Todo List - WackoWiki

1. R 6.1

Roadmap
dev repo [bitbucket.org]
ChangeLog
https://github.com/WackoWiki/w[...]pare/6.1.14...master – Diff since last release

Main Focus: Implement new PHP 8 functionality and improve GUI usability.

Contributions are encouraged.

Please look here for open issues from R6.0.

1.1. PHP

https://www.php-fig.org/psr/psr-12/
- ~~Code MUST use an indent of 4 spaces for each indent level, and MUST NOT use tabs for indenting.~~ SERIOUSLY? – tabs are exactly what for?
- ~~The keyword elseif SHOULD be used instead of else if so that all control keywords look like single words.~~ cognitive load
- Allman indent style rules

https://php.watch/articles/php-regex-readability

1.1.1. PHP 8.1

Deprecated:

Passing null to non-nullable internal function parameters

1.1.2. PHP 8.2

1.2. Features

section-edit – it already works :)
customizable secondary navigation (Menu) out of the box apart from the so called bookmarks
- most users won't fiddle with the theme to create their own navigation, see theme section
- there is already the menu_tag for this purpose, shorter (usually) version of headline for use in menus
- the session contains the general menu and the user menu (also called bookmarks), it is up to the theme how they are used

1.3. Core

add max page size value (2048) for edit handler and a recomended value, show warning text with suggestions if that value is reached
declared visibility on all properties, constants and methods (good luck with that)

fix SQL Strict mode issues opportunistically (see error log)

'sql_mode_strict' => '1'

const SQL_MODE_STRICT = 'TRADITIONAL,NO_ENGINE_SUBSTITUTION,ONLY_FULL_GROUP_BY';
const DB_ERROR_MODE = 1;

unwrap_link() strip also last slash if user provides page="/Cluster/SubPage/" to match tag Cluster/SubPage in database
- utf8_rtrim(new_tag, '/') or better already via regex
add option to overwrite upload pre-selection (global/local)
migrating from SAH-1 to SHA-256 for all hashes?
improve mixed directionality of text support
- set dir in user elements when dir differs from content, e.g content is in Persian and GUI is Greek
- how to determine the use of the <bdi> tag, e.g. for breadcrumbs or lists
made time format depended from localization and user preferences
- DateTime::format()
- IntlDateFormatter::format()
The user name regex allows . and - in usernames however the sanitizer removes it
Why does it store interwiki in session and not as JSON in _cache/config/interwiki.conf?
- get_inter_wiki_url($name, $tag)
move interwiki.conf and antispam.conf into table & _cache/config/*
add option to enforce email validation before a user can login
notify_watcher(): add direct link to diff mode in email body
COLLATE utf8mb4_bin for tag eats 𝓦𝓲𝓴𝓲𝓦𝓸𝓻𝓭𝓼 in LIKE '/%' query, without slash it finds it, whO_Ot

UTF-8 text must be checked for well-formedness

static function is_utf8($string)
{
  return (bool) preg_match('//u', $string);
}

localize default date formats
improve and foster message sets
set return type declarations : (array | bool | float | int | mixed | string | void | ... )
- http://docs.php.net/manual/en/[...]returning-values.php
fix client side JS input validation patterns
1. new, clone and rename handler, import action
2. $tpl->pattern = $this->lang['TAG'] . '+';
Replace all HTML-Entities except HTML special chars
1. nbsp; — to indent or add extra spacing to a paragraph, sentence, or another portion, better using CSS instead of multiple non-breaking spaces.
allow also login with email address instead of user name
individual CSP per page
move link and notifications functions in own class
- $this->msg->notify_user()
- $this->ref->link()
partial mixed usage of DB warnings and exceptions (must use either one or the another)
- MySQLi: mysqli_sql_exception and mysqli_connect_errno
- PDO: errorCode and PDOException

1.4. Installer

commented out auto-creation of empty help, terms and privacy page – needs FEEDBACK
- make creation optional, the default theme shows the links when set in the config
- either the user defines them individually in the admin panel or sets an additional option in the installer to create them
set more strict write and create default ACLs for system and user pages
- user pages: only the user should be able to write and create sub-pages by default in his namespace
- system pages: no sub-page creation for users
- requires a option to pass custom ACLs in page creation, e.g. $permissions = [ 'write' => 'Admins', 'create' => 'Admins']
validate username
Nginx: installer seems to activate rewrite_mode ?
use dbal also for installer: $db->sql_query($sql)

