Announcement

  •  » Engine
  •  » Piwigo 2.1 planning

#16 2010-03-19 11:51:23

VDigital
Former Piwigo Team
Paris (FR)
2005-05-04
17680

Re: Piwigo 2.1 planning

plg wrote:

What would be really appreciated for 2.1:
...
* better way to manage user input data (to avoid security issues)
...

and

nicolas wrote:

plg wrote:

Propose a secure method to work with user data input (considering PHP 5 is required to run Piwigo), I know that's important for you :-)

I know that you will say something like that ! :-) Ok for me but just after gettex. ...

Where do we stand today on user input management today?


Piwigo.com: Start and run your own photo gallery. Signup and get 30 days to try for free, no commitment.
8-)

Offline

 

#17 2010-03-19 11:53:51

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

VDigital wrote:

Where do we stand today on user input management today?

postponed to 2.2


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#18 2010-03-19 13:05:40

rvelices
Piwigo Team
2005-12-29
1960

Re: Piwigo 2.1 planning

plg wrote:

VDigital wrote:

Where do we stand today on user input management today?

postponed to 2.2

so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issues

Offline

 

#19 2010-03-19 13:07:54

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

rvelices wrote:

plg wrote:

VDigital wrote:

Where do we stand today on user input management today?

postponed to 2.2

so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issues

Of course rvelices, that's in my afternoon planning (right now I'm propagating the new "add tags" widget to element_set*).

Tonight, I'll come here to write what's still in the TODO list before 2.1.0RC1 :-)


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#20 2010-03-19 13:31:24

nicolas
Former Piwigo Team
2004-12-30
1176

Re: Piwigo 2.1 planning

plg wrote:

rvelices wrote:

plg wrote:


postponed to 2.2

so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?
Otherwise we fallback to the CSRF issues

Of course rvelices, that's in my afternoon planning (right now I'm propagating the new "add tags" widget to element_set*).

Tonight, I'll come here to write what's still in the TODO list before 2.1.0RC1 :-)

But it could have be better to create branch 2.1 before and not merge that stuff to trunk. We have to unmerge it after !

Offline

 

#21 2010-03-19 13:33:32

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

nicolas wrote:

But it could have be better to create branch 2.1 before and not merge that stuff to trunk. We have to unmerge it after !

The branch must be created as late as possible to avoid multiple merge (and there will be many commits during the beta test period)


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#22 2010-03-19 15:38:08

VDigital
Former Piwigo Team
Paris (FR)
2005-05-04
17680

Re: Piwigo 2.1 planning

Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org

Don't forget 2008-2010!
;-)


Piwigo.com: Start and run your own photo gallery. Signup and get 30 days to try for free, no commitment.
8-)

Offline

 

#23 2010-03-19 23:29:12

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

rvelices wrote:

so we should merge from brqnch 2.0 to trunk all the current check_input_parameters and pwg_token. Right ?

Job's done in [Subversion] r5195. Quite a big commit, I heavily refactored the edit/delete comment feature (which is a really nice feature).


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#24 2010-03-19 23:46:32

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

VDigital wrote:

Don't forget 2008-2010!

Job's done.


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#25 2010-03-22 22:27:50

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

The features are "ready enough" for 2.1.0RC1. Last step is to make sure all strings have internationisation and are present in lang/en_UK/*.lang.php at least.

My current main task is:

1) to check all strings have i18n on my devs (I've asked nicolas and P@t to check also),
2) then fill lang/en_UK/*.lang.php
3) run tools/translation_analysis against 2.0 language files
4) communicate with translators to get their translation

RC1 should be available on 2010-03-26 I hope.


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#26 2010-03-23 12:33:41

rvelices
Piwigo Team
2005-12-29
1960

Re: Piwigo 2.1 planning

plg wrote:

The features are "ready enough" for 2.1.0RC1. Last step is to make sure all strings have internationisation and are present in lang/en_UK/*.lang.php at least.

My current main task is:

1) to check all strings have i18n on my devs (I've asked nicolas and P@t to check also),
2) then fill lang/en_UK/*.lang.php
3) run tools/translation_analysis against 2.0 language files
4) communicate with translators to get their translation

RC1 should be available on 2010-03-26 I hope.

Do we have a way to see which language strings are defined but never used ?

Offline

 

#27 2010-03-23 13:07:31

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

rvelices wrote:

Do we have a way to see which language strings are defined but never used ?

I've coded a script this morning to detect the keys used in *.php and *.tpl but not defined in language files.

I will add the detection to find language keys defined but not used.

You're right, cleaning is a good idea :-)


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#28 2010-03-23 13:29:38

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

The main problem is that I can quite easily detect:

Code:

{'***'|translate}
l10n('***')
l10n_args('***',

BUT if the key is built dynamically, then it's much more complex to detect, of course:

Code:

$language_key = 'my language key';
l10n($language_key);

(just a trivial example, of course it's much more complex in the real code)


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#29 2010-05-10 22:51:40

plg
Piwigo Team
Nantes, France, Europe
2002-04-05
13180

Re: Piwigo 2.1 planning

I thought it could be possible to release Piwigo 2.1.0 today BUT after a discussion with P@t, I've decided to postpone release 2.1.0 to monday 17th May 2010 (1 week in the future).

The reason is : Automatic Upgrade. P@t is currently improving the [extension by P@t] Piwigo Auto Upgrade to let users jump from 2.0.x to 2.1.0 and forget about the heavy manual upgrade procedure.

I won't have much time to work on Piwigo at the end of the week, but I will prepare the launch as much as possible (release notes, newsletters, prepare page changes on the website...)


Latest blog post (November 9th 2018) Why Flickr could not remain free for ever

Offline

 

#30 2010-05-10 23:01:10

mediapuck
Member
usa till nov - then Austria
2010-04-23
54

Re: Piwigo 2.1 planning

just one simple question: will it be possible to upgrade from RC3 to the final release next monday? Or will I need a fresh install of 2.1?
Appreciate your feedback :)

Offline

 
  •  » Engine
  •  » Piwigo 2.1 planning

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact