Todo List




1. R 6.1

Roadmap
dev repo [bitbucket.org]
ChangeLog
https://github.com/WackoWiki/w[...]mpare/6.1.3...master – Diff since last release


Main Focus: Implement new PHP 8 functionality and improve GUI usability.


Please look here for open issues from R6.0 .

1.1. PHP

1.1.1. PHP 8.0

  1. https://stitcher.io/blog/new-in-php-8
  2. https://php.watch/versions/8.0
  3. https://github.com/php/php-src/blob/php-8.0.0/UPGRADING

1.1.2. PHP 8.1

  1. https://stitcher.io/blog/new-in-php-81
  2. https://github.com/php/php-src/blob/php-8.1.0/UPGRADING
  3. https://php.watch/versions/8.1/gd-avif

Deprecated:

  1. https://php.watch/versions/8.1[...]patible-float-string
  2. https://php.watch/versions/8.1[...]ble-null-deprecation
  3. https://php.watch/versions/8.1[...]mstrftime-deprecated

1.2. Features

  • customizable secondary navigation (Menu) out of the box apart from the so called bookmarks
    • most users won't fiddle with the theme to create their own navigation, see theme section

1.3. Core

  1. improve mixed directionality of text support
    • set dir in user elements when dir differs from content, e.g content is in Persian and GUI is Greek
    • how to determine the use of the <bdi> tag, e.g. for breadcrumbs or lists
  2. made time format depended from localization and user preferences
    • DateTime::format()
    • IntlDateFormatter::format()
  3. Why does it store interwiki in session and not as JSON in _cache/config/interwiki.conf?
    • get_inter_wiki_url($name, $tag)
  4. move interwiki.conf and antispam.conf into table & _cache/config/*
  5. add option to enforce email validation before a user can login
  6. notify_watcher(): add direct link to diff mode in email body
  7. it sucks to see again and over again all these random session_notice(s), add a option to turn it off for daily work.
  8. COLLATE utf8mb4_bin for tag eats 𝓦𝓲𝓴𝓲𝓦𝓸𝓻𝓭𝓼 in LIKE '/%' query, without slash it finds it, whO_Ot
  9. UTF-8 text must be checked for well-formedness
    • static function is_utf8($string)
      {
        return (bool) preg_match('//u', $string);
      }
  10. localize default date formats
  11. improve and foster message sets
  12. set return type declarations : (array | bool | float | int | mixed | string | void | ... )
  13. fix client side JS input validation patterns
    1. new, clone and rename handler
  14. Replace all HTML-Entities except HTML special chars
    1. nbsp; — to indent or add extra spacing to a paragraph, sentence, or another portion, better using CSS instead of multiple non-breaking spaces.
  15. allow also login with email address instead of user name
  16. move link and notifications functions in own class
    • $this->msg->notify_user()
    • $this->ref->link()

1.4. Installer

  1. normalize tags in insert_page function DONE
    • نامنویسی
    • نام‌نویسی
    • گروهها
    • گروه‌ها
  2. validate username
  3. Nginx: installer seems to activate rewrite_mode ?
  4. use dbal also for installer: $db->sql_query($sql)

1.5. Handler

  • rename: add utf8_ucwords() like in new handler, however it must deal with slashes from cluster tags
  • auto-save function on the edit and _comments handler by applying the localStorage function
  • saved discarded comment due invalidated token to avoid data loss
  • send notice on comment edit and make change visible in actions like it is done for pages, to not miss possible important content changes
  • increase the default size of the comment textarea in the default theme
  • add option to send a copy of the personal message also to the sender
  • edit: set custom textarea size (user settings/JS)
  • diff: add page title to diff
  • print: pass arguments? e.g. ?phrase=canonical&lang=&p=2

1.6. Action

  • registration: add option to enforce certain user name patterns
  • registration: add white and blacklist for allowed email domains
  • poll: improve actions and add templates
  • blog: improve options, sorting and filtering, set namespace patterns, add content templates

