.25.2. Site Logo

Customizable Logo and Favicon

Location

2. currently image/ folder

chmod issue
Options
1. Favicon
  1. site_favicon
2. Logo
  1. site_logo
  2. logo_width
  3. logo_height

1.25.3. Favicon

Supported Formats

ico -> type="image/x-icon" ->
png -> type="image/png" -> http://caniuse.com/link-icon-png
gif -> type="image/gif" ->
svg -> type="image/svg+xml" -> http://caniuse.com/link-icon-svg

Dimensions

16×16
32×32
48×48
64×64

1.26. Documentation

add documentation for Admin Panel
1. backup and restore module
Update / foster Core Documentation for
1. Deutsch
2. English
3. Français
4. Русский
  - https://www.pgpru.com/proekt/wiki – well made
  - https://www.pgpru.com/comment78727 – Markup Rules for nerds
describe forum and topic action
blog action -> Blogging with WackoWiki
where and when you should use relative or absolute addressing (include action, files, actions with page parameter)
how you use the include function (pages, comments)
release notes
1. add a New & Noteworthy section / sub page to raise visibility of 'hidden' features
moderate handler
message functions and usage
add sub page to config documentation about CSP
Video Tutorials
update screen shots

1.27. Feedback

themes
migration and encoding issues
frequent annoying issues
unsolved questions
add rfc section in dev cluster
add dev activity log
Nginx configuration (rewrite rules)

1.28. Testing

Tools
https://github.com/mozilla/readability – test with firefox reading mode
/Forum/Discussion/UserPasswordReset -> solution paths

1.28.1. Test cases

-> Test cases

1.28.2. Debug

Content Security Policy: Die Einstellungen der Seite haben das Laden einer Ressource auf self blockiert ("script-src http://localhost 'unsafe-inline'").
- call to eval() or related function blocked by CSP: autocomplete.js (Line 253)

#1139 – Got error 'this version of PCRE is compiled without UTF support at offset 0' from regexp

Error

Static analysis:

8 errors were found during analysis.

    Unrecognized keyword. (near "REGEXP" at position 209)
    Unexpected token. (near "'^/Blog/.+/.+/.+$'" at position 216)
    Unrecognized keyword. (near "AND" at position 235)
    Unexpected token. (near "p" at position 239)
    Unexpected token. (near "." at position 240)
    Unexpected token. (near "deleted" at position 241)
    Unexpected token. (near "<>" at position 249)
    Unexpected token. (near "'1'" at position 252)

SQL query: Documentation

SELECT p.page_id, p.owner_id, p.user_id, p.tag, p.title, p.created, p.comments, u.user_name AS owner FROM wacko_page p INNER JOIN wacko_user u ON (p.owner_id = u.user_id) WHERE p.comment_on_id = '0' AND p.tag REGEXP '^/Blog/.+/.+/.+$' AND p.deleted <> '1' ORDER BY p.created DESC LIMIT 0, 10

MySQL said: Documentation
#1139 - Got error 'this version of PCRE is compiled without UTF support at offset 0' from regexp

https://stackoverflow.com/ques[..]sing-regexp-in-mysql

<?php
 
if ( ! extension_loaded('mbstring'))
  die('mb functions not loaded');
 
if (1 != preg_match('/^.{1}$/u', "ñ", $UTF8_ar))
  die('PCRE is not compiled with UTF-8 support');
 
exit('ok');
 
?>

5.5.0 – distilled from error.log (PHP 7.0)

Undefined index: deleted in /class/wacko.php on line 1495
Undefined index: tag in /class/wacko.php on line 1507
Undefined index: page_lang in /class/wacko.php on line 1512

htmlspecialchars() expects parameter 1 to be string, array given in /class/wacko.php on line 3290

Undefined index: page_id in /class/wacko.php on line 1386

Undefined index: comment_on_id in /handler/page/show.php on line 12
Undefined index: deleted in /handler/page/show.php on line 43
Undefined index: latest in /handler/page/show.php on line 66
Undefined index: modified in /handler/page/show.php on line 71
Undefined index: user_name in /handler/page/show.php on line 72
Undefined index: page_lang in /class/wacko.php on line 4023
Undefined index: page_id in /handler/page/show.php on line 114
Undefined index: body_r in /handler/page/show.php on line 133
Undefined index: latest in /handler/page/show.php on line 137
Undefined index: body in /handler/page/show.php on line 138
Undefined index: page_id in /handler/page/show.php on line 138
Undefined index: latest in /handler/page/show.php on line 199
Undefined index: latest in /theme/_common/_header.php on line 19
Undefined index: description in /class/wacko.php on line 1032
Undefined index: page_id in /theme/default/appearance/header.php on line 83

Undefined index: page_id in /theme/default/appearance/header.php on line 166
Undefined index: modified in /theme/default/appearance/footer.php on line 20
Undefined index: comment_on_id in /theme/default/appearance/footer.php on line 46
Undefined index: page_id in /action/hashid.php on line 21

Undefined index: page_id in /action/hashid.php on line 27
Undefined index: handler in /class/wacko.php on line 4626

Undefined index: footer_comments in /class/wacko.php on line 6441
Undefined index: footer_files in /class/wacko.php on line 6441
Undefined index: footer_rating in /class/wacko.php on line 6441
Undefined index: hide_toc in /class/wacko.php on line 6441
Undefined index: hide_index in /class/wacko.php on line 6441
Undefined index: tree_level in /class/wacko.php on line 6441
Undefined index: allow_rawhtml in /class/wacko.php on line 6441
Undefined index: disable_safehtml in /class/wacko.php on line 6441
Undefined index: theme in /class/wacko.php on line 6441

