Updated the TODO list and the installation instructions.

1 files changed, 68 insertions, 21 deletions

diff --git a/TODO.org b/TODO.org
index bc6c67d..7e08d2f 100644
--- a/TODO.org
+++ b/TODO.org
@@ -60,13 +60,28 @@ within 24h (daemon).
 
 * TODO check if amavis{WhiteBlack}listSender supports catchall @example.org
 
-* TODO prefixes should be used diferently (use only before a @)
-
 * TODO Improve the CSS. Examples
-    http://www.w3schools.com/tags/att_form_accept_charset.asp
     http://www.qubesys.com/25-css-form-templates-and-input-styles/
     https://github.com/pmcelhaney/semantic-form.css/blob/master/semantic-form.css
     http://designshack.net/articles/10-css-form-examples/
+    http://www.codeproject.com/Tips/170049/Pure-HTML-5-CSS-3-Modal-Dialog-Box-no-JavaScript
+    http://www.examiner.com/article/html5-best-practices-table-formatting-via-css3
+    http://coding.smashingmagazine.com/2011/09/19/css3-flexible-box-layout-explained/
+    http://demo.webtuts.info/popup/
+    http://cssbutton.com/forms/
+    http://www.urcss.com/design-css-form-submit-button/
+    http://css-tricks.com/snippets/css/rounded-corners/
+    http://files.christophzillgens.com/form-test.html
+
+  <label>Username</label>
+  <input type="text" tabindex="1" class="input" placeholder="Webtuts" required><br><br>
+  <label>Password</label>
+  <input type="password" class="input" tabindex="2" required><br><br>
+  <input type="checkbox" tabindex="3">Keep me logged in
+  <input type="submit" id="submitbtn" value="Login" tabindex="4">
+
+  Nicer buttons:
+    (darker on hover, depth effect on click)
 
 * TODO Maximum pending entries per user (10).
 
@@ -81,47 +96,79 @@ users. (Add new attributes fripostCannotAdd{Domain,Aliases,List}).
 
 * TODO https://en.wikipedia.org/wiki/Tld#Reserved_domains
 
-* TODO '+' shouldn't be allowed in localparts.
-    use a flag in email_valid to disallow that
-
 * TODO Use captions to explain active/pending status and anti-spam
   options.
+  http://www.webdesignerdepot.com/2012/10/creating-a-modal-window-with-html5-and-css3/
+  http://sixrevisions.com/css/css-only-tooltips/
 
 * TODO Add a a button to allow domains/aliases deletion.
 
 * TODO Redocument the library.
 
-* TODO The pending lists are currently broken.
-
-* TODO MIME::Entity should somehow be replaced by MIME::Lite.
-
 * TODO We need a test-suite for the web application as well. And
   ideally, for the whole library.
   http://search.cpan.org/~hartzell/Test-WWW-Mechanize-CGIApp-0.05/lib/Test/WWW/Mechanize/CGIApp.pm
-
-* TODO Use callbacks when possible.
+  http://search.cpan.org/~petdance/Test-WWW-Mechanize-1.44/Mechanize.pm
 
 * TODO Alternative to set user passwords:
   http://search.cpan.org/~marschap/perl-ldap-0.52/lib/Net/LDAP/FAQ.pod#..._in_most_LDAP_servers?
+  http://search.cpan.org/~esskar/Crypt-SaltedHash-0.06/lib/Crypt/SaltedHash.pm
+  http://search.cpan.org/~zefram/Authen-Passphrase-0.008/lib/Authen/Passphrase.pm
+  http://www.openldap.org/faq/data/cache/347.html
 
-* TODO When creating lists, lock the namespace. (mylist-*)
-    Maybe a -assert_free_namespace option.
-
-* TODO Move the LDAP bit of deleteExpiredEntries to Fripost::Schema::Pending
-
-* TODO Explore readself for the perms of canCreateAlias
+  http://www.zytrax.com/books/ldap/ch6/ppolicy.html
 
 * TODO "A DN containing "[" "]" does not expand correctly.", quote from
   http://www.openldap.org/faq/data/cache/1133.html
   Try with an example (e.g., canAddAlias)
 
-* TODO Wildcards:
+* TODO Wildcards (attapt the search method):
    *    => *@*
    xy*  => xy*@*
    *xy  => *@*xy
    x*y  => x*@*y
 
 * TODO: Ensure that the domain and local parts are always lowercase.
+  (we're doing a naive DN check)
+
+* TODO: check the list commands with recipient_delimiter (-bounces+*,
+-confirm+*), cf https://www.gnu.org/software/mailman/mailman-install.txt
+
+* TODO add options -destination/-forward/-catchall to the search methods
+to filter on these values as well.
+
+* TODO bug: new user "very.(),:;<>[]\".VERY.\"very@\\ * \"very\".unusual"@☮.net, upon error
+   - check every unusual mail (maildrop, canAdd{list,alias}, alias, user).
+   - check injection of code: in forms, upon login (escape forms).
+
+* TODO Close the connection upon error at login and rest. (Maybe with cgiapp_postrun)
+
+* TODO Explore untaint
+  http://search.cpan.org/~wonko/HTML-Template-2.94/lib/HTML/Template.pm#Error_Detection_Options
+  http://gunther.web66.com/FAQS/taintmode.html
+  http://perldoc.perl.org/perlsec.html
+
+* TODO Try to factorize the templates. Maybe with cgiapp_postrun (output_ref)
+
+* TODO Add -welcome options to all add methods, to send welcome mails.
+
+* TODO Hide the SpamAssassin form
+  http://dev.opera.com/articles/view/css3-show-and-hide/
+  http://www.webdeveloper.com/forum/showthread.php?168061-Hide-Show-div-on-mouseclick-with-CSS-(no-JS)
+  http://stackoverflow.com/questions/5593500/html5-and-css3-show-form-hints-on-element-focus
+
+* TODO check selfread access for canAdd{List,Alias} permission
+  https://www.rfc-editor.org/rfc/rfc3876.txt
+
+* TODO unlock accounts:
+  ldapmodify -Y EXTERNAL -H ldapi:///
+    dn: fvl=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev
+    changetype: modify
+    delete: pwdAccountLockedTime
+
+* TODO template filters
+  http://www.perl.com/pub/2006/11/30/html-template-filters.html
+  http://comments.gmane.org/gmane.comp.lang.perl.modules.html-template/2004
 
-* TODO: wantarray
-    http://search.cpan.org/~dom/perl-5.12.5/pod/perlsub.pod
+* TODO domain validation...
+  https://en.wikipedia.org/wiki/Certificate_authority