1.7. Formatter

  • add option to wrap caption around code blocks
    • <figure>
        <figcaption>Language of code</figcaption>
        <pre>
          <code>
            <!-- your code here -->
          </code>
        </pre>
      </figure>
  • indenting text in quote breaks page
    • <p id="p291-1" class="auto">
      <br>
      <blockquote>Where authority fails in its duties and indeed betrays the purpose for which it has been established, disobedience is not only lawful but obligatory: non-violent disobedience, at least for now, but determined and courageous.</p>
      <div class="indent">.</blockquote>
      <p id="p291-2" class="auto"></div>
  • auto-paragraph did not terminates correctly in indent div having a code wrapper
    • <div class="indent"><pre class="code">su</pre>
      <p id="p86658-7" class="auto"></div>
  • add support for AVIF – GD lib support pending! -> LibGD 2.3.2 -> PHP 8.1
  • str_replace("\xc2\xa0", " ", $string);
    (nbsp;)
  • text inside ##code formatter## is processed as wikitext with possibly undesired results
    • the text must be escaped to be taken as is
  • removes intentional left empty lines inside info formatter
  • parse also anchor with dash, e.g. tag#one-two
  • ((../ Go Back)) goes back two levels, but should go to parent page only
  • interwiki links are not tracked
  • relative links were not parsed in the context of the page they are included, what is the default behavior?
  • re-parsing all pages and links may result in wrong toc references, when the included page gets parsed after the page which includes them
    • HOTFIX: save all included pages with wrong toc reference again, this will update body_toc

1.8. Cache


1.9. Admin Panel

  • support templates
  • restore: process may fail while restoring page with certain Unicode
    • needs further investigation, backup seems to works while restoring may fail
    • creates empty REPLACE queries for page table until it causes a script termination due timeout

1.10. Database

1.11. WikiEdit

  1. Autocomplete seems broken, shows possible pages – but selection does not work
  2. use only one popup for new link, having link and link description together
  3. select and remember the color of the highlighter or marker, keep selected color in session
  4. popup for tables
    1. select rows and columns
    2. set table header
  5. select color for text and highlighting
  6. resize textarea
  7. undo / redo
  8. JavaScript search & replace
  9. ECMAScript 2018

1.12. Libs

  1. https://github.com/pear/Text_Highlighter/pull/5

1.13. Refactoring


1.14. Themes

  • CSS: [dir=rtl]
  • defer scripts defer></script>
  • default theme
    • background body: #ebeef2
    • code
      border-style: solid;
      border-color: lightgray;
      border-width: 1px;
      border-radius: 4px;

1.15. Ideas

1.16. Documentation

  • add README.md file to action, handler and formatter folder with a short introduction and HowTo
  • differentiate update instructions between minor and major upgrade
  • add a page for Terms in WackoWiki
    • cluster, free link, wikilink, etc.
  • add CSP help page
  • order config page according the sections in the Admin panel via sub-headings
  • write your own action
  • write your own formatter
  • write your own theme
  • When a upgrade should be done?
  • How I reduce the applications footprint?
  1. add example for rewrite with Nginx – HELP needed
    1. Converting Apache Rewrite Rules to NGINX Rewrite Rules
    2. Pitfalls and Common Mistakes
    3. Creating NGINX Rewrite Rules

1.17. Feedback

1.17.1. Polls

The polls class and actions have been removed from the core. They can be added again to the community folder after evaluation and improvement. Additionally a guide as well as further documentation is needed. See 6.0 branch for source code.


module

  • content_class

class

  • polls

actions

  • polls
  • pollsadd
  • pollsarchive
  • pollspreview

translations
database table

1.18. Testing

1.18.1. Test cases

-> Test cases?

1.18.2. Debug

https://app.codacy.com/gh/WackoWiki/wackowiki/dashboard


declare(strict_types=1);




2. R 6.0

Roadmap
dev repo [bitbucket.org]
ChangeLog
https://github.com/WackoWiki/w[...]compare/6.0.26...6.0


Main Focus: UTF-8 support and migration and PHP 8.0 compatibility


R6.0 is more or less R5.5 with Unicode support. Please look here for open issues from R5.5 .

