[geeklog-devel] GSOC 2009

Tim Patrick tcsp1900 at hotmail.com
Sun Mar 29 01:01:21 EDT 2009

Hey There,

My name is Tim Patrick, I am a first year student at Conestoga College in Kitchener Canada, studying software engineering.
I am very interested in working on Geeklog for the GsoC. My interest in PHP and MySQL started back when I was in my early teens, and it has always been my faviourite language (PHP). I am also experienced in Java, C/C++, Python, Perl, XML & CSS, and Ecmascript. One of my most recent projects, project mesmer, is a web application that runs on a php backend with a mysql database. This application creates a web based version of the Guild wars skill building tool that is available in the actual game, and uses staged downloading, and Ajax to create a rich GUI. 


Currently I am working on a CMS type project that is targeted for gaming guilds, that allows gamers to create their own sites, and add modules (much like plugins only targeted for gaming, such as rosters, etc). 
Linked to this project, because I want to allow users to create modules but not to be able to write those modules in PHP which is a potential security risk, as all the sites are stored on the same server. I am currently working on a custom language that allows a rich experience like PHP, however which can be limited to only allow certain actions. However, unlike PHP, this language is compiled into a byte code, which is then executed by a virtual machine, that acts much like a CPU. 
This language will elliminate the need to worry about user uploaded plugins etc, as malicious code will not be able to be written, as the language won't allow it. 

I am interested in Geeklog because it is a very compact and useful CMS, that has alot of potential. As well, it is very well written (the language structure) and structured.  The project I am interested in is http://wiki.geeklog.net/index.php/SoC_plugin_repository. This project is appealing because I would like to see this become much like mozillas add-on website, where users can have the add-ons installed automatically with no downloading, unzipping, and placing in folders. A one click process. Some type of verification (digitally signed) for each plugin on the main repository would be an idea as well. This would ensure that the plugin being installed is verified by Geeklog to be OK and free from any malicious code. 
As well, users will be able to download plugins from anywhere, however if the root domain is not a geeklog trusted site, a warning will be displayed telling the user malicious plugins may be installed, and to make sure you trust the developer, or download from the trusted geeklog site. This would prevent users from unwittingly downloading malicious code.  The user will have to concientiously click a check box and then continue to install the non-trusted plugin.

For updating, my idea is that the users site will automatically check the plugin repository for an update on the update list that it will publish every x day(s) (or every login) and if an update matches one of the installed plugins, download the necessary update, and update the plugin. This list would be in a simple XML structure for easy and quick parsing, and be very small in size to prevent network holdups. This will be modeled off the GNOME (Linux GUI) update software, where it will check every login for updates by downloading the small xml file, parsing, and if an update, informing the user of the update, and then having them click one button (Update) to allow them to have all the updates installed.
As well, for each update, it would be an idea to have a flag associated with the update, that indicates if the user can ignore the update, can delay the update, or whether it is a mandatory update (A security patch for example). 
A priority would also be a required field for each update.

For new updates, we can have a manager plugin that allows a administrator to view all new plugins that are avaiable from his subscribed plugin repositories. This means that the administrator can add repositories, delete repositories, and search through all plugins. Much like a package manager (Synaptic) for Linux. 
A simple call to an update button in the manager plugin will load all the plugins from the repositories, and then allow the administrator to scroll through them, or search for one individually. As well, the user will be given the option to download many at a time. Maybe as well, we can allow users to remove them from this manager plugin as well? 

The repositories are of two types - open and closed. Open can have any user submit a plugin, where it is then verified by a moderator before being placed for public download. In the case of geek log, this would also allow the moderator to digitally sign the plugin. 
For the closed repository, only members would be able to upload plugins, where they would be optionally approved by a manager. This would be able to be configured in a configuration file. 

A bug I fixed was the one located at : http://project.geeklog.net/tracking/view.php?id=824 
This was a very simple bug, that just required adding rawurlencode function the username when the user's file was being named. This allowed user names with reserved browser characters (eg. ? and &) to not break the functionality, as they are converted to the %## code. (Where ## is a hex number). Since all non alpha numeric numbers are encoded, (except _ and -) there is no posibility of duplicate file names unless there are duplicate user names.
rawurlencode was used insteda of urlencode as urlencode encodes spaces (ascii 32) as a + which will cause an invalid file character in windows.

Thank you for reading this, I hope to work with you guys in the future :)
Tim Patrick

Experience all of the new features, and Reconnect with your life.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20090329/19c05009/attachment.html>

More information about the geeklog-devel mailing list