radicalmilitantlibrary / www Goto Github PK

With prepared statement for Postgres?

• PDO
• pq_prepare might be easier to implement

alternative:

• ORM, use a framework

using ORM / prepared stamements for all queries, done for:

• …
• …
• …

close on: all queries to db are using prepared statements or have a convincing reason documented why not.

as some clients do not properly consider the header for filename

• create (or just rename) file under a proper name besides changing the filename in header

adressing #10

I suggest to hold different parts (or even implementations) of the project in separate repositories besides to make it possible to organize rights management.

Make an "empty" button. Like "all" in subject

Details at OWASP.

@HOSTERS: consider to not allow any connection to clearnet from onion service as it should be reachable via overlay only; separate systematically to limit the impact of further vulnerabilities.

• limit user name length
• and alphabet on validation
• replace usage of handle by id everywhere other than output, best generate handle via id

no user input on system calls (e.g. file operations such as pack, unpack, move after upload, …)

• replace avatar image filename with users id
• replace handle in cookie with id
• … upcoming

best for each element that could be used for styling in the recent templates

• pictures
• footnotes

addressing #10

to filter it out on each generation … is maybe the wrong end.

We need better/more/ANY community features, a forum seems like a good start.

keep it simple, for simple books

might be interesting for books where referencing book sides is a common use case (OER).

source: http://www.idpf.org/accessibility/guidelines/content/xhtml/pagenum.php

should be used to have a paragraph type where the content is just page number

for types we may think of

• arabic
• roman
• letter

and a class should be added so those numbers must not be shown in a regular ebook view but be addressable with the navigation

addressing #10

As it would be nice to have sources remaining for faster editing and re-upload #21

Quite some Markdown parsers exist; a comparison: https://github.com/naga3/markdown-comparison

• For now the winner seems to be: https://github.com/erusev/parsedown
• import to RML
• use to display sources for #8

as menstioned in #13 and #22 there could be a public page about a user.

• public when activated (opt-in) or by publishing book with attribution (optional, means "Anonymous" is standard to the public)
• shows contact data (optional)
• shows public actions (such as comments, publications)

a book can be committed from a librarian right now, but mainly for the manual a change happens outside of the box, so when #8 is possible (also in support of man#8) we could just pull in an approved revision (e.g. by an appointed maintainer rather than the original librarian)

maybe also other books reside as opendocument somewhere else in future after #47 got in and mirroring ( #21 ) is in practice

needs

• recognize remote origin as another metadata option (maybe on colophon as there are some examples already)
• new action for a "maintainer" role (fallback on submitting librarian)
• new book maintainer role, might fallback on subject maintainers
• message to maintainers if remote origin changed (to sth. like getmaintainers(docid) or getdoc(id)[maintainers])

right now italic works fine but bold, underlines, teletype and others also become italic?!
(tested on document 1174 sequence 11 section 1)

@Jotunbane any rason? or do I get things wrong?

• seems the substitution wringfully make everything italic for now instead only <text:span text:style-name="Emphasis">. should be possible to fix with $xml->xpath()
• and custom styles on character lever could be defined in the template just like the paragraph styles where done.

todo:

• limit italic to <text:span text:style-name="Emphasis"> (prepared)
• fix bold for <text:span text:style-name="Strong_20_Emphasis"> (prepared)
• implement source (inline) for <text:span text:style-name="Source_20_Text"> (prepared)
• implement underlined for e.g. <text:span text:style-name="underlined"> (custom)
• implement underlined-double for e.g. <text:span text:style-name="underlined-double"> (custom)
• implement strike-through for e.g. <text:span text:style-name="strike-through"> (custom)
• implement blackened for e.g. <text:span text:style-name="blackened"> (custom)
• implement smallcaps for e.g. <text:span text:style-name="smallcaps"> (custom)
• others needed?

unfortunately there is no inter-operable option for authenticated feeds, so they have to be either public or off for e.g. personal lists

• it could be done with random token but that is public as soon as the connection request is leaked

todo:

• implement or find a solution for RSS
• utilize new functionality for news
• book feed
• maybe identify more use-cases

other sites might pull in the books published here although still changes for errors or some additional feature as indices might be added

but downloading everything all the time doesnt help much nor does scraping the whole index unless there is metadata ( #20 ) about last change

but having a header with checksum would as well we useful

if there is some newsticker like #80 for books, this could be handy there as well.

addressing #10

For multi language support, clearer code structure and performance add some kind of MVC Structure, suggestions are Smarty Templating or something even simpler.

