Bugs: ===== All known bugs in the released versions have been fixed. Development version bugs: Use an array to test for preview site urls. (?) Test view/templatename to see what happens. http://tighturl.com/testing/view/ffr Error: That TightURL ID (testing) is not in our database. Why does this get picked up by main site? http://tighturl.com/testing/?=view/ffr Goes to testing site correctly http://tighturl.com/testing/?i=view/ffr Change: ======= Should put up a rejection notice when trying to re-add banned URLs. Present behavior returns the existing ID to the banned URL, which is still banned, and still gives a rejection notice if used. While this might be frustraing to those attempting to abuse the system, it is not visitor friendly in general. Remove CVS link from SourceForge project page, attempt to learn Subversion, upload source code to SourceForge SVN. Test for the following in TightURL_ResolveURL: top.location='http://www.abcw3b.com/fwt/toolbar/404.php'; The first is ok because it redirects within the same site. The second is not ok, because it redirects out of the site. In the first case, accept the URL as-is. In the second, continue resolving until a more acceptable final destination is found or the maximum chain length is exceeded. Features to be added: ===================== Block by IP: 118.137.41.87 Admin interface? Reveal (preview) URL Needs to handle preview.$selfsite(?) automagically. Add abuse reporting input box. Allow entering TightURL or original URL. Tick abuse count up each time. When threshold reached, change status to greylisted. When next threshold reached, change status to complaint disabled. Follow redirections through to the end, test that URL (and intermediate URLs?) for abuse. Scrape uribl.com hosters file. Attempt to get administrators to subscribe to: tighturl-announce@lists.sourceforge.net This is to try and ensure that they get security announcements. Attempt to notify administrators via the given e-mail address when their TightURL installation is out of date. Attempt to re-notify administrators a few times in the event of needed security updates, and then disable the system. Consider disabling just vulnerable parts of TightURL when possible. Update/Version Checking Service ------------------------------- The TightURL version checking service should return a string showing current version, the development version, beta version, and the oldest version believed to be secure. The TightURL update service aims to allow for automated updates of the parts of TightURL that fight attempts to abuse the system for spamming, phishing, and other bad things, and other bits of TightURL subject to the changes of the Internet like the valid URL regex. Updates would override everything except local changes made in tighturl.config.inc.php . Abuse Checking Service and the killbot -------------------------------------- Because those seeking to use TightURL to hide their true destination probably URIBL ----- URIBL checks should include full resolution of redirections Right now only the submitted URL is checked. Note that this would still be susceptible to deception. URIBL checks should decode HTML entities. (does SURBL say this?) (This has absolutely nothing to do with TightURL but needs to be incorporated in this library routine as part of a correct implementation.) Add IPv6 to URIBL tests. (?) Object-Oriented Code -------------------- I anticipate re-writing TightURL as an OO application. TightURL Library ---------------- When TightURL and the TightURL library are re-written as an OO application, provide a functional interface library wrapper for tighturl.lib.php for existing TightURL library users. TightURL for Python ------------------- As anyone who's trying to learn a new language can tell you, without something to write in it, it's hard to pick up the language and to retain the knowledge. As I am trying to learn Python, I anticipate releasing a Python version of TightURL and the TightURL library sometime in the first half of 2008. Features not completed in this version: ======================================= API --- The REST API was excluded until the next major release. Due to spamming, the API is under reconsideration as a bad idea. Features being considered for future releases of TightURL: