aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--INSTALL11
-rw-r--r--TODO.org89
2 files changed, 77 insertions, 23 deletions
diff --git a/INSTALL b/INSTALL
index e94f248..e437f9a 100644
--- a/INSTALL
+++ b/INSTALL
@@ -20,15 +20,22 @@ apt-get install libnet-ldap-perl \
libemail-valid-perl \
libdigest-perl \
libstring-mkpasswd-perl \
+ libstring-random-perl \
libnet-idn-encode-perl \
- libmail-gnupg-perl
+ libmail-gnupg-perl \
+ libnet-whois-parser-perl libnet-whois-raw-perl
+ liburi-escape-xs-perl
+cpanp install Net::DNS::Dig
-liburi-escape-xs-perl libnet-idn-encode-perl are not available on Debian 6.0
+liburi-escape-xs-perl and libnet-idn-encode-perl are not available on Debian 6.0
(Squeeze). To install these dependencies on Debian < 7.0, run
cpanp install Net::IDN::Encode URI::Escape::XS
+# Validator
+apt-get install libwebservice-validator-html-w3c-perl libxml-xpath-perl
+
# Configuration
sudo adduser --system fpanel --home /var/lib/fripost-panel --shell /bin/false --group www-data
diff --git a/TODO.org b/TODO.org
index bc6c67d..7e08d2f 100644
--- a/TODO.org
+++ b/TODO.org
@@ -60,13 +60,28 @@ within 24h (daemon).
* TODO check if amavis{WhiteBlack}listSender supports catchall @example.org
-* TODO prefixes should be used diferently (use only before a @)
-
* TODO Improve the CSS. Examples
- http://www.w3schools.com/tags/att_form_accept_charset.asp
http://www.qubesys.com/25-css-form-templates-and-input-styles/
https://github.com/pmcelhaney/semantic-form.css/blob/master/semantic-form.css
http://designshack.net/articles/10-css-form-examples/
+ http://www.codeproject.com/Tips/170049/Pure-HTML-5-CSS-3-Modal-Dialog-Box-no-JavaScript
+ http://www.examiner.com/article/html5-best-practices-table-formatting-via-css3
+ http://coding.smashingmagazine.com/2011/09/19/css3-flexible-box-layout-explained/
+ http://demo.webtuts.info/popup/
+ http://cssbutton.com/forms/
+ http://www.urcss.com/design-css-form-submit-button/
+ http://css-tricks.com/snippets/css/rounded-corners/
+ http://files.christophzillgens.com/form-test.html
+
+ <label>Username</label>
+ <input type="text" tabindex="1" class="input" placeholder="Webtuts" required><br><br>
+ <label>Password</label>
+ <input type="password" class="input" tabindex="2" required><br><br>
+ <input type="checkbox" tabindex="3">Keep me logged in
+ <input type="submit" id="submitbtn" value="Login" tabindex="4">
+
+ Nicer buttons:
+ (darker on hover, depth effect on click)
* TODO Maximum pending entries per user (10).
@@ -81,47 +96,79 @@ users. (Add new attributes fripostCannotAdd{Domain,Aliases,List}).
* TODO https://en.wikipedia.org/wiki/Tld#Reserved_domains
-* TODO '+' shouldn't be allowed in localparts.
- use a flag in email_valid to disallow that
-
* TODO Use captions to explain active/pending status and anti-spam
options.
+ http://www.webdesignerdepot.com/2012/10/creating-a-modal-window-with-html5-and-css3/
+ http://sixrevisions.com/css/css-only-tooltips/
* TODO Add a a button to allow domains/aliases deletion.
* TODO Redocument the library.
-* TODO The pending lists are currently broken.
-
-* TODO MIME::Entity should somehow be replaced by MIME::Lite.
