As of 01 April 2010, v1.3 of web2project is live.

This release was focused almost entirely on bug fixing and preparation for the coming v2.0 release in June. Since the v1.2.2 release in January:

• First, we added another 35 Unit Tests covering core functionality in the Tasks module. While there are still lots fo things that need tests, Trevor has does some amazing work and should be applauded for it.
• Next, we’ve done quite a bit of cleanup to the Tasks module itself. Now moving a Task from one project to another will cause both projects’ percent complete to be recalculated.
• Next, the upgrade process has been moved out of the /install folder and into the System Admin. Further, the System Admin page notifies administrators if database updates should be applied. This ensures that only properly permissioned users can apply upgrades.
• Next, we added “minification” to the Javascipt and CSS which reduced the corresponding filesizes by 80% and 33% respectively.
• Next, we created a number of Views Helpers. These helpers handle auto-linking fields that have url’s or even email fields. On the other side of things, we’ve added validation for email and url fields. If something is supposed to be a url, it will be. Further, description fields will respect character sets including umlauts and other non-English characters.
• Finally, we added deprecation warnings to a number of methods and functions that will be removed in later releases.

In summary, we closed about 25 items with ranging from 3 crash-level issues to 14 minor bugs. Once again, those are just the formally reported issues. If you want to explore everything of interest, check out the web2project v1.3 Release Notes on our wiki. And of course, if you’re looking for ways to share your code more easily, you should check out our web2project git repository.

This release came a little later than planned, but due to conflicting schedules, it just had to happen. Regardless, we’ve already sketched out v2.0 and plan to get back on track with the September v2.1 release.

Late last month, I received some bad news about web2project…

It turns out that web2project was vulnerable to a handful of select Cross Site Scripting (XSS: definition) vulnerabilities. While the attack vector was pretty specific to being an already authenticated user, it had the potential to be a major problem in a poorly configured system.

On the positive side, I say “was” because within 10 days of being notified of the problem – and the same day the vulnerability became public – we had a patched release out the door and available to users. We’ve spent the past month since encouraging them to upgrade. Of course, we further benefit from the fact that although the vulnerability does affect us, we’re not named in the report.

On the negative side, it did take us 10 days to close the vulnerability. The patch itself was available a few days earlier via Subversion but it might not have been enough. Further, we didn’t explicitly notify our users of a need to upgrade but since it was rolled with a handful of other major fixes, it appears that many people have upgraded already. Once again, we benefit from the very specific attack vector.

To make this process easier and faster in the future, as of v1.3, we can already detect if upgrades have been uploaded but not applied. For an upcoming release, we’re implementing a Drupal/WordPress-style means of notifying existing administrators thatan upgrade is available. In the meantime, watch this space or web2project’s page on Sourceforge.

As of this morning – 09 December 2009 – web2project v1.2 is live!

While there is not a huge amount of new user-facing functionality, the sheer number of fixes and amount of cleanup is staggering. Since the v1.1 release in September:

• Pedro made some major updates to the iCal handling which added the Task Description and Links to the iCal entry for one-stop shop of information.
• Pedro also added the Brazilian Portuguese translation to core. Rumor has it that there’s an Italian version on the way next.
• Added some creative caching and pre-calculations to the Task Count, Total Hours, Percent Complete, and Worked Hours to speed up the system significantly.
• Changed the PDF creation for reports to use a randomly generated filename.
• Created a GanttRenderer class to centralize the Gantt chart creation with the goal of standardizing behavior and eventually replacing jpGraph completely.
• We’ve created strong object validation that happens on save. Whenever you attempt to save a Project, Company, Link, etc, the system makes sure the required fields are actually filled in. Realistically, some would claim that the Javascript already did some of this on the front end, but that could be bypassed… and we needed something more solid for the API.
• The method signatures – specifically for store(), delete(), check(), and a few other calls – have been standardized. This by itself isn’t incredibly useful yet… but we needed something more solid for the API.
• We did some major refactoring of the core modules based on a code review we received at CodeWorks 2009. Sebastian Bergmann (phpUnit creator), Stefan Priebsch (OO guru), and Arne Blankerts (security guru) were kind enought to take a look at the code and shared feedback on a number of architectural concepts, OO improvements, and overall code clarity. These changes aren’t immediately visible to end users but we needed something more solid for the API.
• Finally, Trevor and I (mostly him) added about 40 Unit Tests since the v1.1 release. While we don’t distribute them in the release – you have to get them via SVN – they’re useful for testing against the growing API.

Are you detecting the pattern here?

Further, we closed nearly 50 items ranging from 8 crash-level bugs to 20 minor bugs to 4 pre-defined feature requests. Of course, that only covers the things logged as issues. If you want to see everything of interest, check out the web2project v1.2 Release Notes on our wiki.