1.5. Handler

export.xml: add option for cluster and if the handler should show the xml or offer it for direct download, some browsers modify the XML in presentation mode or show it as feed – however the user needs the original source text including the line feeds!
rename: add utf8_ucwords() like in new handler, however it must deal with slashes from cluster tags
auto-save function on the edit and _comments handler by applying the localStorage function
save discarded comment or page due invalidated token to avoid data loss
- Lately, it is enough (with Firefox) to use the "Back" button of the browser and post the message again.
send notice on comment edit and make change visible in actions like it is done for pages, to not miss possible important content changes
increase the default size of the comment textarea in the default theme
add option to send a copy of the personal message also to the sender
edit: set custom textarea size (user settings/JS)
diff: add page title to diff
print: pass arguments? e.g. ?phrase=canonical&lang=&p=2

1.6. Action

allow multi-line actions -> Regex
registration: add option to enforce certain user name patterns
registration: add white and blacklist for allowed email domains
blog: improve options, sorting and filtering, add content templates

1.7. Formatter

remove usertable classes for th, tr, td?
- td > usercell
- th > userhead
- tr > userrow
check typografica options
- update default settings of options, some options are mostly more annoying than useful, e.g. (c)
- interference with other syntax, e.g. striketrough
- Unicode context
- create test cases
multi-line strikethrough (marker similar) may break correct tag nesting and parsing, how this should work anyways across paragraphs, lists, etc. by only wrapping it via <del> tag
- WikiEdit as well the Formatter must recognize a new paragraph, list as terminators to avoid invalid tag nesting!
evaluate syntax for definition list, e.g. ;term:ex
- there is a working patch, however the current workaround for the random <dt> to <dd> tag transition, prevents wiki text formatting
Improve and extend footnote capabilities

add option to wrap caption around code blocks

<figure>
  <figcaption>Language of code</figcaption>
  <pre>
    <code>
      <!-- your code here -->
    </code>
  </pre>
</figure>

indenting text in quote breaks page

<p id="p291-1" class="auto">
<br>
<blockquote>Where authority fails in its duties and indeed betrays the purpose for which it has been established, disobedience is not only lawful but obligatory: non-violent disobedience, at least for now, but determined and courageous.</p>
<div class="indent">.</blockquote>
<p id="p291-2" class="auto"></div>

auto-paragraph did not terminates correctly in indent div having a code wrapper

<div class="indent"><pre class="code">su</pre>
<p id="p86658-7" class="auto"></div>

add support for AVIF – GD lib support pending! -> LibGD 2.3.2 -> PHP 8.1
- getimagesize does not process AVIF yet AVIF support in getimagesize()
```
str_replace("\xc2\xa0", " ", $string);	
```
(nbsp;)
text inside ##code formatter## is processed as wikitext with possibly undesired results
- the text must be escaped to be taken as is
removes intentional left empty lines inside info formatter
((../ Go Back)) goes back two levels, but should go to parent page only
interwiki links are not tracked
relative links were not parsed in the context of the page they are included, what is the default behavior?
re-parsing all pages and links may result in wrong toc references, when the included page gets parsed after the page which includes them
- HOTFIX: save all included pages with wrong toc reference again, this will update body_toc

1.8. Cache

1.9. Admin Panel

the users and groups module must be rewritten (anyone? ;))
support templates

1.10. Database

Listing JOINS with no index: log_queries_not_using_indexes
- https://dev.mysql.com/doc/refm[...]es_not_using_indexes

1.11. WikiEdit

Autocomplete seems broken, shows possible pages – but selection does not work
use only one popup for new link, having link and link description together
select and remember the color of the highlighter or marker, keep selected color in session
do not set multi-line markup beyond paragraph, list ad other terminators, only valid tag nesting
popup for tables
1. select rows and columns
2. set table header
select color for text and highlighting
resize textarea
undo / redo
JavaScript search & replace
ECMAScript 2018
some key shortcuts does not work any longer
- test and map what works & where
- suggest new shortcuts in case of conflict (Firefox, Chrome, ...)