Undefined index: page_id in /class/wacko.php on line 6451

Undefined index: modified in /class/wacko.php on line 6461

Undefined index: comment_on_id in /class/wacko.php on line 6476

Uninitialized string offset: 0 in /formatter/class/wackoformatter.php on line 330
Uninitialized string offset: 0 in /formatter/class/wackoformatter.php on line 440
Undefined offset: 3 in /formatter/class/wackoformatter.php on line 874

Invalid argument supplied for foreach() in /lib/Text_Highlighter/Highlighter/Renderer/Html.php on line 310

2. Unscheduled

2.1. Most Annoying Bugs

2.2. Core

Extended Acls
WackoFormatter: conversion from & to &
1. You used an unescaped ampersand "&": this may be valid in some contexts, but it is recommended to use "&", which is always safe.
place help text beside the acl settings and Registration (WikiName) for instance
if ($method && $method != "show") unset($wacko->config["youarehere_text"]);
/Users/DidierSpaier/ProposedSpecificationsForLanguagesHolding
validate_reserved_words
inherit theme from parent page
~~config['hide_comments'] == true surpresses also recentycommented action what is not intended if you only want hide the comment panel~~
- config['footer_comments'] -> only perpage
- config['enable_comments'] -> global (incomplete implementation) -> see function user_allowed_comments()
add license option (global / per page) to label pages / cluster and set them as meta tag and in footer
1. footer: <a href="http://creativecommons.org/licenses/by/3.0/">CC-BY 3.0</a>
2. meta tag: <link rel="license" href="http://creativecommons.org/licenses/by-sa/3.0/" />
add namespaces for
1. category
2. account
3. ...
https://developer.mozilla.org/[..]ccess_control#Origin (CSRF protection)
rewrite search action

2.3. Cache

bugs:321 – view cache should also depend on language and theme

2.4. Themes

<meta name='robots' content='index,follow,noarchive,noodp' />
add compatible WackoWiki version to themes and check against current version

3. missing language in header / meta if !$this->page

2.5. Actions

add more checks to registration
1. email restrictions like domain etc.
https://wackowiki.org/doc/?goback=Download – broken redirect after auto logout
add filter [lang|category|etc] in pageindex, search, changes, ...

2.6. Handlers

category: indicate the language of the shown categories
Report this page
show: it should also be possible to get an page via the 'page_id' (as permanent reference, eg. for external applications)
1. redirect to tag to avoid double content
upload: add option to 'Overwrite existing attachment of same name'
- if same owner / admin
page creation: check if new tag is too long and give a warnig -> VARCHAR(255), this cas is rather probably but possible
Warn users when they try to move their user page that their account will not be renamed
permissions: changing page owner also changes owner of the attached comments for the user doing the transition
```
AND owner_id='".quote($this->dblink, $this->get_user_id())."'
```
- adding option for comments (default off)

2.7. Formatters

cleanwacko-> strip also file: links and formatter options (hl php ...)

2.8. Installer

autodetect the language on the first page
~~create a robot.txt with the installer~~
- ~~this makes only sense if the file is located behind the first slash / in the url else it will be ignored~~

add better help box:

===Getting Help===
To get help with WackoWiki, visit the Documentation - the wiki and forums are excellent resources.

2.8.1. Upgrade

for Upgrade insert other aliases also in groups table
- $config["aliases"] = array("Admins" => $config["admin_name"]);
the installer asks for the Wiki admin password but ignores it later, so tho old password will be used

2.9. Database

2.10. Admin Panel

protect Admins group and Admin user
allow multiple admins login with personal credentials in addition to recovery password login (in case of db corruption)
translate message sets in proper English
Localize Admin panel -> admin/lang/xy.php
refactor sections

2.11. Privacy Policy

hide user related data in users action for [Guest | etc.]
- last login
- statistics
- group memberships

2.12. Testing

create test pages
SQL cache: $this->load_all/load_single($sql, $cache); $cache = [0|1] -> bugs:308
- run debug 3 to identify costly queries -> if so test it with the parameter set for cache if you get better results (actions, hacks, handlers, core)
  - $cache is already set in some queries

2.13. Debugging

2.14. PHP Notices and Warnings

bugs:237 -> set in config/constants.php

define('PHP_ERROR_REPORTING',		5); // PHP error reporting: 0 - off, 5 - all

and / or check \apache\logs\error.log

2.15. Translation

Translate English placeholders

3. Documentation

update documentation?
1. config
2. actions
3. syntax
SQL cache -> info config / howto
robots.txt
1. useragents disabled by default
2. location of robots.txt

4. Requests

add function InviteGroup (allow/deny add/remove)
Admin can upload unlimited
Mediawiki and other wiki converter
1. Mediawiki supports wackowiki but wackowiki cant import mediawiki!!!. Some media wiki themes recommended.
2. Support for mediawiki.
[formatting="default|wacko|html|simplebr"]
make GUI elements optional via the user settings [GUI] [] bookmarks [] breadcrumbs [] etc.
add new db field ~~'menu_tag' and~~ 'sef_tag' for each page
add options to turn off features like categories, referrers, ...
receive all messages combined in one digest
1. daily at
2. once per week on
3. once per month, on the day number
option for allowed actions in comments
move antispam.conf as badword to config
SHA digest of page content (body)