steffen: server/kolab-horde-fbview/kolab-horde-fbview/fbview/docs CHANGES, NONE, 1.1 CODING_STANDARDS, NONE, 1.1 CONTRIBUTING, NONE, 1.1 CREDITS, NONE, 1.1 HACKING, NONE, 1.1 INSTALL, NONE, 1.1 PERFORMANCE, NONE, 1.1 RELEASE, NONE, 1.1 RELEASE_NOTES, NONE, 1.1 SECURITY, NONE, 1.1 TODO, NONE, 1.1 TRANSLATIONS, NONE, 1.1 UPGRADING, NONE, 1.1

cvs at intevation.de cvs at intevation.de
Mon Oct 31 12:43:15 CET 2005


Author: steffen

Update of /kolabrepository/server/kolab-horde-fbview/kolab-horde-fbview/fbview/docs
In directory doto:/tmp/cvs-serv18388/kolab-horde-fbview/kolab-horde-fbview/fbview/docs

Added Files:
	CHANGES CODING_STANDARDS CONTRIBUTING CREDITS HACKING INSTALL 
	PERFORMANCE RELEASE RELEASE_NOTES SECURITY TODO TRANSLATIONS 
	UPGRADING 
Log Message:
Fbview in separate package

--- NEW FILE: CHANGES ---
----
v3.0
----

[cjh] Introduce a '_default_' color and better handling of user-specified
      Unfiled colors.
[jan] Allow themes to use their own icon sets.
[cjh] Categories and category color labels are now handled globally by Horde,
      and provided to all applications that use them.
[jan] Identities are now managed with the preferences code and can be accessed
      from every application.
[mms] Handle RFC 2231 encoded parameter values.
[mms] Add IMAP_Sort class to provide sorting for IMAP mailbox lists.
[jan] Add user management to IMAP authentication driver.
[jan] Add IMAP_Admin class to manage IMAP mailboxes.
[mms] Added a generic text/html MIME_Viewer driver for all Horde applications
      that attempts to sanitize malicious code hidden in HTML.
[mms] Added a generic message/rfc822 MIME_Viewer driver.
[cjh] Remove HORDE_LIBS constant and assume libraries are in the include_path.
[jan] Add searching and paging to the user administration interface (Joel
      Vandal <jvandal at infoteck.qc.ca>).


