Gallery2:2.2 Release Blockers

Release Blockers

Gallery 2.2 has been released on March 17th, 2007.

Nice to have

Bug: Upload applet loses credentials

See bug 1564288

Owner: ?

Status: theory is that applet is not handling our GALLERYSID=; cookie that we send back as part of our cookie regeneration policy. bharat has not been able to reproduce it with 2.2

Bug: mysql conversion to UTF-8 deletes data during upgrade

• See: 1593272
• Unknown reproduce case
• Unknown fix (don't know how to detect different cases)

Owner: ?

Status: no fix in sight

Tested browser compatibility

See the browser compatibility matrix

Owner: mindless (lead), everyone

Status: 60%, need more helping hands

Task: Disable Advanced features via Emergency page in lib/support/

• See sf.net task "Disable Advanced Features via lib/support"
• Priority lowered: auth-token check has been disabled if maintenance mode enabled -> users have more control again in case of emergency.

Owner: ?

Status: not started yet

Bug: Auth-Token may not work with IIS/6.0

See bug 1612647

• We tested now IIS/6.0 with core 1.1.25 and it works fine
• Another IIS/6.0 user with an almost identical setup reports the auth token issues.
• It's a PHP-CGI/IIS issue. Microsoft doesn't offer support for that combination and asks users to migrate to FastCGI.

Owner: ?, valiant

Status: current resolution: Add known issue in readme. would be great to avoid though.

Bug: Latest Comments thumbnail popups obstruct mouse clicks

• See: 1632693
• likely problem with yahoo UI

Owner: Bharat, mindless

Status: added maxSize to control max size of the overlay images. Reassessing after YUI! upgrade after G2.2.

Bug: WebDAV: Verify charset conversion for input data

• See sf.net bug 1620028
  • I managed to get and set a property encoded with UTF-8, however when I set my terminal to Big5 encoding, the property didn't display correctly. I'm learning about character encoding as I go, so I'm not sure whether the problem is the WebDAV module, the WebDAV client (cadaver) or the terminal emulator. Suggestions for debugging this welcome! I'll continue working on it...
• Update: Since we're legalizing paths at the beginning of the request, titles of albums/items have now legalized names and not the name of the initial path. This is different from the behavior of other add item methods. --Valiant 09:54, 4 March 2007 (PST) (fixed)

Owner: jablko, valiant

Status: most things seem to work, deprioritizing this task

PHP-gettext

Implement a PHP-based gettext fallback solution. Either based on php-gettext or on a custom solution for G2.

Owner: Joe7

Status: Tests, profiling done. One thing we can consider w/o much performance loss compared to gettext: Our own php based gettext solution WITH compiled-template based translated strings. This can be achieved with smarty for strings in .tpl files easily (it is already implemented on my dev install!) but we need to move none-tpl based strings into 'tpl-like format' too, or otherwise performance isn't satisfying.

Idea: We could create a ~strings.tpl with strings from none-tpl files and process that through smarty.

Fixing more of the small security improvements

The list of small, uncritical things that could be improved is rather long. If someone can't work on the blockers, security or G2 tasks from sf.net are a good thing to work on.

Owner: -

Status: not started yet

Usability Improvements

Owner: virshu

Status: looks like there are no further improvements for G2.2

Larger Varchar fields for DB2

• We need 4x the size for DB2 varchar fields (multibyte issue).
• e.g. ALTER TABLE tblname ALTER COLUMN colname SET DATA TYPE VARCHAR(1020);
• Requires DB2-only DB upgrade code (and generate-sql.php change)

Owner: birdman, valiant

Status: not started yet

Finished Tasks

Cleaning page level cache is expensive

See bug 1571585

Owner: michiel1981

Status: Done

Minimum MSSQL version

Add "(version XXX or newer)" in the list of databases in the DB step of the installer. All other dbs list a minumum version here.

Analyze tables on upgrade

See task 131369

• Problems arised, rolled back code

Owner: virshu, valiant

Status: done

Figure out flash licensing

We need to add the .fla to our svn repository and figure out whether we can include the .swf in G2 (GPL). Looks good.

Owner: suprsidr, valiant

Status: done, .swf included. Should be fine.

Bug: GalleryTemplate::preFilter mangles emails

See bug 1595525

Owner: mindless

Status: done

Find solution for MSSQL and UTF-8

MSSQL doesn't support UTF-8. We'll opt for using COM's UTF-8 <-> UCS-2 transliteration. It will cover most use cases, but it's weaker than the other DBMS alternatives of G2 since UCS-2 is a locale-dependent 2-byte charset. UTF-8 is much bigger and not locale-dependent.