2.1. PHP

PHP 8 functionality

New PHP 8 functionality is reserved for 6.1 branch releases .
Currently Supported PHP Versions

2.2. Features

2.3. Core

  1. add option to disable hit counter
    • user already uses web analytics software or there is no use case for a hit counter
    • This reduces database load, updating the page and file hits field with every page hit is a main source for slow queries.

2.4. Installer


2.5. Handler

  • add ability to remove / hide certain revisions via GUI
    • SQL cache -> revision handler
    • message boxes
  • wordbreak, how to break lines of Chinese, Japanese, or Korean
    • line-break: strict;
      white-space: nowrap;
      word-break: keep-all; 

2.6. Action


2.7. Formatter

  • see 6.1

2.8. Cache

  • set new default cache_ttl values in config default and description in documentation
    • seconds duration
      600 10 minutes
      1200 20 minutes
      3600 1 hour
      7200 2 hours
      18000 5 hours
      86400 24 hours
      2678400 31 days

Evaluate page cache

SELECT cache_lang, method, count(cache_id) AS n 
FROM `prefix_cache` 
GROUP BY cache_lang, method 
ORDER BY `cache_lang`, n DESC, method;


2.9. Libs

  1. php-diff successor
    1. https://github.com/jfcherng/php-diff
    2. https://github.com/JBlond/php-diff <— SWITCHED TO 
    3. https://github.com/sebastianbergmann/diff

2.10. Testing

  1. https://github.com/rectorphp/r[...]rview.md#codequality

2.10.1. Test cases

-> Test cases




For issues regarding Unicode please look in our R6.0 ToDo list.

R5.5 is no longer maintained, please upgrade to R6.0. Open issues will be fixed in R6 branch.

3. R 5.5

Roadmap
ChangeLog


Main Focus: HTML5 support, security related features

  1. HTTP Strict Transport Security (HSTS)
  2. Content-Security-Policy
  3. Cookies, CSRF sectoken
  4. https://www.owasp.org/index.ph[...]tication_Cheat_Sheet

3.1. MariaDB / MySQL type casting

https://dev.mysql.com/doc/refm[...]type-conversion.html
https://stackoverflow.com/ques[...]d-backticks-in-mysql


whOOt https://dev.mysql.com/doc/refm[...]ent-programming.html


3.2. Features

  1. normalize links to other language versions of a page
    • add table: lang_link[page_id, lang, target_id]
  2. add debug option to send error log into separate file + rotate logs
  3. add IP block to ban bad actors, bots

3.3. M17

open issues (add)

  1. relative linking seems not working for ((../ back to parent page)), it links to root level (?!)
  2. add delimiter before page handler (_properties)
    1. min_href()
    2. router.conf
  3. upload of file without extension -> broken
  4. empty body_r after page rename/relocation -> page needs re-rendering
  5. allow multi logins (on/off)
    1. add multi login warning: 'Jemand hat sich bereits an diesem Konto angemeldet'
    2. This account is currently being used in 1 other location at this IP ().
  6. add access throttling feature
    • limit the number of page requests by a single IP address within a given time interval
  7. add array for 'default' AND 'user' menu so both can used independently (create/edit menu sets)
  8. rewrite_mode setting in AP is pointless if it is overwritten in Setting class