1.12. Translations

move ending colons set in the template itself back into the message sets (non-latin localization)
- [ ' _t: MessageSet ' ]:

1.13. Libs

SimplePie
- constant
- match, string_* (PHP 8.0)

1.14. Refactoring

1.15. Offline usage improvements

Intranet usage, offline, etc.

manual, help
- installer(option to add help/)
- provide help cluster as XML for import (de, fr, en, es, ru, zh)
- add all essential instruction to a doc/ folder
XML export / import
- improve options (chose cluster, direct download)
- make import / export more accessible

1.16. Themes

CSS: [dir=rtl]
add dark mode option: sets session value -> true: loads *_dark.css files in theme header

 #page-edit form textarea {
  height: 400px;
  min-height: 5em;
}

change to height: auto; -> rows="40" cols="60" ?

1.16.1. Print

CSS Paged Media Module Level 3

@page {
    size: A4 portrait;
    margin: 15mm;
    font-family: Arial, Helvetica, sans-serif;
    marks: crop cross;
 
    @bottom-center {
        content: "Seite " counter(page) " von " counter(pages);
        font-size: 10pt;
    }
}
 
.chapter h1 {
    page-break-before: always;
    string-set: chapter-title content()
}
 
h2, h3 {
    page-break-after: avoid;
}
 
p {
    orphans: 3;
    widows: 3;
}

1.17. Ideas

https://wiki.c2.com/?DelayedIndexing
- db->delayed_indexing_time = 0;
add Web app manifest
- https://web.dev/add-manifest/
add action with conditional redirect by browser language to pre-selected pages, e.g. ['fr'] --> "/Doc/Français"
moderation/remove/rename of sub pages without modifying the parent cluster
JSON Feed
Captcha dictionary in Russian as drop in
Defense Against Spiders
https://github.com/jgraph/drawio / https://www.diagrams.net/
- https://desk.draw.io/support/s[...]000042544-embed-mode
- https://embed.diagrams.net/?embed=1&proto=json&spin=1&svg-warning=0

1.18. Documentation

temporary write permissions for image/ folder -> AP Appearance settings: logo and favicon upload
- chmod 0755 image/
Screenshots
- store example text for Wabi-Sabi and diff handler in sub-pages for each language
- add missing diff handler screenshots for languages other than English
write a new technical guide and MD-file for the WackoWiki Formatter, see /Dev/Projects/WackoFormatter/Usage
- new examples, what is what, workflow, etc.
add README.md file to action, handler and formatter folder with a short introduction and HowTo
differentiate update instructions between minor and major upgrade
add a page for Terms in WackoWiki
- cluster, free link, wikilink, etc.
add CSP help page
order config page according the sections in the Admin panel via sub-headings
write your own action
write your own formatter
write your own theme
When a upgrade should be done?
How I reduce the applications footprint?
add example for rewrite with Nginx – HELP needed

1.19. Feedback

1.19.1. Polls

The polls class and actions have been removed from the core. They can be added again to the community folder after evaluation and improvement. Additionally a guide as well as further documentation is needed. See 6.0 branch for source code.

module

content_class

class

polls

actions

polls
pollsadd
pollsarchive
pollspreview

translations
database table

1.20. Testing

1.20.1. Debug

declare(strict_types=1);

2. R 6.0

Roadmap
dev repo [bitbucket.org]
ChangeLog
https://github.com/WackoWiki/w[...]compare/6.0.31...6.0

Main Focus: UTF-8 support and migration and PHP 8.0 compatibility

R6.0 is more or less R5.5 with Unicode support. Please look here for open issues from R5.5 .

2.1. PHP

PHP 8 functionality

New PHP 8 functionality is reserved for 6.1 branch releases .
Currently Supported PHP Versions

2.2. Features

UTF-8 support – Migration to Unicode

2.3. Core

~~add option to disable hit counter~~
- user already uses web analytics software or there is no use case for a hit counter
- This reduces database load, updating the page and file hits field with every page hit is a main source for slow queries.

2.4. Handler

wordbreak, how to break lines of Chinese, Japanese, or Korean

line-break: strict;
white-space: nowrap;
word-break: keep-all;

2.5. Libs

php-diff successor
1. https://github.com/jfcherng/php-diff
2. https://github.com/JBlond/php-diff <— SWITCHED TO
3. https://github.com/sebastianbergmann/diff

For issues regarding Unicode please look in our R6.0 ToDo list.