• Added $db->charPage = CP_UTF8; in GalleryStorage::_getConnection before connect call
• Documented the limitations at MSSQL / G2 docs
• See: http://ch2.php.net/manual/de/class.com.php, http://bugs.php.net/bug.php?id=18169, http://www.phpfreaks.com/forums/index.php?topic=111059.msg452850, http://www.thescripts.com/forum/thread79929.html

Owner: Larry, valiant, h0bbel

Status: done

Bug: hybrid theme slightly broken in IE7

See bug 1591345

Owner: mindless, valiant

Status: fixed, verification pending

Security tasks

Tasks based on security assessment / report from valiant.

• All tasks are done and related usability issues should be resolved

Owners: Bharat, valiant, mindless

Status: all tasks done

Bug: Failed upgrades when doing 1.0 -> 1.2 (core)

See bug 1588211

Owner: ?

Status: bug closed, insufficient information

Bug: captcha lacks a keyword

See bug 1558406

Owner: bharat

Status: fixed

Bug: Need warning if JavaScript is disabled

• See bug 1607940
• Pages like "site admin" -> "Plugins" need a warning that JavaScript needs to be enabled.

Owner: Zimzat

Status: added

Page level caching not supported when embedded

See bug 1579951

Owner: valiant

Status: added

Bug: Wrong parent-sequence stored in breadcrumRootId / multiroot mode

• See bug 1596043
• When using the config param breadcrumRootId, the wrong parent sequence is stored if an item is added

Owner: mindless

Status: fixed

Bug: DP Scanning of plugins can fail too easily

See bug 1606476

Owner: valiant, Bharat

Status: fixed

Bug: Webdav tests failing

• Bug: testLockUnlock fails with DB locking. "$expires = time() + 10;" is not used in case of DB locking, thus "Seconds-10" is "Seconds-30" in that case.
• mindless reports 5 failing webdav tests

Owner: jablko, mindless

Status: fixed

Bug: httpauth: add php-cgi support

• Bug: httpauth doesn't work with php-cgi yet and there's an error message in the site admin page that says you need to enable a rewrite rule that doesn't exist yet. we should either fix it for g2.2 or change that messaage ASAP (before our translators waste their time on a message that will change).

Owner: jablko, valiant

Status: fixed

Webdav: Show configuration instructions on admin page

• Show "rewrite configuration required" message in admin page if not all rewrite rules are active and if built-in tests show that it's not working correctly

Owner: jablko, valiant

Status: fixed

Bug: WebDAV: Needs PHP XML configuration check

• See sf.net bug 1619025

Owner: jablko

Status: fixed

Bug: WebDAV: Does not work with Windows XP DAV client

• See sf.net bug 1618982

Owner: jablko, valiant

Status: diagnosed

Bug: WebDAV: Security: Whitelist for object members needed

• See sf.net bug: 1619033

Owner: valiant

Status: fixed

Bug: WebDAV: Displayname wrong if item title not set

• See sf.net bug 1619030

Owner: valiant, jablko

Status: fixed

Bug: Can't logout when using httpauth

See bug 1602484

Owner: jablko, valiant

Status: fixed

Bug: HTTPauth: g2_authorization in return and other URLs

• See sf.net bug 1619030

Owner: valiant

Status: fixed

Bug: Icons not displayed in Siriux Theme

sf.net bug: 1630877

Owner: mindless

Status: fixed

Bug: DP: Multisites can break one another

See bug: 1622876

• Pretty severe G2.2 blocker, should have been in RC-1.

Owner: bharat

Status: fixed

Bug: [DP] Progress bar malfunction when upgrading all

See bug: 1620362

Owner: bharat

Status: fixed

Security related README updates

Update security audit section, also some information on security fixes in 2.2.

Owner: valiant

Status: done

Bug: [DP] Corrupted Index is not deleted

See bug: 1629483

Owner: bharat

Status: fixed

Usability bug: WebDAV: Should we keep dav-mount files?

See sf.net tracker 1619012

Owner: valiant, jablko

Status: fixed

Icons

• Add icons for webdav (and httpauth if it needs one?)
• -core mail sent inviting people to add icons to other icon packs as well. No response yet.

Owner: -

Status: mindless added webdav/httpauth icons for silk iconpack, and placeholders in css files for others

Add a Upgrade log

Add a upgrade log, similar to the install log, but it should also include the upgrade other modules step and be resistant to page refreshes / retries, e.g. by creating multiple log files.

• It would be nice if we had logged + buffered debugging at the same time such that we can show the debug output in the browser window as well.