----------
v3.0-ALPHA
----------

[jan] Access keys are no longer generated automatically but defined by the
      developers and translators.
[cjh] The new services/prefs.php file is now the only UI page necessary
      for preferences for all applications - all app/prefs.php files
      are now obsolete.
[cjh] Prefs::getPref() has been deprecated and is no longer present.
[cjh] Horde::, Registry::, and the last of the libs that are moving should be
      moved to framework packages now.
[cjh] Editor::, Menu.php, NLS::, and Signup.php have all been moved to
      framework packages.
[mms] Moved the IMAP Tree generation class from IMP to framework so it can
      be used by other applications.
[mdj] Setup now has a more informative format. The CVS version tag is copied
      from the conf.xml file into the conf.php file so that it be used to warn
      which applications need their conf updated.
[cjh] Use javascript to autodetect whether or not the frameset is present.
[cjh] Horde_History, Horde_Links, and Horde_Search have been moved to
      framework packages.
[cjh] Allow apps including horde/lib/base.php to specify that a different
      registry application should actually be pushed onto the Registry
      application stack. This lets the fiction of problem.php being its
      own application play nicely with the new permissions checking.
[cjh] The new application permissions checking has been modified to
      allow access to all authenticated users by default, and to deny
      guest access by default. All variations on that must be set
      explicitly.
[cjh] Remove the Guest Services link; it's been obsoleted by
      $conf['menu']['always'].
[cjh] Various $no_auth and $self_contained_auth flags have been standardized
      into an AUTH_HANDLER constant, which if defined signals the application
      that it should not check permissions upon calling $registry->pushApp(),
      as the calling script will handle that itself, or is a system-level cron
      job/script/etc.
[cjh] Add an option to $registry->pushApp() to specify whether or not to check
      application permissions.
[cjh] The 'allow_guests' setting, and $registry->allowGuests(), have been
      removed in favor of Horde_Perms application permissions.
[mms] Added the text/richtext MIME_Viewer.
[jan] Instantiate the global Perms object in Registry.php.
[cjh] Category has been moved to a framework package, and also renamed
      to DataTree so that it has a more intuitive name for the API.
[jan] Add Indonesian language (Slamin <slamin at unej.ac.id>).
[jan] Add Auth_login class.
[jan] Add Horde::externalUrl().
[mdj] Perms is now a globally available object, set by the registry's
      loadPerms().
[jan] Add "About" page for the help system.
[jan] Add SOAP server to RPC framework.
[cjh] Move PrefsUI to Prefs/UI.php for package consistency.
[mms] Added NLS_GeoIP:: to do Hostname -> Country lookups.  NLS:: will do
      lookups by default now using country TLD codes.
[mir] Add preprocess hook for Signup system.
[jan] Move Horde_CLI, Horde_Cache, Horde_Cipher, Horde_Compress,
      Horde_Token and Horde_Util packages to the framework module.
[cjh] Reorganize a number of files from the top level and from util/ into a
      new services/ directory and a number of services/* subdirectories.
      This should give us a better base for expanding the services provided
      by the core Horde module in the future.
[max] Add support for <b> and <i> tags to the Help xml parser.
[cjh] Add the Horde_History API, for storing timestamped events for
      arbitrary objects.
[cjh] Horde_Template now allows if: conditions on array values
      (Nuno Loureiro <nuno at co.sapo.pt>).
[jan] The administrator can now force the default language in nls.php
      (Etienne Goyer <etienne.goyer at linuxquebec.com>).
[mdj] Horde_Form now supports setting of a help icon linked to help.xml.
[cjh] mime_mapping.php is no longer a config file; replaced with
      mime.mapping.php inside the MIME package.
[cjh] Add Google search applet (Joe Wilson <joe.wilson at mindcandy.org>).
[jan] UTF-8 support is enabled by default now.
[jan] Themes are now automatically read from the config/themes directory.
[cjh] Add support for other kinds of servers and other kinds of responses to
      rpc.php and the RPC:: API.
[jwm] Add support for approving queued signup applications.
[cjh] Groups can now have an email address associated with them.
[cjh] Make Horde-level Blocks configurable through the registry, allowing easier
      adding of new blocks (Joe Wilson <joe.wilson at mindcandy.org>).
[cjh] CategoryTree is now deprecated in favor of Horde_Tree.
[cjh] Move the admin permissions and groups pages to use Horde_Tree.
[max] Add _comparePasswords() function to Auth_sql to correctly compare
      all crypted passwords similar to the Passwd module.
[max] Add crypt-des (which is the same as crypt), crypt-md5, and crypt-blowfish
      encryption types, to match Passwd module.
[max] Add optional show_encryption param to Auth_sql, to match Passwd module.
[mms] Added IP Address check to Auth::authenticate() to increase security.
[jan] Remove NLS::decimalFromLocale() and NLS::decimalToLocale().
[cjh] Horde_VFS:: is now VFS:: again, and has no external Horde dependancies.
[cjh] Round out the various shell tools with a command shell.
[cjh] Add sidebar.php and appropriate prefs entries for using Horde with the
      menu as a Mozilla sidebar.
[mms] Add IMAP_Cache:: class to handle cached IMAP server data.
[cjh] Make getCategoriesByAttributes() much more sophisticated - it can
      now handle a pretty much arbitrary logic tree - and use it to optimize
      Horde_Share::listShares().
[cjh] Add getCategoriesByAttributes(), and use it in
      Group::getGroupMemberships().
[cjh] Add code that lets a CategoryObject subclass define a mapping from its
      internal data to the new horde_category_attributes table.
[mms] IMAP_Search:: now uses a IMAP_Search_Query:: object to build the