In accordance with our quarterly release schedule, this is our final release for 2009. The next release will be 1.3 in March 2010 with v2.0 scheduled for June 2010.

Yes, you read that correctly, we’re getting close to our v1.1 release.

We’ve been working quietly behind the scenes to make a number of things happen. Some are big, some are tiny, but here’s a rough list of them:

• Unfortunately, a number of bugs – most just annoying, one important – made it into the v1.0 release. These were our top priority and are therefore resolved. There will be a detailed list in the v1.1 Release Notes.
• We had all kinds of problems with Special characters like Umalutes and a few other things. A few users – namely eureka, pacho, and egemme – have led the way in given us tips and tricks and the necessary code to make the system UTF-8 compatible. There are probably a number of places which still need work, but the majority of them are wrapped.
• A number of major performance improvements have been made.
  • Previously, there were a number of screens which would count/group all the Tasks in the entire system just to display a simple count. We’ve modified the flow so that Tasks are counted for a specific Project whenever one is saved or deleted. On average, this creates more database reads and writes but each read is a fraction of the size of the original read and the write is a single row. In initial testing, the performance on the Project List screen – url: ./web2project/index.php?m=projects – is faster by approximately 20% and uses 50% less peak memory.
  • There was a similar function related to the Tasks and Task Logs. On every Task View – url: ./web2project/index.php?m=tasks&a=view&task_id={task_id} – the hours worked were calculated on the fly. This has been changed to total the hours for a given Task whenever a task log is saved. Once again, this makes quite a few more reads and writes, but they’re smaller and more focused. In initial testing, the performance of the Task View screen is faster by approximately 5% and uses 20% less peak memory.
• Next, with some guidance and great examples from Trevor Morse leading the way, we’ve implemented some Unit Tests. We don’t have 100% coverage on anything yet but the Projects, Companies, and Tasks Modules and numerous supporting functions have high coverage and are steadily getting better. This will be an ongoing effort as we continue development.
• Next, the classes have been converted to the PHP 5 equivalents. All methods and properties have been marked public/private/protected as necessary. While this is normally a major change, since we already required PHP5 at installation, it’s a much smaller change than you might think.
• Finally, a search interface has been created.
  • The previous version of the SmartSearch module – Pedro’s ingenious creation – had a couple minor weaknesses. The most difficult one required the creation of a SearchObject created for every module in the system that you wanted to be searchable. While this is fine for core modules, it makes Add On modules either unsearchable or someone has to hack core… both less than ideal.
  • Therefore, we created a hook_search method – you can see the first version on the Projects class – which allows any module to become searchable.

Other than that, we haven’t done much in the past 80-couple days…

I’ve been quiet on web2project for the past few weeks, but I thought I should share some of the latest developments.

The single biggest improvement currently is the inclusion of Unit Testing.

Unit Testing has been on the agenda for months and years. The problem was that something else – often bugs, sometimes new features – would creep up and push it off the todo list. And then something happened at php|tek this time around:

I met Trevor Morse – lead developer of Azorus and the founder of the Nova Scotia PHP Developers Group.

Within their company, they took a very familiar approach. They started writing unit tests for the new features and as bugs were discovered on existing features. While it sounds like a slow, painful process, it actually works out quite well. Instead of seeing tens or even hundreds of thousands of lines that need to be tested, you see only a given function or only a given bug. Over time, this steadily improves the quality of the codebase and also sets a good example for current and future developers on the “right way” to do things.

So a few weeks ago when Trevor passed me some Unit Tests and a Phing script to run them, I was suitably impressed not only by his motivation, but also by his beginnings on this strategy.

Within a few days, I had integrated his phpUnit tests – available since r444 on 18 June – and expanded the Phing script to include some other functionality such as a php lint check, and a coding standards check (PEAR). In the weeks since, he’s provided Unit Tests for the vast majority of the Companies Module and some of the Project Module. In the meantime, I’ve been working on some of the supporting classes and functions used by the rest of the system as I’ve tracked down and closed a few bugs.

In addition to improving the quality of the system, Trevor has found and properly diagnosed at least two bugs while I’ve found a few others. Combine with this the little performance improvements and tweaks that have been made and the next release could be even more perfomant. If you’d like to browse the tests and offer feedback – constructive criticism only, please – feel free to browse our SVN repository on Sourceforge.

And in case you want to see them, the web2project Unit Test Report is available here… warts and all.

Warning: Since the vast majority of the tests run against the database with users of known permissions, etc, under no circumstances should you run the tests against your production system.

In other news, web2project v1.1 has been specified. There are a number of cleanups, improvements, and fixes going in – 27 to be exact. A couple are important, most are pretty small, but the bulk are necessary to the overall improvement of the system. About six of them are already closed, a few more are on the way.