#related to #24

Discuss :)

The main part of the code is licensed under GPL v2
some minor parts might change license/version depending on their authors.
Contributors have to agree to publish under these terms.

• make contact editable
• keep it optional

adressing #10

I am missing some structure information of the database. Can you please dump the CREATE TABLE statements with some dummy data (sample user, sample admin, sample book etc) ?

• one user began book A some time ago but did not publish/finish yet
• another user does the same book meanwhile
• new: after publishing the moderator/admin shall be shown books like the one reviewing (on page /?document=view )
• new: checkbox-option (on page /?document=view ) to "mark" a (recognized unfinished) double to be "seized" (merged); e.g. same author or title similar
• new: checked ones will be shown in editable comparison for metadata, cover etc.
• new: merge-option: unfinished book data is cleared and reset to "please use this document for another book" + link for reference and contact

addressing #10

• dropdown for protocol (such as xmpp, bitmessage, email, irc, ...)
• check on format for protocol
• visibility (default: off)
• selective appearance (e.g. as editor in books, on profile signed in users, on profile for public, ...)

adressing #10

problem: maintainer of a subject misses book and cannot be blamed for it

maintainers do not login each day and might not see their work

ideas:

• more maintainers on a subject
• optional contact notification (e.g. email)
• inform the user about the book being in hands of $maintainer
• inform admin when book was published some $time ago but no review took place (e.g. $time > 7 days)

addressing #10

For an easy start or even optimizations for different DBMS

As of now the library runs on Postgres

for the reason of small memory or just better portability some people might prefer to have the ebook without the pictures included

• provide download-option without pictures
• compress or convert pictures depending on profile settings (e.g. ereader, picture-format, max. dimension)

addressing #10

there is quite some issues on gitlab already that might be outdated and thus need validation

To connect the DB and keep the state for queriecounter, size etc. a singleton might be the right choice.

ToDo: in RML.database.php as a class and then use everyquere else for calling SQL.

result: no more global for those state needed, connection also available as global without an explicit variable.

Maybe there are better solutions?

Just as PaulPetring mentioned it in #32 - Would be nice for some people to not have not only English books but also not solely English text on the site. Translation work is not so much it seems. But the Code is not really fit for adopting some translated template or bunch of constants.

There are other languages for books than English, just no possibility to look for a certain language.
(languages used already: DA, DE, EN, FR, IT, NL, NO, PL, SE)

Would be nice to have this in different places, such as

• Authors
• Subjects
• Portal
• Search
• Librarians

Also the same book could be

• grouped by a bookid with its translations

steps

• add a DB table for language codes (done: db:65e593a56c99df999cdcb8cceb8f37f600178417)
• add language codes data to db-repo, pr:db:96e4d42f3e6b57901cf599584c42e63a80f11670
• alter queries etc. for language (done: www:3644c3d439a68dc02ab4e039908f6566fc362939)
• tbd …

some books have to be uploaded several times, this would be nice to know when a new version comes up.

also: allows readers to be informed about an update or maybe even being notified about.

• lastchange
• cnt_changed

addressing #10

have bibtex (and later maybe other formats) file for citation at hand

• implement or find solution for bibtex output
• maybe restructure db for easier access to data (maybe even add data such as for format to distinguish between books, articles etc.)
• apply for books using the colophon data (delimiter ":", data[] = {Language, First Published, ISBN, Series, Number}) combined with book metadata = {title, subtitle, author.fullname}
• query db for lists table (should be in the same query as for the docs )

the uploads directory seems to be empty

@Jotunbane are the uploaded books of the past available as backup/odt still?

e.g. I also did not save every file I did. for testing or mirrors these files could be important.