-
* TODO We need a test-suite for the web application as well. And
ideally, for the whole library.
http://search.cpan.org/~hartzell/Test-WWW-Mechanize-CGIApp-0.05/lib/Test/WWW/Mechanize/CGIApp.pm
-
-* TODO Use callbacks when possible.
+ http://search.cpan.org/~petdance/Test-WWW-Mechanize-1.44/Mechanize.pm
* TODO Alternative to set user passwords:
http://search.cpan.org/~marschap/perl-ldap-0.52/lib/Net/LDAP/FAQ.pod#..._in_most_LDAP_servers?
+ http://search.cpan.org/~esskar/Crypt-SaltedHash-0.06/lib/Crypt/SaltedHash.pm
+ http://search.cpan.org/~zefram/Authen-Passphrase-0.008/lib/Authen/Passphrase.pm
+ http://www.openldap.org/faq/data/cache/347.html
-* TODO When creating lists, lock the namespace. (mylist-*)
- Maybe a -assert_free_namespace option.
-
-* TODO Move the LDAP bit of deleteExpiredEntries to Fripost::Schema::Pending
-
-* TODO Explore readself for the perms of canCreateAlias
+ http://www.zytrax.com/books/ldap/ch6/ppolicy.html
* TODO "A DN containing "[" "]" does not expand correctly.", quote from
http://www.openldap.org/faq/data/cache/1133.html
Try with an example (e.g., canAddAlias)
-* TODO Wildcards:
+* TODO Wildcards (attapt the search method):
* => *@*
xy* => xy*@*
*xy => *@*xy
x*y => x*@*y
* TODO: Ensure that the domain and local parts are always lowercase.
+ (we're doing a naive DN check)
+
+* TODO: check the list commands with recipient_delimiter (-bounces+*,
+-confirm+*), cf https://www.gnu.org/software/mailman/mailman-install.txt
+
+* TODO add options -destination/-forward/-catchall to the search methods
+to filter on these values as well.
+
+* TODO bug: new user "very.(),:;<>[]\".VERY.\"very@\\ * \"very\".unusual"@☮.net, upon error
+ - check every unusual mail (maildrop, canAdd{list,alias}, alias, user).
+ - check injection of code: in forms, upon login (escape forms).
+
+* TODO Close the connection upon error at login and rest. (Maybe with cgiapp_postrun)
+
+* TODO Explore untaint
+ http://search.cpan.org/~wonko/HTML-Template-2.94/lib/HTML/Template.pm#Error_Detection_Options
+ http://gunther.web66.com/FAQS/taintmode.html
+ http://perldoc.perl.org/perlsec.html
+
+* TODO Try to factorize the templates. Maybe with cgiapp_postrun (output_ref)
+
+* TODO Add -welcome options to all add methods, to send welcome mails.
+
+* TODO Hide the SpamAssassin form
+ http://dev.opera.com/articles/view/css3-show-and-hide/
+ http://www.webdeveloper.com/forum/showthread.php?168061-Hide-Show-div-on-mouseclick-with-CSS-(no-JS)
+ http://stackoverflow.com/questions/5593500/html5-and-css3-show-form-hints-on-element-focus
+
+* TODO check selfread access for canAdd{List,Alias} permission
+ https://www.rfc-editor.org/rfc/rfc3876.txt
+
+* TODO unlock accounts:
+ ldapmodify -Y EXTERNAL -H ldapi:///
+ dn: fvl=user1,fvd=fripost.org,ou=virtual,o=mailHosting,dc=fripost,dc=dev
+ changetype: modify
+ delete: pwdAccountLockedTime
+
+* TODO template filters
+ http://www.perl.com/pub/2006/11/30/html-template-filters.html
+ http://comments.gmane.org/gmane.comp.lang.perl.modules.html-template/2004
-* TODO: wantarray
- http://search.cpan.org/~dom/perl-5.12.5/pod/perlsub.pod
+* TODO domain validation...
+ https://en.wikipedia.org/wiki/Certificate_authority