Owner: mindless

Status: done

Audit usage of GDC disk cache for missing memory caching

See sf.net bug 1635486

Owner: mindless

Status: done

Bug: HTTP auth: Inconsistent use / Interfering

• See sf.net bug: 1619042
• Review: http://reviews.gallery2.org/index.jsp?page=ReviewDisplay&reviewid=56

Owner: valiant

Status: fixed (minor issue left (core.ShowItem), which will be worked on post G2.2)

HttpAuth: Testing needed

• Enable the httpauth module in your G2 and see if it affects performance or functionality in any way. We need more real-world testing.
• What we know:
  • HTTauth isn't used 100% consistently: It's not used if ShowItem pages need auth, but it's used pretty much everywhere else. There's a bug about that (post G2.2).
  • HTTauth adds g2_authorization to all URLs (return URLs, ...) which is not very nice. There's a bug about that.
  • We'd prefer if one could configure the module such that is used globally for everything or just for specific views/controllers (e.g. webdav). (there's now an option for that)
  • Performance seems to be unaffected.

Owner: jablko (lead), valiant, everyone (testing)

Status: Done. We're pretty confident that it's fast, stable and reliable.

Bug: [DP] Failed integrity checks break upgrade

See bug: 1620366

Owner: bharat

Status: fixed

Patches due to Security Audit from RC 1

Owner: gallery-core

Status: done

Bug: JavaScript issues with Java Applets

• See: 1592252
• New version works in Opera again
• Got still small JavaScript issues in IE7 and FF2

Owner: paour, Opera QA (Junyor aka roynuj)

Status: mindless fixed the js thing, now done

Sign applets

Applet signatures are about to expire. We have to buy a new certificate and sign them again before shipping G2.

Owner: bharat

Status: signed all gallery remote related jars.

Bug: [WebDAV] No Auth Popup on PUT requests (Windows client)

See bug 1645834

Owner: valiant

Status: fixed

Webdav: Docs / Testing Needed

• See the WebDAV Compatibility Testing Matrix
• End user & admin documentation needed (screenshots or wink tutorial needed)
• @docs: What to do in FF when saving the dav-mount file? (not relevant anymore. the instructions in g2 have been improved)
• Windows Webfolders WebDAV client Issue: Auth isn't triggered on PUT requests. One has to do a MKCOL request to auth, afterwards one is authenticated and can do PUT requests.
• IIS: All requests but PUT seems to work with IIS, that is, all request methods but PUT seem to be forwarded to PHP/G2 by IIS, but G2 is not given control to handle PUT requests. Sadly, it's pretty useless without PUT. Fixed in G2.2 RC-2.
• We don't test for PUT in the checkRequestMethod() checks yet.
• Code cleanup due to code audit violations (urlGenerator related).
• P9 bug for httpauth module: 1593484
• Bug: Fix rewrite rule for webdav. Does not validate / activate because of backslash in rule
• Bug: GalleryCoreApi::refreshLocks() should have an argument! Thus this code in WebDavHelper is not covered in tests yet.
• webdav should use RewriteApi instead of RewriteHelper
• make davmount a detailed itemlink not a summary itemlink
• Bug: Errors in the httpauth admin view. The tpl uses a smarty modifier (elementId) that doesn't exist in g2, nor in the official smarty release.

Owner: jablko, bharat, valiant

Status: mostly done, thanks all!

Guide Users to DP / Modules

• Problem: DP or modules in general are hidden and overwhelming. Users don't know how to get something like comments working or that more features can be added via DP.
• Code changes should be in for RC-2, codex can wait until the final release
• Ideas:
  • codex page with screenshots / flash movie howtos
  • Banner in "AdminPlugins" (but how to guide people to AdminPlugins?)

Owner: bharat

Status: text added to AdminPlugins, decided not to add it to AdminCore.

Bug: [httpauth] Site Admin Checks not working correctly for IIS

HTTP authentication config checks in site admin show a warning although it seems to work.

• Let's reassess this after jablko submitted his url rewrite / href patch that should address a related issue.
• Still doesn't work, patch pending review (review http://reviews.gallery2.org/index.jsp?page=ReviewDisplay&reviewid=101)

Owner: valiant

Status: done

Bug: httpauth authorize rewrite rule not working correctly

• The httpauth authorize rewrite rule did a redirect to main.php for any URL. had to be changed to just append a query param to the requested URL instead.
• See -devel emails from February 22nd/23rd 2007 and review 108.

Owner: valiant, jablko

Status: done

Review and polish new flash players</strike

• Suprsidr prepared a new version of the mp3 and the flash movie player. A thorough review is needed since there are considerable changes in the flash code.