3.4. Fix

  1. invalidate / purge only a sub set of the SQL cache (?), do we always need to purge the entire cache?
  2. check formatting of log() function -> html / wacko formatting
  3. check for avoidable SQL roundtrip queries
  4. link() -> default: $anchor_link – should only active inside page_body (?)
    • additional check if its better to prefix the id="doc.deutsch.konfiguration"
      • to avoid unintentional mix with CSS settings
    • set anchor id only where needed, minimizes also size of attributes
  5. broken list in tree action if levels changes not in order – e.g. depth 1.2 -> depth 2.4
    1. show missing levels
  6. search?phrase="sourceforge.net" -> paging fails with "term to search"
  7. bug: news action takes all subpages – is this desired?
  8. improve search (open since ages), add some measures to improve relevance (time, size, user, filter, ...) and provide more and better meta data for search results
  9. add options to show/hide page related categories at the page bottom
    • themes may overwrite these settings via $this->config['footer_tags'] = OFF
    • allways ON as default for posts in the forum cluster
    • do we need an additional option for the user?
  10. get translation
    1. put lang-strings for action and handlers into separate dynamically loadable lang-files
    2. cache
  11. audit comments, moderation handler
  12. replace p tag in toc action -> avoid wrong p in p 
  13. revisit access right settings for forum posts and menu access
    1. the menu won't show the page properties icon -> annoying
  14. implement rating hack (but without mandatory JS)
    1. https://www.youtube.com/watch?v=orPVEAipz2A
  15. add unique log message key to filter events (messages may differ)
  16. disable global upload for users
    1. only local
    2. only for cluster
  17. add regex for this->config['users_page']/[*]/
    • Yet the engine does not validate the namespace for the user cluster, so that nobody can create a page under /User except his own [UserName]
    • Then we can disallow random pages for the first level in the users cluster except the own [UserName].
    • The register action creates this page usually for the user.

3.5. Notifications

  1. Notifications

3.5.1. Notice digest

  • store events notices and compile digest for user [user|moderator|admin]
    • new user
    • comments
    • files
    • changes

3.6. Handler

  1. clone entire cluster is only available for Admins atm., it should also available for ...
  2. improve global upload settings
    1. allow groups
    2. set individual rights (only images, quota, etc. for a user, group)
  3. send page as email (like print)
  4. show: add option 'Flag as Spam/Inappropriate'
  5. show: Delayed Indexing delay_index
    • <meta name=“robots” content=“noindex,nofollow”>
  6. see upload subpage
    1. upload: check if the MIME type of the uploaded file matches the file extension
      1. https://www.owasp.org/index.ph[...]stricted_File_Upload
      2. https://www.acunetix.com/websitesecurity/upload-forms-threat/
      3. https://www.php.net/manual/en/[...]n.exif-read-data.php
    2. upload: add form field to chose another file name (?)
    3. upload: add accept attribute depending on config settings https://www.w3.org/TR/html5/fo[...]ml#attr-input-accept
    4. upload: send a notify mail on upload DONE
  7. add meta handler namespace ['page', 'account', 'file', 'service']
    • This is the simplest way to standardize document locations and for the language-independent single instances of service pages, like login. Next step is the separated cluster for those pages, linked with prefix, for example, ((service:login)).
    • this can be easily done with the new URI router
    • handler/account/
  8. file: apply access restrictions for global files if Wiki is closed -> $
    1. add and enforce global Wiki mode, minimum access rights
    2. route global files only for registered users

3.7. Action

  1. template toc and tree

3.8. Formatter

  1. Search Highlighter
  2. (/Users/WikiAdmin UserSpace | WikiAdmin)) -fails on |
  3. <# #> adds <!--notypo--> on first and <!--/notypo--> on second appearance of double quote like class=""
    1. caused by race condition in wacko_preprocess()
    2. <#<div class="" style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>
      2
      <#<div class="" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>
    3. <!--notypo--><div class="<!--notypo--> style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#><br />2<br /><#<div class=<!--/notypo-->" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div><!--/notypo--><br />
  4. Wacko is spamming BRs, in between everything
  5. add option to hide protected links
    • You must login to see this link. Register now, if you have no user account yet.
  6. Error: Bad value 4 for attribute type on element ol.
    1. see $new_indent_type in wackoformatter -> error prone
      •   1. hallo
            5. should not take the number but 1, same for i, I, a, A
    2. Block elements inside inline elements
    3. http://www.w3.org/TR/html5/gro[...]nt.html#attr-ol-type
  7. allow case insensitive matching of file links, e.g. File:image.jpg
  8. breaks quote
    <[http://www.example.com]>
  9. ((image.jpg)) shows images from image/ folder ???
  10. <[ ]> eats blank line in quote, undesired
  11. broken nested quote
    • <[block
      <[nested quote]>
      quote
      ]>

