A tool for person identification, based on wikipedia's person data.
torstenroeder / zefiro Goto Github PK
View Code? Open in Web Editor NEWSmall Content Management Framework in PHP/MySQL
License: GNU Lesser General Public License v3.0
Small Content Management Framework in PHP/MySQL
License: GNU Lesser General Public License v3.0
Create a generic search full text search index which can be filled with data by an individual zefiro project.
Search form fields required (simple variant):
Database fields required:
Other functions required:
Prepared statements should be used also in autocomplete.php, can you implement that?
Commit 9ffbc8d introduced some bugs by
Additionally, we might want work against HTML injection / CWE-79 Type 2: Stored XSS (or Persistent), dependent on whether the CMS defines the database contents as HTML or not and which promises it wants to make to its users.
$row->{$matches[2]}
should be probably be htmlspecialchars($row->{$matches[2]},ENT_HTML5)
Please always use prepared statements instead of self-made string-concatenation to guard against SQL injection. Prepared statements are the only easy way to check and prove that no injection is possible.
Currently, permission is checked in each PHP file separately, i.e. if a user opens z_log
for example, $dbi->requireUserPermission ('admin')
is executed.
This makes auditing and managing groups, permission and access unnecessarily hard.
ListType and StringType constructors are invoked with argument despite they take none in layout.php#L78 and layout.php#L88
Does the CMS provide a function to HTML-escape a string?
E.g. >
--> >
How would you display results from database queries?
Entry points für: (1) Zefiro-Basisfunktionen (Nutzerverwaltung etc), Skripte in ein Subverzeichnis; (2) projektbezogene Skripte, die alle in einem Unterverzeichnis im Custom-Ordner liegen. Dort kann ggf. schon Parameterprüfung und -filterung stattfinden. In der Folge ist dann leichter zu trennen zwischen allgemeinen und spezifischen Skripten.
Momentan fehlt eine Menüleiste. Es wäre ohnehin schön, die einzelnen Layout-Elemente in einer Objekthierarchie zu bringen (Breadcrumbs, Menüleiste, Optionen, Content, Barline, whatever).
rename Z_ to D_ to distinguish zefiro system constants (Z) to dictionary constants (D). otherwise this causes confusion and/or minor bugs.
Mail-Benachrichtigung und Passwortzurücksetzen implementieren.
Ein Policy/Aufgaben-Management wäre angebracht ...
Bei Verwendung mehrerer Instanzen auf einem Client kann es zu Verwirrungen kommen (z.B. plötzlicher Logout), da die Flotilla-Session immer gleich benannt ist.
Für Datenbank-Zeilen, die gerade bearbeitet werden, sollte ein LOCK gesetzt werden (mit Timeout?) oder ein Hinweis eingeblendet werden.
Some constants aren't defined in the default config, nor is there a hint that they should be defined.
Currently there is a global configuration variable Z_LIST_ROWS_PAGE
defining the number of entries per page. However, this is a matter of taste and can be probably easily supported for each user or request individually. This is how it is done in MediaWiki.
New template engine required (object-oriented).
Die Template-Logik sollte so umgestickt werden, dass sie als selbständiges Modul (ähnlich Flotilla) eingebunden werden kann.
Could we make the log in page show a green check mark with a text "You are logged in as ..." when the user is logged in and hide the log in form?
after editing a textblock, user is redirected to an error page, bc textblocks list page required system privileges.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.