author | Dan |
Sat, 23 Jun 2007 10:38:24 -0400 | |
changeset 18 | edfc24408769 |
parent 15 | ad5986a53197 |
child 21 | 663fcf528726 |
permissions | -rwxr-xr-x |
0 | 1 |
Enano Banshee - TODO |
2 |
------------------------------------------ |
|
3 |
||
4 |
[ ] COPPA compliance |
|
5 |
[x] Add in Moderators group |
|
6 |
[x] Create default ACL rule for mods |
|
7 |
[x] Fix invalid HTML in SF.net logo |
|
8 |
[ ] Clean up the wikitext parser - a lot. It needs some serious work. |
|
9 |
We need a way to detect whether the text is mostly HTML, and if |
|
10 |
so, then leave stuff like automatic adding of <p> and <br /> out |
|
11 |
of the picture. Continue to parse wikilinks. |
|
12 |
[x] Add a system_group column and if it's set to 1, give (at least) a |
|
13 |
stern warning before deleting the group. Maybe disable the delete |
|
14 |
button altogether? |
|
15 |
[x] SQL exporter: fix structure exporting when an auto column is defined |
|
16 |
and it's a named key (see pun_search_words) |
|
17 |
[x] Possibly add these fields: AIM, Yahoo, MSN, XMPP messenger icons, then homepage, location, occupation, hobbies, allow public e-mail display |
|
18 |
[ ] Put it in a user_extra table and have an option to enable or disable these fields in the admin panel |
|
19 |
[Y] Delay until RC3 or Banshee? |
|
20 |
[ ] When added, put a box on the user page that shows the information |
|
21 |
[x] Fix "this page" bug in ACL editor |
|
22 |
[x] The problem itself got fixed BUT there seem to be deeper problems related to scope selection |
|
23 |
This needs to be FIXED and WORKING PERFECTLY in Banshee! |
|
24 |
[x] Change the string shown on a successful re-auth into elevated privileges |
|
25 |
[x] ...and write a function that converts a numeric userlevel to a string |
|
26 |
[x] Make Special:Login remember parameters (target level, target page) even on auth fail |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
27 |
[x] Register users_extra table in system tables list (already done?) |
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
0
diff
changeset
|
28 |
[x] Trigger form submit on press of enter in Dynano login form |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
0
diff
changeset
|
29 |
[ ] Rewrite the change theme dialog - it's archaic code that hasn't changed since beta 1! |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
0
diff
changeset
|
30 |
[ ] This should be the next-to-last step in phasing out the JWS code, which should be removed in the first 1.1 alpha |
0 | 31 |
|
32 |
||
33 |
Enano Clurichaun - TODO |
|
34 |
------------------------------------------ |
|
35 |
||
36 |
[x] Finish rewriting userprefs panel |
|
37 |
Remaining components: |
|
38 |
[x] Signature |
|
39 |
[x] Real name |
|
40 |
[x] When a user's level is set to Moderator or Administrator, automatically add them to the respective group |
|
41 |
[x] Fix de-authentication button in admin panel |
|
42 |
[x] Merge newer artwork into installer; make trademark notices |
|
43 |
[x] Case-insensitive usernames for login |
|
44 |
[x] Mass e-mail function in admin panel |
|
45 |
||
46 |
Enano Leprechaun - TODO |
|
47 |
------------------------------------------ |
|
48 |
[x] Make a frontend for creating/managing usergroups in the admin panel |
|
49 |
[x] Make a frontend for group mods to add/remove group members in a new special page |
|
50 |
[x] Create ACL editing frontends - preferably a "Manage access" button on every page and in the user admin panel |
|
51 |
[x] Need no-Javascript version of ACL editor |
|
52 |
[x] Make absolutely everything check for the proper access - do a complete audit of index.php and pageutils.php |
|
53 |
[x] Also need to check RenderMan::getPage, and require view_source privileges to get pages without wiki |
|
54 |
formatting or without PHP/HTML code |
|
55 |
[x] Check permissions for uploaded files and category editing - if the category is protected and the user doesn't have |
|
56 |
even_when_protected rights, lock down the category from adding/removing articles |
|
57 |
[x] For this to work, need SessionManager's ability to calculate effective permissions for a page implemented |
|
58 |
[x] Update installation schema to create the default Everyone, Administrators, and Moderators groups and insert the |
|
59 |
admin user into Moderators and Administrators |
|
60 |
[x] Update the upgrade schema - last point plus add in table creation for e_groups, e_group_members, and e_acl |
|
61 |
[x] AJAX: Access control list editor |
|
62 |
[x] Write a template parsing class in Javascript |
|
63 |
[x] Use JSON to transport template data, permission types, etc. to the javascript client |
|
64 |
[x] Use JSON to send the updated permissions back to the server |
|
65 |
[x] File uploads: Rewrite Special:UploadFile to work with new storage system |
|
66 |
[x] Implement password reset |
|
67 |
[x] Fix empty group bug in javascripted ACL editor |
|
68 |
||
69 |
Delayed: |
|
70 |
||
71 |
[x] REWRITE Special:Preferences - settle for nothing less than perfect on this one! (DELAYED until RC2 - put password reset issues in known bugs) |
|
72 |
[ ] Implement ACL presets (DELAYED until RC2) |
|
73 |
||
74 |
Website-related: |
|
75 |
||
76 |
[ ] Enano website: add versioning rules page (like linux: x.y.z: x is major release, y is minor, and z is revision; if y is odd then its a beta) |
|
77 |
[ ] Enano website: create codename tracker page (PARTIALLY DONE) |
|
78 |