dimayakovlev / getsimple-extended-cms Goto Github PK

User input stored in pages XML files filtered by calling:

filter_var($string, FILTER_SANITIZE_FULL_SPECIAL_CHARS);

1. On output there is the problem with double encode HTML symbols. To fix this needs to review security, template and theme functions. To preserve problems with output of not filtered or filtered differently strings call one of two:

   • <?php echo filter_var($string, FILTER_SANITIZE_FULL_SPECIAL_CHARS); ?>;
   • <?php echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8', false); ?>;

2. Since HTML symbols stored encoded and on save applied function xss_clean(), there are no problems with tags in title, description and menu. Encoded symbols '<' and '>' will not be treated as HTML tags and will not broke anything in page but will not limit user with writing content. Anyway on output tags can be removed with function strip_tags().

All those changes needs to be tested well.

Auto opening metadata and component windows after save page.

State of windows can be stored in cookies or in page file.

Save application version in XML attribute for pages, users profiles and website data.

To enable Page Component uncomment # define('GSPAGECOMPONENT', true); in gsconfig.php.

Needs to review plugin_function.php and change way of registering jQuery, jQuery UI and Fancybox.

These pages has header and footer sections that's not used. They are just empty.

So are any reasons to keep them?

Use / instead of global Pretty URL's pattern or individual Pretty URL's pattern defined by user for index page.

In function XMLsave() XML string formatted before execution filter xmlsave. To preserve formatted XML string function formatXmlString() must be called after filter.

Image can be used in template or while sharing page other social media.

Menu Manager remove CDATA while update pages files.

Maybe add special type of pages with components and not enabling components for all pages.

Add button to close notification

If user want to disable HTML or Code editor while edit some pages, it must disable editors globally. Nice to have option to disable editors on page level.

This can be an option or shortcode.

Administrative panel is usable on devices with screens width more than 960px + scrollbar + browser borders.

Have no plans yet to adapt Administrative panel for mobiles but want to make it wider on desktops.

There are different PHP Warnings in DEBUG MODE. Need to check and fix.

Data for 403, 404 and 503 error pages are loading from special XML files stored in GSDATAOTHERPATH without redirecting to standard pages. Enabling GSCANONICAL causes redirection to 403, 404 and 503 pages.

If a page has been deleted, children pages have a non-existent parent page. All of this children pages will not be shown in table of pages. This can be fixed by changing parent page for children pages on page deletion.

New actions:

• page-clone - executed if page data file copied successfully, after modifying cloned page object;
• page-clone-success - executed if cloned page object saved successfully to cloned page data file;
• page-clone-error - executed if error acquired while page cloning.

Need a function to get parents pages with fields data. Like getChildrenMulti() for children pages.

On cloning page needs to update data page fields author, publisher, creDate and attributes revisionNumber, appName and appVersion.

Create child page with one click from the Page Management.

Use changedata.php as one point to save submitted data.

Remove call of the function cdn_fallback() from the function get_scripts_backend().

Not every theme use jQuery and jQuery UI.

Will be better if theme developer implement CDN fallback by itself or set own CDN URLs for jQuery and jQuery UI in $GS_script_assets and after that call cdn_fallback().

For each page in the file pages.xml there are fields url and slug. In these fields stored ids of pages. Better to use field url to store result of find_url() function.

Add "Not published" page status. Page will be not available for all type of users.

Add button to the list of pages to create copy of page without opening it in the editor.

Select file template.php in dropdown list #theme-files on changing theme to edit.

If private pages highlighted with color in list, they attract user's attention.

Return of function find_url() compared with $_SERVER['REQUEST_URI']. If requested URL contains query string client redirected to URL formed by function find_url().

User can only edit files with lowercase extensions.

Change links in administration panel to this repository and wiki.

Option can be available on Settings page or in gsconfig.php.

Get ERR_TOO_MANY_REDIRECTS running GetSimple Extended CMS on the PHP Development Server on the Microsoft Windows with GSCANONICAL setting enabled.

There is no issue with PHP Development Server on Linux. So problem in function find_url(), because dirname from pathinfo() contains backslashes on Microsoft Windows witch don't replaced.

$_SERVER['REQUEST_URI']: "/index.php?id=test-page"
find_url('test-page', false): "\/index.php?test-page"

This happens because .header .wrapper has fixed height 95px. Need to be fixed.

Need to change text for count of pages, plugins, archives, backups and uploads to improve translation quality.

Save time of last changes in website pages and settings in website.xml file.

PHP Development Server can be used while develop website but it doesn't work with Pretty URLs. So Pretty URLs can be disabled automatically, no need to change settings manually.

Idea taken from Shawn's plugin sa hook components.

To enable execution Components on actions do:

1. uncomment define('GSCOMPONENTACTION', true); in gsconfig.php file;
2. create component named like action_action-name where action-name is the name of target action;
3. enable component and save.

Needs to fix notice for max file size

If Fancy URLs option enable user can set custom permalink structure on page level to overwrite global website setting.

Data can be stored in page field permalink.

There are two ways:

1. create separated page for user settings;
2. create two independent forms on website settings page.

Address gh-11.

Need to think about implementation.

New supported tokens can be:

• %parents% - list all parents of the page;
• %lang% - language of the page;
• %year%, %month%, %day% - values from page creation date.

Adding more tokens needs performance optimization. So good to store pages urls in cache.

Use <p class="backuplink"></p> as on edit.php but no backup link.

Need to reduce number of colors and remove inline styles from elements.