Owner: wayne, valant

Status: done

<strike>Bug: WebDAV: Handle Special Characters in File / Folder Names

• See sf.net bug 1619997
  • Currently, the WebDAV module deliberately rejects requests to move items to path components which don't pass: $platform->isLegalPathComponent($pathComponent); consequently, adding a large folder with one illegally named item will fail after most files are added. This is frustrating.
  • Alternatively, we could simply use $platform->legalizePathComponent($pathComponent); so adding an item named "女朋友“ actually adds "_________". Most WebDAV clients expect that if a PUT request at a URL succeeds, a subsequent GET request at the same URL will return the added item. So we should also legalize requests to get illegally named items, so getting an item named "女朋友“ actually gets "_________". The only inconsistency in this solution is after successfully adding "女朋友", a directory listing will instead contain "_________".
  • Additionally, we could set the Gallery title property when moving items. So adding "女朋友", the path component would be "_________", but the WebDAV displayname would be "女朋友". The advantage would be on the few WebDAV clients which show the displayname in directory listings, the item would be named "女朋友". On most WebDAV clients, a directory listing would still contain "_________". The disadvantage would be if you had an item with the title "Snowshoeing at Seymour" and moved it to "snow.jpg", the title would be overwritten.
  • Yet another option is to create a map for WebDAV path components. So an item could have path component "_________" and title "Snowshoeing at Seymour", but a WebDAV path component "女朋友". This way a directory listing could include "女朋友". The only inconsistency in this solution is a WebDAV client might decide there was no item named "我大学" and try to add it, possibly overwriting "女朋友". Maybe we could use the WebDAV path component map to prevent this. Besides, most WebDAV clients check that an item doesn't exist by first doing a GET and expecting a 404 response.
  • Additionally, it's not sufficient to simply legalize the path component: we need to legalize the entire path for fetchItemIdByPath to work. This means we also need to check that the WebDAV path components of all the item's ancestors match the original path, or we could request "/foo/女朋友/bar" and get "/foo/"我大学/bar". To do this efficiently, we could store the entire path to each item, but this would mean updating all descendents when a branch is moved. I think it's best to store the WebDAV path component and reimplement GalleryCoreApi::fetchChildIdByPathComponent.

Owner: ?

Status: not started yet

Bug: [G2][DP] Stack trace on Download Error (not robust enough)

• See: 1672370

Owner: Bharat

Status: done

Diagnose flash-video issue

See: http://galleryproject.org/node/61606

• We need to diagnose the issue and assess the severity. Maybe it requires a small fix.

Owner: Wayne

Status: fixed!

Consider adodb mysql sequence patch

See: http://phplens.com/lens/lensforum/msgs.php?id=16319

• A fix could minimize the risk of users running into a severe DB issue (see: MySQL Sequence issue
• Patch in review at: http://reviews.gallery2.org/index.jsp?page=ReviewDisplay&reviewid=126

Owner: valiant

Status: patch committed and suggested for inclusion in upstream (adodb)

Codex documentation for Multisite DP

We need to explain the rules for using DP when using multisite. This will probably mean putting specialized explanations into both the multisite and the DP docs.

• Added Gallery2:Multisite#Administration_and_Maintenance and listed the disadvantages of using multisites.

Owner: valiant

Status: done

Codex documentation for DP

Right now there's no good explanation for how it works

• Added installation -> Gallery2:Installing_Additional_Components. but it's nothing great yet. --Valiant 16:15, 28 February 2007 (PST)
• Added how-to video for DP (linked in quick start guide and in the above mentioned page)

Owner: valiant

Status: done

Green tests for all supported environments

After the modifications since RC2, we need to test everything again.

• MS SQL coverage needed (last tests are from 2006/12) has been tested by Larry and valiant
• " MSSQL: some multibyte character related tests since UCS-2 is locale-dependent and only a subset of UTF-8. Won't fix, needs disclaimer for MSSQL support.
• TODO: Re-assess once RC-1 candidate is cut.
• TODO: Need someone to test IIS/6.0 Windows Server 2003 with G2.2. A user reports that nothing works anymore due to the new auth-token. Can't reproduce it with IIS/5.0 Windows XP. See PHP-CGI/ IIS bug / task. This combination is no longer supported.
• Need to run tests on MS SQL Server
• Need to figure out why so many tests failed on MS SQL (waiting for reply from Larry) Tests pass on my system. --Valiant 18:40, 10 March 2007 (PST)

Owner: valiant (lead), everyone

Status: done

Codex page text for all official plugins

Some modules lack a real codex page and have a 1 line description which is just not good enough.

Owner: mindless (lead), valiant

Status: done

Bug: DP can't upgrade some modules

See: http://sourceforge.net/tracker/index.php?func=detail&aid=1674613&group_id=7130&atid=107130

• Consider a small patch for G2.2

Owner: Bharat

Status: fixed

Tested upgrade path from 2.0, 2.1 and random beta versions

Owner: ? (lead), everyone

Status: done

Prepare Announcements

• Prepare a GMC news story and a press release
  • Mostly based on G2.2 RC announcements (and previous G2.x release announcements)
  • Include note about PHP-CGI/IIS being no longer supported (with migration path and link to MS)
  • Emphasize security improvements
  • Highlight DP and other changes
  • Highlight translation status, related projects & clients and integrations

Owner: ckdake (lead), valiant (press release)

done