@vv01f do you hold maybe some copies of those?

any file upload should be validated as good as possible to prevent errors resulting of corrupted content.

on image formats

• avatar upload (enable list of web image formats)
• document upload (enable supported filetypes)
• book cover (enable list of web image formats and maybe convert to jpeg as EPUB readers might not support much else)
• images in books (same as for the cover)

on image size

• validate size of avatars to 96x96 or rescale and cut in suare
• validate size of covers to 400-600x800 or rescale to height and cut horizontally
• validate size of images in books to max 1000 each side or scale down

Use "svg" image title and desc in documents, e.g. for alt and title

addressing #10

There should be some guides on that for PHP I guess.

at: ?subject=view you should be offered subjects that do not have a maintainer or are reviewed rarely

• condition: you published three books for the subject
• idea: 2nd or 3rd maintainer of a subject will be nice to review faster + more interaction onsite

addressing #10

e.g. in case illustrations are not embedded but just linked the ToC doesnt show up after upload but no error message is given for the obviously missing content. In general error should be displayed and tested for regularly.

collected ERROR/WARNING/NOTICE missing for now:

• ERROR: picture only linked, not embedded, thus picture is missing
• svg title or desc is given and not yet ignored (better use or ignore it and give NOTICE how it was handled)
• submit more of the kind on this issue; reopen when closed and new ones appear

addressing #10

we may have a book without pictures but then old captions - for now realized with other paragraph styles - will remain useless

we need

• proper paragraph styles for captions that apply to the next (it may be over/under) "box", "picture" or object alike we might have implemented in future
• either separated or as a single one that is taken semantically right (problem: 2 pictures/objects in a row)
• or solve with an enironment around the object

addressing #10

The drop down is getting silly

someone managed to find a way to change or delete not only his own avatar but those of all users.

• find the way(s) this is possible
• provide a fix or solution to the problem

for making it easy to start testing a local copy

are replaced wrongfully, e.g. &section= as a part of an url results in §ion=.

as there is a change once in a while, why not just add images instead of update :)

maybe a randomized result for this?

• dedicated function for that picture
• upload all variants (e.g. about-1.jpg ... ) @Jotunbane :) plz
• list directory and count all about*.jpg
• return image path by method
• test before deployment

for fixing problems with images or xml it would be nice to see have the pictures included in a book on a view for easier testing, also some people may just want to have a look on pictures and not search the whole text.

you may call it an index for illustrations as well

addressing #10

• copy() instead of exec("cp…")
• check if file operation was successful
• replace all problematical characters (e.g. preg_replace("/[^0-9a-zA-Z\-\_\.]/", "", $str) for not allowing anything in filenames that does not belong there)
  …

Some people still prefer paper or just do not own an ereader yet...

• use the provided ISBN to link to e.g. http://www.isbnsearch.org/isbn/9781784784966

adressing #10

new functionality needed to resize in other ways and determine properties.

• cropSquare( $p1, $a ) e.g. for Avatar that needs to be square: cropSquare( array(0,0), 96 )
• cropRect( $p1, $p2 ) e.g. for Avatar that needs to be square: cropSquare( array(0,0), array(23,42) )
• cropCircle( $m, $r) - e.g. to add effect on a avatar: cropCircle( array(48,48), 48)
• getMimeType() to enable more and validate image types e.g. for avatars
  • additionally check with mime_content_type
  • replace getimagesize with faster exif_imagetype where possible
• dropEXIF() to get rid of any possible hideous or malicious content for the service
• getEXIF() to read ``
• setEXIF($e) to set
• fixOrientation
• …

@Jotunbane

• db-problem was addressed by you
• also the same URL twice