Difference between revisions of "User:Ryan52/old todo"

From FreekiWiki
Jump to navigation Jump to search
(add security stuff)
(clean a bit)
 
(341 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==o hai==
+
* some changes to the gizmo_events (using a hash, edit buttons, add on submit, etc) should be ported to the contact methods (and other line item types, if not already), if they aren't already
Because I don't like trac. I probably don't like any project management program for that matter. Using this because I loose TODO files on my system too easily. :p
+
** add the onsubmit thing for contact_methods as well
 
+
** add the line items edit link for payments and contact methods as well,  
==todo list==
+
** check the new line item type(s) I've added since then (it was just gizmoes, payments, and contact_methods)
===working on===
+
* get tests sane again
* vhost based routes for separating fgdb and library, and having a setup page. I'm working on this at a glaciers pace, but I'm still working on it.
+
** continuous integration is set up and working, but disabled until the tests work
 
+
* add onblur for the automatic line item completion thing (in addition to <TAB>, but only on the last element, I think)
===BLOCKERS for this release===
+
* skedjulnator
* fix the yellow bar showing up at weird times
+
** merging the customizations and defaults
* check table alignment for the gizmo event line items in all of the transactions. I think one of them got messed up with the last batch of changes.
+
* cleanup with the prefix in the line item js
 
+
* fix our plugins stuff
===things left for git===
+
** move them to their own git repos
* gitweb on devo (currently have it on my vps...)
+
*** submodule them in
* trac
+
** upgrade to the latest versions
* cruise control
+
** forward patches upstream, and hope that they apply the changes
* rewrite the commit email script -- it sucks
+
** monkey patch wherever possible
 
+
* reports over time:
===for next release===
+
** conditions
====the first part====
+
*** add OR support to conditions ... this will be invasive, probably
* small database changes (#573, #574, #576, #577, #547, #579)
+
* make it work with rails 2.2.2
* fix inflector bugs with newer rails version
+
* interface for adding contracts
* search by contract
+
* a way to disable contracts
* adding contracts and contacts to contracts
+
* validation is done on the submit button's onclick...why not the forms onsubmit?
* "power user" multiple systems per line item
+
** important if they submit with the enter button, I think
 +
* covered condition (extra)
 +
** so we can see either. we don't need side by side numbers at this point, but who knows???
 +
** maybe a graphing report
 
* security fixing
 
* security fixing
  - XSS (use ruby's h method from cgi.rb)
+
** CSRF (use rails' protect_from_forgery and verify methods)
  - CSRF (use rails' protect_from_forgery and verify methods)
+
*** Look at this: [http://github.com/emk/mephisto/commit/c500bf8e05c250d02672c30d079a0bdeb66f0569] looks really kewl!
  - check for SQL injection, we won't have to worry about this in most
+
** check for SQL injection, we won't have to worry about this in most places since we use active record, but the reports where we use SQL directly should be checked.
    places since we use active record, but the reports where we use
+
** [http://guides.rubyonrails.org/security.html Rails Security Guide]
    SQL directly should be checked.
+
** look closer at the XSS stuff (safe erb) -- I got a lot of em
====the second part====
+
*** the on_display stuff for contact searches is an XSS bug, sort of. regardless, it should be cleaned up.
* covered vs not covered
+
* remove cruft from that ajax helper thing
 
+
** lots of stuff in app/helpers/application.rb that's probably not used. if it is, it shouldn't be.
===should do soonish===
 
* fix library stuff
 
* make fgdb more secure
 
* improve version compatibility in printme
 
* settings page
 
 
 
===for a rainy day===
 
* get rid of duplicated data in code
 
- conditions stuff is all over the place
 
- permissions for various controllers are split between the sidebar and the controller itself
 
* fgss generic regexps
 
* move the vendor/plugins to their own submodules...maybe I shoulda done this first, since it's gonna get even more messy with the git bug...anyway, too late for that, whatever. I'll work it out :)
 
* work on library stuff
 
* reform the "what I did today" section to be a changelog of fgdb.rb. We should keep track of when what happens. maybe I'll move it to it's own page once it has something useful in it.
 
 
 
==="gift"===
 
likes this: http://wiki.debian.org/qa.debian.org/GiftTag
 
* reports over time
 
 
 
==what I did today==
 
===12/6/2008===
 
* cashiers tracking
 
* disbursements contracts integration (editing a system's contract, seeing it while disbursing, &c)
 
* fixed thin to restart better
 
* removed "fee discount" lines when editing. (#575)
 
* fixed printme's behavior with contracts to try to prevent user error as much
 
* show contract name on the printme reports, and on the gizmo reports
 
* fix editing a printme report with the contracts (through the GUI)
 
 
 
===12/5/2008===
 
* finished switching to git
 
 
 
===12/3/2008===
 
* setup this page
 
  
===11/28/08===
+
[[Category: Coders]][[Category: FGdb]]
* added base support for address based routing
 

Latest revision as of 02:01, 27 March 2010

  • some changes to the gizmo_events (using a hash, edit buttons, add on submit, etc) should be ported to the contact methods (and other line item types, if not already), if they aren't already
    • add the onsubmit thing for contact_methods as well
    • add the line items edit link for payments and contact methods as well,
    • check the new line item type(s) I've added since then (it was just gizmoes, payments, and contact_methods)
  • get tests sane again
    • continuous integration is set up and working, but disabled until the tests work
  • add onblur for the automatic line item completion thing (in addition to <TAB>, but only on the last element, I think)
  • skedjulnator
    • merging the customizations and defaults
  • cleanup with the prefix in the line item js
  • fix our plugins stuff
    • move them to their own git repos
      • submodule them in
    • upgrade to the latest versions
    • forward patches upstream, and hope that they apply the changes
    • monkey patch wherever possible
  • reports over time:
    • conditions
      • add OR support to conditions ... this will be invasive, probably
  • make it work with rails 2.2.2
  • interface for adding contracts
  • a way to disable contracts
  • validation is done on the submit button's onclick...why not the forms onsubmit?
    • important if they submit with the enter button, I think
  • covered condition (extra)
    • so we can see either. we don't need side by side numbers at this point, but who knows???
    • maybe a graphing report
  • security fixing
    • CSRF (use rails' protect_from_forgery and verify methods)
      • Look at this: [1] looks really kewl!
    • check for SQL injection, we won't have to worry about this in most places since we use active record, but the reports where we use SQL directly should be checked.
    • Rails Security Guide
    • look closer at the XSS stuff (safe erb) -- I got a lot of em
      • the on_display stuff for contact searches is an XSS bug, sort of. regardless, it should be cleaned up.
  • remove cruft from that ajax helper thing
    • lots of stuff in app/helpers/application.rb that's probably not used. if it is, it shouldn't be.
Retrieved from "http://wiki.freegeek.org/index.php?title=User:Ryan52/old_todo&oldid=48001"