3.9. Admin Panel

  1. add Check for Updates button in Admin panel: /Download/VersionCheck?
  2. Synchronizing data: update comment count for page if out of sync
  3. Querying the RIPE Database: https://apps.db.ripe.net/db-web-ui/#/query
    1. https://rest.db.ripe.net/search.json?query-string=
    2. user approval
    3. event log 
    4. Bad Behavior
  4. upload module
    1. PAY ATTENTION TO SECURITY RISKS
       
      
      Before adding random file/MIME types: please think about possible security issues.
      
      For example HTML (.htm, .html), JavaScript (.js) and PHP (.php) file are types you’d better avoid as they can be “executed” on your server where you really would not want that to happen. For most of these kind of files, this should not be a problem though as these files are better off being compressed into a ZIP file anyway.
      
      Only add file types that you REALLY need and that you are comfortable with.
  5. user management
    • deactivate / delete inactive users
      • criteria
      • actions
  6. add module to filter, moderate and manage pages, comments, (files)
    1. see modules for content like pages
  7. recovery mode: CSS and images won't load
    • index.php: (!$db->ap_mode && RECOVERY_MODE) excludes static files!
      • !$db->ap_mode
  8. purge logs (TRUNCATE)
    1. log table
    2. referrers
    3. badbehavior
  9. use collgroup for col span % width
    • <colgroup>
        <col span="1" style="width: 10%;">
        <col span="1" style="width: 5%;">
        <col span="1" style="width: 5%;">
        <col span="1" style="width: 45%;">
        <col span="1" style="width: 15%;">
        <col span="1" style="width: 10%;">
        <col span="1" style="width: 10%;">
      </colgroup>
    •  <thead class="data-head">
              <tr class="">
              </tr>
              [...]
          </thead>
      
      <tbody id="table-section-one">
      [...]
      </tbody>
      
      <tbody id="table-section-two">
      [...]
      </tbody>

3.10. Database

  1. https://www.digitalocean.com/c[...]ur-mysql-5-7-upgrade
  2. /Dev/Guidelines/SQL/SQLmodes

3.10.1. Check for SQL STRICT mode violations

  1. Using GROUP BY and selecting an ambiguous column
  2. Inserting the non standard zero date into a datetime column
  3. Inserting a 20 character string into a 10 character column
  4. Division by zero
  5. Inserting a negative value into an unsigned column

so far

  1. #1406 – Data too long for column 'description' at row 1
    1. set HTML maxlength="DB_FIELDSIZE" for all (VAR)CHAR form field
      • suggested (JS hint – might differ in some cases – smaller, e.g. meta description 160, meta title 60) + database field size (mandatory enforcement)
      • JS hint: You have <strong>60</strong> characters left
    2. set PHP length check before passing to INPUT / UPDATE
  2. #1055 – 'dev.g.group_name' isn't in GROUP BY

SELECT
`DIGEST_TEXT` AS `query`,
`SCHEMA_NAME` AS `db`,
`COUNT_STAR` AS `exec_count`,
`SUM_ERRORS` AS `errors`,
(ifnull((`SUM_ERRORS` / nullif(`COUNT_STAR`,0)),0) * 100) AS `error_pct`,
`SUM_WARNINGS` AS `warnings`,
(ifnull((`SUM_WARNINGS` / nullif(`COUNT_STAR`,0)),0) * 100) AS `warning_pct`,
`FIRST_SEEN` AS `first_seen`,
`LAST_SEEN` AS `last_seen`,
`DIGEST` AS `digest`
FROM
 performance_schema.events_statements_summary_by_digest
WHERE
((`SUM_ERRORS` > 0) OR (`SUM_WARNINGS` > 0))
ORDER BY
 `SUM_ERRORS` DESC,
 `SUM_WARNINGS` DESC;