      actual IMAP search.
[mms] Added a secure delete temp file option that will overwrite any temp file
      with random data before unlinking.
[jan] Add Lavender theme (Ziaur Rahman <zia at qalacom.com>).
[cjh] Horde_Template:: is now capable of translating text inside
      <gettext></gettext> tags.
[cjh] Horde_Mobile:: now properly supports multiple submit elements in forms.
[mac] Add generic Cyrus auth driver, Auth_cyrus.
[mac] Add optional encryption param to Auth_sql, to match Passwd module.
[jan] Add new hooks (replacing _horde_hook_username) to convert user names
      from the backend to Horde and back.
[cjh] Add a new API call, Auth::isAuthenticated($realm = null), for
      determining whether or not a user is logged in to the current
      realm (by default null). Auth::getAuth() is still used to get
      the current user, but now you don't need to know the auth realm
      to get the current user - just to check authentication.
[cjh] DHTML date picker now opens right over the image used to anchor it.
[cjh] The last_login preference is now entirely handled by Horde.
[mms] Add Horde_Test:: class/templates to aid in creating test.php scripts.
[mms] Move complex IMAP searching code from IMP_Search:: to IMAP_Search::.
[cjh] Re-work the Horde LDAP schema bits to be more correct and
      consistent (Adam Tauno Williams <adam at morrison-ind.com>).
[mms] Add DOM tooltip capability via Horde::linkTooltip().
[mms] Add garbage collection class (Horde_VFS_GC::) for VFS.
[mms] Add timeout to PGP keyserver lookup.
[cjh] Add navigation for previous/next preferences block in PrefsUI
      (Mathieu CLABAUT <mathieu.clabaut at free.fr>).
[cjh] Add Horde_Links API (j.huinink at wanadoo.nl).
[cjh] Add more introspection, in the form of getContentType() and
      getLink(), to the Horde_Image:: API.
[cjh] Add util/cacheview.php for viewing any data with a Content-type
      put into the cache.
[cjh] Add Horde_Cache::cacheObject() for use in caching the results of
      non-static object methods.
[cjh] Rename Cache:: to Horde_Cache::.
[cjh] Move Cache_session:: to Horde_SessionObjects::.
[mms] Added Horde::extensionExists() to cache extension_loaded() calls.
[cjh] Add NLS::decimalToLocale() and NLS::decimalFromLocale() to handle
      converting between different decimal point separators.
[cjh] Added MIME_Headers::.
[mms] Moved gzip and tar file handling to Horde_Compress_*:: modules.
[mms] Moved ZIP handling to the Horde_Compress_zip:: module.
[mms] Moved TNEF handling to the Horde_Compress_tnef:: module.
[mms] Added Horde_Compress:: API - used to compress/decompress data.
[mdj] Added the DOM calendar date picker to Horde_Form, based on work by
      Mike Cochrane <mike at graftonhall.co.nz> and Brian Keifer
      <brian at valinor.net>.
[mms] Added multipart/report MIME_Viewer::.
[mms] Added MIME::generateMessageID() to generate MIME-compliant message IDs.
[cjh] Add command-line setup.php script. Right now, this only generates/updates
      configurations; you cannot *edit* a configuration with it.
[jan] Add String:: class with locale/charset safe string functions.
[mms] Added Horde::authenticationFailureRedirect().
[mms] Added Browser::escapeJSCode() to escape certain characters in
      javascript code depending on the browser type.
[jan] Add NLS::strtolower() and use it everywhere where locale independance
      is necessary.
[jan] Add Turkish translation (Genco Yilmaz <gencoyilmaz at yahoo.com>).
[mms] Add 'link' parameter to the preferences config to allow for help links
      to be added to the preferences pages.
[mms] Another Maintenance:: rewrite - now store all data in the cached
      Maintenance_Tasklist object.
[mms] Added check to Prefs:: to ensure the data stored does not exceed the
      maximum storage size of the preferences storage system.
[jan] Add UTF-8 support. Any content with any charset can now be displayed with
      any translation.
[mms] Add NLS::checkCharset() to determine whether a given character set is
      valid on the current system.
[cjh] Deprecated Registry::includeFiles() and Registry::shutdown().
[mms] Add support in MIME_Magic:: to use the UNIX file function to determine
      the MIME type of unknown files.
[mms] Added an example cron script to delete old temporary files.
[mms] Correctly get charset information for MIME_Parts in MIME_Structure.
[mms] Rewrote MIME_Message to extend MIME_Part.
[cjh] Add ordering extensions to the Category:: framework
      (Marko <marko at oblo.com>).
[cjh] Add a simple template engine, derived from bTemplate,
      for Horde applications to use.
[cjh] Add Auth_yahoo:: which lets you have no local auth and rely on
      Yahoo! mail usernames.
[mms] Moved Server configuration checking functions to Server::.
[cjh] The user admin page can now set fullname and from_addr preferences
      for any user as long as the Auth backend is capable of at least
      listing users (doesn't have to be able to update them).
[cjh] Share:: is now Horde_Share::, and is reworked to hold permissions
      internally. We can now assign group/default/guest permissions
      more easily.
[jan] Add RPC::parseUrl().
[jan] Add RPC based remote summaries.
[cjh] Add a SQL Shell to the Horde admin section.
[cjh] Don't prefix Horde admin menuitems with "Horde" to save space.
[cjh] Horde_Form:: forms now use the Horde_Token:: API by default to
      make sure that they cannot be reloaded.
[cjh] Rename Token:: to Horde_Token:: for future packaging.
[jan] Add Registry::listAPIs() and Registry::listMethods().
[cjh] The Perms:: system now supports default and guest permissions.
[cjh] Applications can now provide individual registry methods, not just whole
      interfaces. Applications can override a single method out of an interface
      as well - an app providing a mail/filter while IMP provides mail/*, e.g.
[cjh] Renamed FormSprocket:: to Horde_Form:: and GraphSprocket:: to
