Report issues
We're currently not allowing issue reporting directly via ITS. Please use the feedback form to submit your issues.
Add known issues to JAS backend
The JAS backend should be able to pull all known issues from the JAS website and display them in the backend.
More difficult captcha
It seems the captcha is too easy to parse for a "computer", so:Add (slightly) rotated characters
Multi colored lines
Picture / character morphing
API set project completely overwrites session
When switching projects via the APIs it does load the new project but overwrites the current session (clearing the login etc). Depending on the scenario this may be desired behavior however it seems more logical to take a similar approach as how the backend handles multi project sessions.
Moreover it seems debatable whether switching projects with the APIs is something that should be allowed on a project basis. If project A allows it but project B doesn't then there's no way to switc...
Password generator + validator restrict characters
The password generator + validator should exclude certain characters from the character sets to avoid confusion and potential bugs, e.g.:capital i and lower l are confusing
capital o and zero are confusing
@ and : may ruin passwords in URL
As none of the values are per se incorrect it may make sense to just remove them from the generator but still leave them as "valid" values.
Trim values
Typically any input should be trimmed, it makes sense to make this a default action which can be explicitly disabled. Instead of the current approach where it needs to be enabled explicitly.
Config language file info
Add a configuration option to "store"/files/ are used in the session. Currently it always store this information which clutters the session and is other than being displayed in the backend completely useless.
Plugin export should include (some) dot files
.htaccess files in a plugin are not exported... how to solve this properly? Whitelist .htaccess files or blacklist .hg (and .git etc) files?
Add CSRF prevention support
Cross-Site Request Forgery (CSRF) are request to the server initiated from other websites. Allowing this is potentially dangerous as the request piggybacks on the existing session on the server if it's ran from the same browser (imagine 2 tabs, 1 logged in on the server, the other with a malicious site that sends a request to the server).
The most suitable way to prevent this seems to be Synchronizer Token Pattern
(STP) which effectively requires a unique token to be sent...
Redis support
JAS should support Redis (http://redis.io/) next to (or maybe even instead of memcache) . What client should be used (see http://redis.io/clients#php)?
Config caching
Loading the initial configuration (when setting up the session) take too long. This should be cached (automagically detecting the cache method, i.e. mem, module, file) on a project by project basis and any subsequent config loads should use the cached version.