3.11. Usability issues

  1. indicate page [language|permissions]
    1. permissions: use icon and different colors
  2. add double-click support for editing comments
  3. When should I use a select box instead of radio buttons?
    1. https://www.nngroup.com/articl[...]es-vs-radio-buttons/
  4. Not indicating an active form field
    • e.g.
      textarea:focus {
          border: 1px solid red; }
    • You can use the ‘:focus’ selector on lots of elements, but it’s super handy when used on inputs and textareas to indicate that the field is active. Add CSS styling such as a highlighted border, or a subtle change to the background color.
  5. forms with checkboxes and options in lists
    • e.g. category handler or users in admin panel
    • assignment of form buttons
  6. usage of new page handler
    • seen in many fresh installs, users adding sub pages to HomePage/subpage
      • this is possible but is it really desired and understood, should we filter out system pages as pre-provided cluster in the /new [page] handler?

Readings

  1. https://www.nngroup.com/articles/low-contrast/
  2. https://backchannel.com/how-th[...]eadable-a781ddc711b6

3.12. Extensions

3.13. Ideas

  1. spam / badword handling -> bad_words($text) function
    1. https://en.wikipedia.org/wiki/Wordfilter
    2. https://stackoverflow.com/ques[...]ood-profanity-filter
    3. What you need is a good way for users to flag inappropriate content and a mechanism to deal with it swiftly. One way is to automatically hide/remove content if it's been flagged more than X times.
  2. rel="edit" -> https://tools.ietf.org/html/rfc686
  3. enforce ACL-Policy, e.g. set read to $, user can't overwrite the setting
  4. test PHPThumb alternatives
    1. https://github.com/mosbth/cimage
  5. Composer
  6. https://github.com/openpgpjs/openpgpjs
  7. https://highlightjs.org/
  8. https://www.w3.org/TR/css3-page/
    1. https://www.smashingmagazine.c[...]-for-print-with-css/

3.14. Themes


  1. new mobile ready theme / layout -> on hold (we got a new template engine!)
  2. https://developers.google.com/web/fundamentals/
  3. https://www.w3.org/Style/Examples/007/leaders

Flexbox vs Grid

  1. Flexbox: content dictates layout
  2. Grid: container dictates layout (to some extent)

Flexbox is great, it just isn't the best thing for overall page layouts.
Flexbox and grid play well together, and are a huge step forward from the float & table hacks they replace. The sooner we can use them both in production, the better.

CSS Varibles

  1. https://developer.mozilla.org/[...]/Using_CSS_variables
  2. https://www.w3.org/TR/css-variables/

CSS colums for index <div class="gimme-columns"><ul>

 
.gimme-columns {
	columns: 20em 3;
	column-count: 3;
	column-width: 20em;
}

.sticky {
  position: sticky;
  top: 0;
}

default theme

  • change blockquote
    • box-shadow: 0 0 6px rgba(0, 0, 0, 0.5);
  • add option to hide $this->config['site_name'] in theme header, e.g.: To Do R5.5 – WackoWiki -> To Do R5.5
  • min-height: 200px for .article, #page


4. Unscheduled

4.1. Most Annoying Bugs

4.2. Core

  1. Extended Acls
  2. if ($method && $method != "show") unset($wacko->config["youarehere_text"]);
  3. /Users/DidierSpaier/ProposedSpecificationsForLanguagesHolding
  4. rewrite search action

4.3. Formatters

  1. cleanwacko-> strip also file: links and formatter options (hl php ...)

5. Requests

  1. add function InviteGroup (allow/deny add/remove)
  2. receive all messages combined in one digest
    1. daily at 
    2. once per week on 
    3. once per month, on the day number
  3. option for allowed actions in comments
  4. move antispam.conf as badword to config