      Horde_Graph:: for consistency and future PEAR packaging.
[mir] Added example of _imp_hooks_fetchmail_filter to config/hooks.php.dist
[mms] Added the MIME_Contents:: class; functions to help in the output
      of MIME content.
[cjh] Rewrite the Category:: system to allow multiple leaves with the same
      name (as long as they have different parents) and rewrite everything
      (Perms::, Group::, Share::, etc.) to use it.
[cjh] Move _fileCleanup() into Horde:: as Horde::deleteAtShutdown(),
      and add Horde::_deleteAtShutdown() to do the actual deleting.
[cjh] Initial support for configuring the summary screen
      (Eric Rechlin <eric at hpcalc.org>).
[cjh] Add a system for defining generic hooks for any preference.
      See horde/config/hooks.php.dist for lots of examples and docs.
[cjh] Add a colorpicker utility to Horde
      (Michael Cochrane <mike at graftonhall.co.nz>).
[cjh] Add a guest services entry page and links to it from all
      login pages.
[jan] Add translation helper script.
[mms] Stylesheet link generation handled by Horde::stylesheetLink().
[cjh] Add the new Config:: API and setup.php, a system which reads
      configurations from XML files and existing conf.php files,
      taking care of merges and adding new parameters. Currently we
      have a web wizard.
[cjh] css.php now supports loading CSS classes for multiple applications.
[mms] Removed the SessionCache class. Equivalent code is now available in
      the Cache_session:: class.
[mms] Added IE broken-browser downloading code to Browser::.
[mms] Added a session driver to Cache::.
[cjh] Rename config/horde.php to config/conf.php.
[cjh] Move cookie_domain, cookie_path, server_name, and server_port into
      horde/conf.php.
[cjh] Add a parameter for setting the session cache_limiter.
[cjh] Add MIME_Viewer_text to Horde.
[cjh] Rewrite all factory/singleton methods to allow individual applications
      to provide a custom backend, and to allow sites to provide custom
      backends in their include_path settings.
[mms] Handling of Content-Type parameters moved to MIME_Part from MIME_Message.
[mms] Crypt_pgp:: can now upload keys to a public keyserver.
[mms] Renamed the Lang:: class to NLS:: and moved the timezone setting
      method into it.
[mms] The local timezone can now be set via the Horde::setTimezone() call.
[mms] All browser headers for downloading a file have been moved to the
      Browser:: class.
[cjh] Add files to util to support embedding a GUI editor into our pages.
[mms] MIME:: no longer exports $mime_types and $mime_encodings as global
      variables - rather, MIME::type() and MIME::encoding() should be used.
[mms] The tgz MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <mike at graftonhall.co.nz>).
[mms] The rar MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <mike at graftonhall.co.nz>).
[mms] The zip MIME_Viewer now lists all files without using an external helper
      program (Michael Cochrane <mike at graftonhall.co.nz>).
[mms] Maintenance:: now uses session variables to provide much cleaner and more
      robust performance.
[mms] MS-TNEF attachments are now handled completely via PHP rather than with
      an external program.
[mms] Added application/ms-tnef MIME_Viewer.
[mms] Horde_Crypt_pgp class can query public keyservers.
[mms] MIME_Structure::parseMIMEHeaders() can now parse all headers of a MIME
      message and return an object.
[jan] Add MIME::rfc822WriteAddress() to replace imap_rfc822_write_address().
[mms] Added S/MIME MIME_Viewer.
[jon] Support referrals between LDAP servers in the LDAP preferences driver
      (Kevin Hildebrand <kevin at hq.ensoport.com>).
[cjh] MIME_Structure::parse() now returns a MIME_Message object
      (Michael M Slusarz <slusarz at bigworm.colorado.edu>).
[cjh] Configure administration services in the Registry
      (Marcus I. Ryan <marcus at riboflavin.net>).
[cjh] Add API methods for getting the preferences and identities of users
      other than the logged-in user.
[cjh] Allow setting the Content-Disposition of MIME_Part objects.
[cjh] Add Crypt:: framework (Michael M Slusarz <slusarz at bigworm.colorado.edu>).
[max] Add Brown Horde theme (Marco Obaid <marco at muw.edu>).
[jon] Allow the LDAP version to be specified for the LDAP preferences driver.
[jan] Add theme preference.
[jan] Add callback funtion for preferences.
[jon] Remove the $conf['menu']['floating_bar'] functionality.
[jan] Load only login page on startup and redirect to frameset after login.
[cjh] Don't allow anonymous access to problem.php.
[cjh] Add en_GB locale.
[cjh] Remove extensions on temporary files; this is a temp race hole.
[cjh] Allow for auto-creation of permissions (multiple levels of hierarchy).
[cjh] Add adding/removing of users from groups.
[cjh] Create temp files with the right extension in MIME_Viewer_enscript:: so
      enscript has more clues to guess file type.
[cjh] The admininstration interface for Groups and Permissions is now
      mostly functional.
[cjh] Make application authentication an Auth:: driver, instead of a special
      Registry case.
[cjh] Fix problems with the Notification stack and register_globals being off.
[jon] Alter Horde::img() to explicitly accept an alt="" attribute.  Horde::img()
      now generates title="" attributes based on the alt="" text, too.
[cjh] Notification::notify() passes the message stack to all listeners, so that
      listeners don't have to know about the message stack, and app writers
      don't have to know about all possible listeners.
[cjh] Replace the HORDE_* message constants with 'horde.error', etc. for
      greater flexibility.
[cjh] Remove Horde::raiseMessage() now that the Notification system
      provides that functionality.
[cjh] Use the new Notification system.
[cjh] Remove other Registry get() methods.
[jon] Remove support for the horde_language cookie.
[jan] Move the maintenace framework from IMP to Horde (Michael M Slusarz
      <slusarz at bigworm.colorado.edu>).


