ZeroBin todo/ideas list
Lots of things:
Add syntax coloring Add a rate limiter (1 post every 10 seconds max)
- Add configuration file support:
- Time between 2 posts (currently: 10 seconds)
- Disable rate limiting
- Max post size (currently: 2 Mb)
- Enable/disable discussion system (currently: enabled)
- Enable/disable Vizhash
Add size limiter (2 Mb max, configurable)
- Add storage limiter (configurable)
Add paste expiration (none, 10 minutes, 1 hour, 1 day, 1 month)
- Overall security checks
Support magic_quotes Use RainTPL Polish look & feel(or not ?) Add version display Add automatic data directory creation Cluster files by first letter or second letter to speed up directory lookup (like Squid does for its cache).
- Add word wrap checkbox on viewer.
- In client, check entropy of the message to be sent (to prevent failures of encryption) ?
- ZeroBinLink ? (other ZeroBins can be registered in a ZeroBin. If a paste is not available, the ZeroBin forwards/redirects the request to another ZeroBins, passing the previously tried zerobins hosts. This way, you can still find a paste if it's still present somewhere in another ZeroBin). EDIT:mmm… cannot work right now. The ID of the paste should be a hash of the encrypted data for this to work, and the user should be able to post to several ZeroBins with the same key, which is not possible right now (except if the multi-paste feature is implemented).
- Multi-pastes ? (Paste automatically to several ZeroBins ?) (This could be an option on each ZeroBin which can be enabled/disable by the admin)
Add log Prevent paste overwriting if the id already exists (required for Multi-pastes) Automatically Add .htaccess in data directory Fix expiry selection display bug in Opera (the bug does not appear in Firefox, Chrome and Safari) Change the slogan to "Because ignorance is bliss" (cf. Wiktionary) Automatically add the trailing '=' on key in URL if it is missing. If the key is entirely missing (no anchor), display a message stating clearly that the key is missing (because some redirectors like anonym.to strip the anchor part). Make it work in IE. Add a notice if client is using IE. Correct missing gradients in Opera. Check under IE 6, 7 and 8. Check under IE 9. Re-test with other browsers. Prevent pasting if textarea is empty. Added link to URL shortening service (snipurl.com)
- Add password-protected pastes: if the url only contains #password, ask for the password and derive the key from it with pkcs.
- If key not present in url, display error message as now, but propose password entry.
- Make better mobile CSS.
Try to autodetect syntax ? (using keyword ?)done (by highlight.js in 0.17) Automatically convert urls to clickable links (using rel=nofollow).
- mask http referer if possible.
- Never automatically redirect. No file embeding, no non-escaped html (no pastehtml)
Use David F. design and add combos: expiration, syntax, password.I chose to use my own design.
- add encrypted meta saving to server (title, creation date, syntax…)
auto-select resulting link to ease copy-paste.done (0.17) add raw text display ?
- add paste download ?
add one level of directory depth for file storage to support higher loads.
- Auto-save (html5 local storage) every 20 sec. the paste beeing edited ? (could be bad for privacy)
Cut added paramters (after '&') (for stupid services which add(done in alpha 0.11)
&utm_source=…AFTER the anchor. Doh.)
Add checks on server side (make sure only 3 keys (iv,salt,ct) are present in posted data ; Make sure iv and salt have the correct size, etc.)done (0.12 alpha)
- Display data hash (sha256 and human-readable hash (such as inspired by this))
- Should ZeroBin switch to http://code.google.com/p/crypto-js/ ? Or be able to use both ?
- Purge old entries in the trafic limiter (trafic_limiter.php)
- Make a web task which can be scheduled to purge expired pastes which have not been deleted by a visit.
- Switch shit code to POO.
Implement the awesome new secret featuredone (0.12 alpha : Discussions !)
- Replace sjcl.encrypt() with use sjcl.cipher() ? (Not recommended by SJCL devs.)
Shouldn't the salt in SJCL be different in each encrypted message ?No, it's ok to have the same salt with the same password as long as the iv changes.
- How does SJCL checks the validity of the password/key ? → investigate.
- Add polling in discussions (refresh comments from json data).
- See if the whole
- Implement real-time expiration display in pastes (so that you don't have to refresh the page).
Add "Burn after reading" option when creating a paste (The paste will be destroyed the first time it is read.)done. Move trafic limiter file to data directory (easier for rights management).done. Check if GD is installed (done (0.14 alpha)
if function_exists('gd_info') …)
Embed external services ? (eg. YouTube link ⇒ embed YouTube video ; Add other services ; For service which have not official embeding system, use an iframe ?)No. External websites would know who read a paste, when, and from which IP using the HTTP_REFERER.
Expiration: Add 5 minutes, 1 week.done (0.17) Remove button to URL shortening service.done. (0.16 alpha) Add a "delete" link (Delete token could be a HMAC of pasteID with the secret salt of server).done (0.17 alpha)
- Add translations
Make "Burn after reading" a checkbox. Reason: Prevent a read-once paste to float on the net, unread, for an unlimited time.
- See if syntax coloring works better with Google Code Prettify.
php/zerobin_todo.txt · Dernière modification : 2014/07/12 12:26 de 127.0.0.1