core_webstandards: Different colours for different kinds of warning

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

Currently everything is red.

It would be better to properly define a system of different levels: errors, warnings, notices. And each would get a different colour.

Suggested by Chris Graham on 27th October 2018

core: Defaults for most required fields (idea staging issue)

0 votes

Vote

Raised 0% of 48 credits
(48 credits = 8 hours or $337.02)

I just skim-read an interesting article about how required fields should be considered bad:
https://prismic.io/blog/required-fields

It's a polemic, but it makes you think some unchecked assumptions.

For example, on a news article, should the title really be manually entered for every article you pos…

Suggested by Chris Graham on 12th November 2018

core: Block copy & pasting into confirm fields

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

When confirming your password of email address, ideally a user would not be allowed to copy and paste it - they must type manually, for maximum verification.

Suggested by Chris Graham on 21st November 2018

core: stale-while-revalidate

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

Chrome is implementing stale-while-revalidate cache-control (showing an old cached resource until the new one has downloaded).

https://www.chromestatus.com/feature/5050913014153216

This would be great in many areas of Composr, e.g. making admin navigation super-fast (we'd want to make sure that the c…

Suggested by Chris Graham on 11th December 2018

news: side_news_archive block pagination

0 votes

Vote

Raised 0% of 6 credits
(6 credits = 1 hour or $42.13)

Currently the month links in the side_news_archive block just jump deep into the pagination at the appropriate spot. They don't put a block on subsequent news articles showing up that were earlier than the time period, or going back through the pagination to ones that are newer.

We do already pass month…

Suggested by Chris Graham on 12th December 2018

core_cns: Search HaveIBeenPwned database

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

Use the HaveIBeenPwned API to check is a password has been breached.

https://haveibeenpwned.com/API/v2#PwnedPasswords

We just send the first 5 characters of the sha1 hash of the new password, and get all suffixes that are pwned. We then see if any of these exactly match the sha1 hash of the new passw…

Suggested by Chris Graham on 31st December 2018

core_cns: Redirect to where you were after validating e-mail address

0 votes

Vote

Raised 0% of 6 credits
(6 credits = 1 hour or $42.13)

It's annoying when signing up to a site, and it not taking you back to where you were.
Composr will do that redirect, except when e-mail address validation isn't enabled. If e-mail address validation is enabled then the join process stops after submitting the form, and then it will just give you a "succes…

Suggested by Chris Graham on 20th January 2019

core: Automatic image resizing with download-associated-media option

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

Change the download checkbox to a list of 4 options:

1) Leave remote media as remote
2) Download all remote media and limit maximum size to <configured maximum image size setting>
3) Download all remote media smaller than <configured maximum image size setting> and leave the rest as remote
4) Downloa…

Suggested by Chris Graham on 20th February 2019

core_database_drivers: Support upsert on non-MySQL backends (Make use of MySQL REPLACE INTO syntax)

0 votes

Vote

Raised 0% of 18 credits
(18 credits = 3 hours or $126.38)

put_into_cache and set_value are both highly trafficed functions that do a query_delete (DELETE FROM) followed by a query_insert (INSERT INTO). These cases could be single REPLACE INTO calls in MySQL.

The ideal solution would be to extend the insert_into method to change $fail_ok to take constants QUERY…

Suggested by Chris Graham on 22nd February 2019

core: Support DNS entries in backdoor_ip, and multiple values

0 votes

Vote

Raised 0% of 12 credits
(12 credits = 2 hours or $84.12)

Allow DNS entries, and multiple values, in the backdoor_ip setting.

DNS queries may be better due to dyndns, while users often aren't truly on static IPs, or may want a working backdoor as they move locations. As for security improvement: this is debatable as there are such things as DNS-poisoning attac…

Suggested by Chris Graham on 5th March 2019