R5.5 is no longer maintained, please upgrade to R6.0. Open issues will be fixed in R6 branch.

3. R 5.5

Roadmap
ChangeLog

Main Focus: HTML5 support, security related features

HTTP Strict Transport Security (HSTS)
Content-Security-Policy
Cookies, CSRF sectoken
https://www.owasp.org/index.ph[...]tication_Cheat_Sheet

3.1. MariaDB / MySQL type casting

https://dev.mysql.com/doc/refm[...]type-conversion.html
https://stackoverflow.com/ques[...]d-backticks-in-mysql

whOOt https://dev.mysql.com/doc/refm[...]ent-programming.html

3.2. Features

normalize links to other language versions of a page
- add table: lang_link[page_id, lang, target_id]
add debug option to send error log into separate file + rotate logs
add IP block to ban bad actors, bots

3.3. M17

open issues (add)

relative linking seems not working for ((../ back to parent page)), it links to root level (?!)
add delimiter before page handler (_properties)
1. min_href()
2. router.conf
upload of file without extension -> broken
empty body_r after page rename/relocation -> page needs re-rendering
allow multi logins (on/off)
1. add multi login warning: 'Jemand hat sich bereits an diesem Konto angemeldet'
2. This account is currently being used in 1 other location at this IP ().
add access throttling feature
- limit the number of page requests by a single IP address within a given time interval
add array for 'default' AND 'user' menu so both can used independently (create/edit menu sets)
rewrite_mode setting in AP is pointless if it is overwritten in Setting class

3.4. Fix

check for avoidable SQL roundtrip queries
link() -> default: $anchor_link – should only active inside page_body (?)
- additional check if its better to prefix the id="doc.deutsch.konfiguration"
  - to avoid unintentional mix with CSS settings
- set anchor id only where needed, minimizes also size of attributes
broken list in tree action if levels changes not in order – e.g. depth 1.2 -> depth 2.4
1. show missing levels
search?phrase="sourceforge.net" -> paging fails with "term to search"
bug: news action takes all subpages – is this desired?
improve search (open since ages), add some measures to improve relevance (time, size, user, filter, ...) and provide more and better meta data for search results
implement rating hack (but without mandatory JS)
1. https://www.youtube.com/watch?v=orPVEAipz2A
add unique log message key to filter events (messages may differ)
add regex for this->config['users_page']/[*]/
- Yet the engine does not validate the namespace for the user cluster, so that nobody can create a page under /User except his own [UserName]
- Then we can disallow random pages for the first level in the users cluster except the own [UserName].
- The register action creates this page usually for the user.

3.5. Notifications

Notifications

3.5.1. Notice digest

store events notices and compile digest for user [user|moderator|admin]
- new user
- comments
- files
- changes

3.6. Handler

clone entire cluster is only available for Admins atm., it should also available for ...
improve global upload settings
1. allow groups
2. set individual rights (only images, quota, etc. for a user, group)
send page as email (like print)
show: add option 'Flag as Spam/Inappropriate'
show: Delayed Indexing delay_index
- <meta name=“robots” content=“noindex,nofollow”>
see upload subpage
1. upload: check if the MIME type of the uploaded file matches the file extension
2. upload: add form field to chose another file name (?)
3. upload: add accept attribute depending on config settings https://www.w3.org/TR/html5/fo[...]ml#attr-input-accept
add meta handler namespace ['page', 'account', 'file', 'service']
- This is the simplest way to standardize document locations and for the language-independent single instances of service pages, like login. Next step is the separated cluster for those pages, linked with prefix, for example, ((service:login)).
- this can be easily done with the new URI router
- handler/account/
file: apply access restrictions for global files if Wiki is closed -> $
1. add and enforce global Wiki mode, minimum access rights
2. route global files only for registered users

3.7. Action

template toc and tree

3.8. Formatter

Search Highlighter
(/Users/WikiAdmin UserSpace | WikiAdmin)) -fails on |

<# #> adds  on first and  on second appearance of double quote like class=""

caused by race condition in wacko_preprocess()

<#<div class="" style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>
2
<#<div class="" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#>

