Sf Active Development / Desarrollo del SF-Active

See also

• ActiveSfAdminRedesign
• ActiveSfDevelStatus

General remarks / Observaciones generales

• There are 3 sections here. a list of who's (planning to) coding what. A list of things todo & a list where everyone can add his/her/... idea's of what new Features SF-Active should have.
• If you work on something, add a decent description and a timeline. (otherwise this list won't help us any further).

• Hay 3 secciones aqu\xED. Una lista de qui\xE9nes codificar\xE1n qu\xE9 (o piensan). Una lista de todas las cosas y una lista donde cualquiera puede proponer ideas para la nueva versi\xF3n de Sf-active *Si est\xE1s trabajando en algo, agrega una buena descripci\xF3n y la fecha l\xEDmite.

Who's Coding What ? / \xBFQui\xE9n codifica qu\xE9?

• A list of who's working on what. please add a decent description and a deadline/timeline.
• La lista de qui\xE9n est\xE1 haciendo qu\xE9. Por favor agrega toda la informaci\xF3n necesaria.

Security audit

• Several XSS holes found
• difficult to exploit but big flaw in admin login
• areas with potential flaws:
  • anywhere with user input
    • Dossier class
    • Article class
    • admin login
  • Anywhere user input is displayed
    • newswires
    • latest comments page
  • SQL query injection
• plan of attack:
  • find areas that allow input
  • closely examine the code
  • put in general-purpose security measures
    • block SQL injection in the DB class
    • strip some dangerous fields on insertion into DB, before display

Proposed major code changes

• RSS syndication from other sites
  • e.g., allow to syndicate global headlines
• feature multicategorization
• admin interface to edit documents in /process
• RSS importing, XML-RPC backend
• New template engine
• database table structure improvements, sql query speedups

Mostly Finished code

• SF IMC table-based widget layout
  • allows you to precisely control the layout of the page by the use of "widgets" -- widgets are page-elements like a headline, a photo, a list of headlines, etc
  • each widget can be positioned on the page wherever you like
  • lets you make a page that looks less like a blog, more like a newspaper
  • example site: http://sf.indymedia.org

• iCal support
  • support for downloading events to a calendar program on your desktop
  • uses vcal 1.0 standard, compatible with Apple iCal, MS Entourage/Outlook, Mozilla Calendar, and Ximian Evolution

• Feature Photo
  • Interface to add a list of photographs to the front page, with captions
  • photo is cycled through via cron

• cron system
  • simplifying managing of cron jobs, replacing with a single script that is called by cron once for each time period that you want it to be run
  • script will execute cron jobs for every site

Todo

• A list of things we really should get done.
• Cosas que realmente hay que hacer

• Static sites: the user parts should be mysql independent.
• mirror code for static sites
• privilege separation in the admin [!!]
• ActiveSfDevelOPLicensing - user license selection for open publishing

• P\xE1ginas est\xE1ticas: deben ser independientes de la base de datos.
• mirror code para estas p\xE1ginas est\xE1ticas
• Privilegios separados en el administrador [!!]

Your idea's... / Tus ideas...

• Everyone can add here his/her/... idea's on new features for SF-Active.
• Todo el mundo a meter cosas!! Ideas nuevas para SF-Active

• Mat: Put a link in every article/comment to "report this article to editors" in case of porno, insults, racist or other things. That send a mail to editors, or better, a section that group all those "reported" articles. That way is better to admin and remove the shit from the sites. / poner un link en todos los articulos para "reportar este articulo a los editores" en caso de porno, insultos, racismo u otras cosas.
• Mat: The option to "lock" or "close" a story that way you cant post new comments to avoid fights, insults or other things that can deform the original story / La opcion de "bloquear" o "cerrar" una noticia para que no se puedan publicar nuevos comentarios, para evitar peleas, insultos u otras cosas que puedan deformar la noticia original.
• edwin: Allow time and timezone to be changed in the admin interface.
• edwin: Solve the inconsistency in time when comments are shown in the comment box and when they are viewed with the article. (At least on qc.indymedia.org although it doesn't seem to be a problem on other sites.)