securitylogging: Configurable hack-attack response behaviour

1 vote

Vote

Raised 0% of 36 credits
(36 credits = 6 hours or $248.93)

Composr will detect many hack-attacks, but there is scope for false positives:

1) Badly written bots which accidentally trigger suspicious URLs (e.g. appending full URLs as 'id' parameters by incorrectly composing URLs).

2) On rare occasion, bugs.

3) Past bugs getting stuck in search engine crawl…

Suggested by Chris Graham on 27th September 2018

core: More configurability of IP address session locking

3 votes

Vote

Raised 0% of 24 credits
(24 credits = 4 hours or $165.95)

Rather than having a global option about how sessions are restricted to IP address, make it configurable based on usergroup.

Possibilities (in decreasing order of security):
1) Check full IP
2) Check without last octet
3) Check same subnet
4) No check

A session would be restricted based on the hi…

Suggested by Chris Graham on 25th September 2018

core: Run the PHP codebase through PHP_CodeSniffer beautifier

2 votes

Vote

Raised 0% of 42 credits
(42 credits = 7 hours or $290.41)

Running the beautifier breaks easy merging so we need to take that into consideration. Sometimes reformatted spacing can make code harder to follow but we can fine tune the Code Sniffer config file to deal with that I think.

Attached is the rule set config file following coding standards agreed at https…

Suggested by Salman on 7th September 2018

msn: Support custom fields (catalogue-style fields)

0 votes

Vote

Raised 0% of 60 credits
(60 credits = 10 hours or $414.88)

Allow custom fields to work across MSN.

To do this we need to make most of the catalogues code MSN-aware, which is a lot of complexity.

Suggested by Chris Graham on 28th August 2018

core: Allow main_multi_content block to select by tag

1 vote

Vote

Raised 0% of 6 credits
(6 credits = 1 hour or $41.49)

Select all content by searching for use of a tag, rather than category.

Suggested by Chris Graham on 5th August 2018

themewizard: Multiple colours in Theme Wizard

1 vote

Vote

Raised 0% of 1,200 credits
(1,200 credits = 200 hours or $8,297.50)

Rather than having a single seed colour in our default theme, have 2 or 3 seed colours.

Suggested by Chris Graham on 5th August 2018

core_feedback_features: AJAXified posting

1 vote

Vote

Raised 0% of 18 credits
(18 credits = 3 hours or $124.46)

Allow the comments to be posted via AJAX, and then the topic display to update (probably a whole new display would be returned via the AJAX handler). Currently it requires a full page load.

Suggested by Chris Graham on 5th August 2018

core: New symbol to read metadata based on CMA hooks

1 vote

Vote

Raised 0% of 6 credits
(6 credits = 1 hour or $41.49)

Implement a new symbol that can read out metadata (e.g. title, or thumbnail URL) for any given content type and ID.

This allows catalogue templates to pull in more complex data about resources being referenced.

Make sure it doesn't crash if invalid parameters given, or if there's a failed lookup.…

Suggested by Chris Graham on 5th August 2018

core: Simplified category selection

1 vote

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $82.98)

If there is only one category then select it by default in a hidden field, don't even show a category selector.

This will need separately implementing for each CRUD module that has a category selector.

Suggested by Chris Graham on 5th August 2018

core: Breadcrumb takeover

1 vote

Vote

Raised 0% of 24 credits
(24 credits = 4 hours or $165.95)

Composr is a module-orientated CMS, meaning each module (galleries, news, etc) is a world of its own, with its own breadcrumb hierarchy. We want webmasters to be able to more easily override the native module-based breadcrumbs. Currently you need to use breadcrumbs.xml individually for any screen you're ch…

Suggested by Chris Graham on 4th August 2018