<!--notypo--><div class="<!--notypo--> style="background:transparent; border:.1em solid #F66; border-left:1em solid #F66; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div>#><br />2<br /><#<div class=<!--/notypo-->" style="background:transparent; border:.1em solid #fcfce9; border-left:1em solid #fcfce9; box-sizing:border-box; margin:.5em 0; overflow:hidden; padding:.5em; text-align:left; width:auto;">Unter den Btrfs-spezifischen Anpassungen (1, 2) waren einige, die Latenz- und Stabilitäts-Probleme beseitigen, die bei knapp werdendem Speicherplatz auftreten können.</div><!--/notypo--><br />

Wacko is spamming BRs, in between everything
add option to hide protected links
- You must login to see this link. Register now, if you have no user account yet.
Error: Bad value 4 for attribute type on element ol.
1. see $new_indent_type in wackoformatter -> error prone
  - ```
    1. hallo
      5. should not take the number but 1, same for i, I, a, A	
```
2. Block elements inside inline elements
3. http://www.w3.org/TR/html5/gro[...]nt.html#attr-ol-type
allow case insensitive matching of file links, e.g. File:image.jpg
breaks quote
```
<[http://www.example.com]>	
```
<[ ]> eats blank line in quote, undesired
broken nested quote
- ```
<[block
<[nested quote]>
quote
]>	
```

3.9. Admin Panel

upload module

PAY ATTENTION TO SECURITY RISKS
 

Before adding random file/MIME types: please think about possible security issues.

For example HTML (.htm, .html), JavaScript (.js) and PHP (.php) file are types you’d better avoid as they can be “executed” on your server where you really would not want that to happen. For most of these kind of files, this should not be a problem though as these files are better off being compressed into a ZIP file anyway.

Only add file types that you REALLY need and that you are comfortable with.

add module to filter, moderate and manage pages, comments, (files)
1. see modules for content like pages
recovery mode: CSS and images won't load
- index.php: (!$db->ap_mode && RECOVERY_MODE) excludes static files!
  - !$db->ap_mode

purge logs (TRUNCATE)

log table
referrers
badbehavior

 <thead class="data-head">
        <tr class="">
        </tr>
        [...]
    </thead>

<tbody id="table-section-one">
[...]
</tbody>

<tbody id="table-section-two">
[...]
</tbody>

3.10. Usability issues

add double-click support for editing comments
When should I use a select box instead of radio buttons?
1. https://www.nngroup.com/articl[...]es-vs-radio-buttons/
Not indicating an active form field
- e.g.
```
textarea:focus {
    border: 1px solid red; }	
```
- You can use the ‘:focus’ selector on lots of elements, but it’s super handy when used on inputs and textareas to indicate that the field is active. Add CSS styling such as a highlighted border, or a subtle change to the background color.

Readings

3.11. Extensions

3.12. Ideas

spam / badword handling -> bad_words($text) function
1. https://en.wikipedia.org/wiki/Wordfilter
2. https://stackoverflow.com/ques[...]ood-profanity-filter
3. What you need is a good way for users to flag inappropriate content and a mechanism to deal with it swiftly. One way is to automatically hide/remove content if it's been flagged more than X times.
rel="edit" -> https://tools.ietf.org/html/rfc686
enforce ACL-Policy, e.g. set read to $, user can't overwrite the setting
test PHPThumb alternatives
1. https://github.com/mosbth/cimage
Composer
https://github.com/openpgpjs/openpgpjs
https://www.w3.org/TR/css3-page/
1. https://www.smashingmagazine.c[...]-for-print-with-css/

4. Unscheduled

4.1. Most Annoying Bugs

4.2. Core

Extended Acls
if ($method && $method != "show") unset($wacko->config["youarehere_text"]);
/Users/DidierSpaier/ProposedSpecificationsForLanguagesHolding
rewrite search action

4.3. Formatters

cleanwacko-> strip also file: links and formatter options (hl php ...)

5. Database

PostgreSQL support
SQLite support

Implementation itself should not be that difficult, however it needs at least one major user.

6. Requests

add function InviteGroup (allow/deny add/remove)
receive all messages combined in one digest
1. daily at
2. once per week on
3. once per month, on the day number
option for allowed actions in comments
move antispam.conf as badword to config