From 66d639636e215c4c07e2fda6a2cbfd7189790c05 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Sat, 23 Feb 2013 21:21:09 +0100 Subject: Updated the TODO list and the installation instructions. --- INSTALL | 11 ++++++-- TODO.org | 89 +++++++++++++++++++++++++++++++++++++++++++++++++--------------- 2 files changed, 77 insertions(+), 23 deletions(-) diff --git a/INSTALL b/INSTALL index e94f248..e437f9a 100644 --- a/INSTALL +++ b/INSTALL @@ -20,15 +20,22 @@ apt-get install libnet-ldap-perl \ libemail-valid-perl \ libdigest-perl \ libstring-mkpasswd-perl \ + libstring-random-perl \ libnet-idn-encode-perl \ - libmail-gnupg-perl + libmail-gnupg-perl \ + libnet-whois-parser-perl libnet-whois-raw-perl + liburi-escape-xs-perl +cpanp install Net::DNS::Dig -liburi-escape-xs-perl libnet-idn-encode-perl are not available on Debian 6.0 +liburi-escape-xs-perl and libnet-idn-encode-perl are not available on Debian 6.0 (Squeeze). To install these dependencies on Debian < 7.0, run cpanp install Net::IDN::Encode URI::Escape::XS +# Validator +apt-get install libwebservice-validator-html-w3c-perl libxml-xpath-perl + # Configuration sudo adduser --system fpanel --home /var/lib/fripost-panel --shell /bin/false --group www-data diff --git a/TODO.org b/TODO.org index bc6c67d..7e08d2f 100644 --- a/TODO.org +++ b/TODO.org @@ -60,13 +60,28 @@ within 24h (daemon). * TODO check if amavis{WhiteBlack}listSender supports catchall @example.org -* TODO prefixes should be used diferently (use only before a @) - * TODO Improve the CSS. Examples - http://www.w3schools.com/tags/att_form_accept_charset.asp http://www.qubesys.com/25-css-form-templates-and-input-styles/ https://github.com/pmcelhaney/semantic-form.css/blob/master/semantic-form.css http://designshack.net/articles/10-css-form-examples/ + http://www.codeproject.com/Tips/170049/Pure-HTML-5-CSS-3-Modal-Dialog-Box-no-JavaScript + http://www.examiner.com/article/html5-best-practices-table-formatting-via-css3 + http://coding.smashingmagazine.com/2011/09/19/css3-flexible-box-layout-explained/ + http://demo.webtuts.info/popup/ + http://cssbutton.com/forms/ + http://www.urcss.com/design-css-form-submit-button/ + http://css-tricks.com/snippets/css/rounded-corners/ + http://files.christophzillgens.com/form-test.html + + +

+ +

+ Keep me logged in + + + Nicer buttons: + (darker on hover, depth effect on click) * TODO Maximum pending entries per user (10). @@ -81,47 +96,79 @@ users. (Add new attributes fripostCannotAdd{Domain,Aliases,List}). * TODO https://en.wikipedia.org/wiki/Tld#Reserved_domains -* TODO '+' shouldn't be allowed in localparts. - use a flag in email_valid to disallow that - * TODO Use captions to explain active/pending status and anti-spam options. + http://www.webdesignerdepot.com/2012/10/creating-a-modal-window-with-html5-and-css3/ + http://sixrevisions.com/css/css-only-tooltips/ * TODO Add a a button to allow domains/aliases deletion. * TODO Redocument the library. -* TODO The pending lists are currently broken. - -* TODO MIME::Entity should somehow be replaced by MIME::Lite. - * TODO We need a test-suite for the web application as well. And ideally, for the whole library. http://search.cpan.org/~hartzell/Test-WWW-Mechanize-CGIApp-0.05/lib/Test/WWW/Mechanize/CGIApp.pm - -* TODO Use callbacks when possible. + http://search.cpan.org/~petdance/Test-WWW-Mechanize-1.44/Mechanize.pm * TODO Alternative to set user passwords: http://search.cpan.org/~marschap/perl-ldap-0.52/lib/Net/LDAP/FAQ.pod#..._in_most_LDAP_servers? + http://search.cpan.org/~esskar/Crypt-SaltedHash-0.06/lib/Crypt/SaltedHash.pm + http://search.cpan.org/~zefram/Authen-Passphrase-0.008/lib/Authen/Passphrase.pm + http://www.openldap.org/faq/data/cache/347.html -* TODO When creating lists, lock the namespace. (mylist-*) - Maybe a -assert_free_namespace option. - -* TODO Move the LDAP bit of deleteExpiredEntries to Fripost::Schema::Pending - -* TODO Explore readself for the perms of canCreateAlias + http://www.zytrax.com/books/ldap/ch6/ppolicy.html * TODO "A DN containing "[" "]" does not expand correctly.", quote from http://www.openldap.org/faq/data/cache/1133.html Try with an example (e.g., canAddAlias) -* TODO Wildcards: +* TODO Wildcards (attapt the search method): * => *@* xy* => xy*@* *xy => *@*xy x*y => x*@*y * TODO: Ensure that the domain and local parts are always lowercase. + (we're doing a naive DN check) + +* TODO: check the list commands with recipient_delimiter (-bounces+*, +-confirm+*), cf https://www.gnu.org/software/mailman/mailman-install.txt + +* TODO add options -destination/-forward/-catchall to the search methods +to filter on these values as well. + +* TODO bug: new user "very.(),:;<>[]\".VERY.\"very@\\ * \"very\".unusual"@☮.net, upon error + - check every unusual mail (maildrop, canAdd{list,alias}, alias, user). + - check injection of code: in forms, upon login (escape forms). + +* TODO Close the connection upon error at login and rest. (Maybe with cgiapp_postrun) + +* TODO Explore untaint + http://search.cpan.org/~wonko/HTML-Template-2.94/lib/HTML/Template.pm#Error_Detection_Options + http://gunther.web66.com/FAQS/taintmode.html + http://perldoc.perl.org/perlsec.html + +* TODO Try to factorize the templates. Maybe with cgiapp_postrun (output_ref) + +* TODO Add -welcome options to all add methods, to send welcome mails. + +* TODO Hide the SpamAssassin form + http://dev.opera.com/articles/view/css3-show-and-hide/ + http://www.webdeveloper.com/forum/showthread.php?168061-Hide-Show-div-on-mouseclick-with-CSS-(no-JS) + http://stackoverflow.com/questions/5593500/html5-and-css3-show-form-hints-on-element-focus + +* TODO check selfread access for canAdd{List,Alias} permission + https://www.rfc-editor.org/rfc/rfc3876.txt + +* TODO unlock accounts: + ldapmodify -Y EXTERNAL -H ldapi:/// + dn: fvl=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev + changetype: modify + delete: pwdAccountLockedTime + +* TODO template filters + http://www.perl.com/pub/2006/11/30/html-template-filters.html + http://comments.gmane.org/gmane.comp.lang.perl.modules.html-template/2004 -* TODO: wantarray - http://search.cpan.org/~dom/perl-5.12.5/pod/perlsub.pod +* TODO domain validation... + https://en.wikipedia.org/wiki/Certificate_authority -- cgit v1.2.3