🌍
English
Announcement
- [2024-04-17] Piwigo 14.4.0
- [2024-04-01] Piwigo in Hobbit runes
- [2024-03-01] Piwigo 14.3.0
- [2024-01-30] Piwigo 14.2.0
- [2023-12-29] Piwigo 14.1.0
#16 2010-03-19 11:51:23
- VDigital
- Former Piwigo Team
- Paris (FR)
- 2005-05-04
- 17680
Re: Piwigo 2.1 planning
plg wrote:
What would be really appreciated for 2.1:
...
* better way to manage user input data (to avoid security issues)
...
and
nicolas wrote:
plg wrote:
Propose a secure method to work with user data input (considering PHP 5 is required to run Piwigo), I know that's important for you :-)
I know that you will say something like that ! :-) Ok for me but just after gettex. ...
Where do we stand today on user input management today?
Piwigo.com: Start and run your own photo gallery. Signup and get 30 days to try for free, no commitment.
8-)
Offline
#17 2010-03-19 11:53:51
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
VDigital wrote:
Where do we stand today on user input management today?
postponed to 2.2
Offline
#18 2010-03-19 13:05:40
- rvelices
- Former Piwigo Team
- 2005-12-29
- 1960
Re: Piwigo 2.1 planning
plg wrote:
VDigital wrote:
Where do we stand today on user input management today?
postponed to 2.2
so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issues
Offline
#19 2010-03-19 13:07:54
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
rvelices wrote:
plg wrote:
VDigital wrote:
Where do we stand today on user input management today?
postponed to 2.2
so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issues
Of course rvelices, that's in my afternoon planning (right now I'm propagating the new "add tags" widget to element_set*).
Tonight, I'll come here to write what's still in the TODO list before 2.1.0RC1 :-)
Offline
#20 2010-03-19 13:31:24
- nicolas
- Former Piwigo Team
- 2004-12-30
- 1232
Re: Piwigo 2.1 planning
plg wrote:
rvelices wrote:
plg wrote:
postponed to 2.2so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issuesOf course rvelices, that's in my afternoon planning (right now I'm propagating the new "add tags" widget to element_set*).
Tonight, I'll come here to write what's still in the TODO list before 2.1.0RC1 :-)
But it could have be better to create branch 2.1 before and not merge that stuff to trunk. We have to unmerge it after !
Offline
#21 2010-03-19 13:33:32
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
nicolas wrote:
But it could have be better to create branch 2.1 before and not merge that stuff to trunk. We have to unmerge it after !
The branch must be created as late as possible to avoid multiple merge (and there will be many commits during the beta test period)
Offline
#22 2010-03-19 15:38:08
- VDigital
- Former Piwigo Team
- Paris (FR)
- 2005-05-04
- 17680
Re: Piwigo 2.1 planning
Copyright(C) 2008-2009 Piwigo Team http://piwigo.org
Don't forget 2008-2010!
;-)
Piwigo.com: Start and run your own photo gallery. Signup and get 30 days to try for free, no commitment.
8-)
Offline
#23 2010-03-19 23:29:12
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
rvelices wrote:
so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Job's done in [Subversion] r5195. Quite a big commit, I heavily refactored the edit/delete comment feature (which is a really nice feature).
Offline
#24 2010-03-19 23:46:32
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
VDigital wrote:
Don't forget 2008-2010!
Job's done.
Offline
#25 2010-03-22 22:27:50
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
The features are "ready enough" for 2.1.0RC1. Last step is to make sure all strings have internationisation and are present in lang/en_UK/*.lang.php at least.
My current main task is:
1) to check all strings have i18n on my devs (I've asked nicolas and P@t to check also),
2) then fill lang/en_UK/*.lang.php
3) run tools/translation_analysis against 2.0 language files
4) communicate with translators to get their translation
RC1 should be available on 2010-03-26 I hope.
Offline
#26 2010-03-23 12:33:41
- rvelices
- Former Piwigo Team
- 2005-12-29
- 1960
Re: Piwigo 2.1 planning
plg wrote:
The features are "ready enough" for 2.1.0RC1. Last step is to make sure all strings have internationisation and are present in lang/en_UK/*.lang.php at least.
My current main task is:
1) to check all strings have i18n on my devs (I've asked nicolas and P@t to check also),
2) then fill lang/en_UK/*.lang.php
3) run tools/translation_analysis against 2.0 language files
4) communicate with translators to get their translation
RC1 should be available on 2010-03-26 I hope.
Do we have a way to see which language strings are defined but never used ?
Offline
#27 2010-03-23 13:07:31
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
rvelices wrote:
Do we have a way to see which language strings are defined but never used ?
I've coded a script this morning to detect the keys used in *.php and *.tpl but not defined in language files.
I will add the detection to find language keys defined but not used.
You're right, cleaning is a good idea :-)
Offline
#28 2010-03-23 13:29:38
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
The main problem is that I can quite easily detect:
Code:
{'***'|translate}
l10n('***')
l10n_args('***',BUT if the key is built dynamically, then it's much more complex to detect, of course:
Code:
$language_key = 'my language key'; l10n($language_key);
(just a trivial example, of course it's much more complex in the real code)
Offline
#29 2010-05-10 22:51:40
- plg
- Piwigo Team
- Nantes, France, Europe
- 2002-04-05
- 13791
Re: Piwigo 2.1 planning
I thought it could be possible to release Piwigo 2.1.0 today BUT after a discussion with P@t, I've decided to postpone release 2.1.0 to monday 17th May 2010 (1 week in the future).
The reason is : Automatic Upgrade. P@t is currently improving the [extension by P@t] Piwigo Auto Upgrade to let users jump from 2.0.x to 2.1.0 and forget about the heavy manual upgrade procedure.
I won't have much time to work on Piwigo at the end of the week, but I will prepare the launch as much as possible (release notes, newsletters, prepare page changes on the website...)
Offline
#30 2010-05-10 23:01:10
- mediapuck
- Member
- usa till nov - then Austria
- 2010-04-23
- 54
Re: Piwigo 2.1 planning
just one simple question: will it be possible to upgrade from RC3 to the final release next monday? Or will I need a fresh install of 2.1?
Appreciate your feedback :)
Offline