------
v2.2.5
------

[jan] Add Indonesian language (Slamin <slamin at unej.ac.id>).
[jan] Add Galician translation (Rafael Varela Pet <srrafa at usc.es>, Guillermo
      Mendez <guille at usc.es>).
[mms] Fix downloading of files with spaces in Mozilla.


------
v2.2.4
------

[mdj] SECURITY: Add dereferer to strip off session information from links to
      the outside of the Horde system to protect against session hijacking.
[mms] SECURITY: Add code to protect against session fixation issues.
[jan] Fix a bug with importing vCard 2.1 data.
[jan] Add Arabic (Syria) translation (Platinum Development Team
      <devteam at platinum-sy.net>).
[jan] Add Macedonian translation (Stojan Pesov <ssp at eureka.com.mk>).
[mir] Fix a bug that incorrectly quotes pref values (Bug #1224)
[cjh] Fix a bug that prevented logging.
[mms] DB session handlers do not use persistent connections by default.


------
v2.2.3
------

[mms] Fix parse error in Horde_Cipher_BlockMode_ofb64::.


------
v2.2.2
------

[mms] Optimization of Secret:: and Horde_Cipher:: drivers.
[jan] Add Catalan translation (Angels Guimerà <angels.Guimera at uab.es>).
[mms] Added a RADIUS Auth:: driver.
[mir] Added a Samba Auth:: driver.
[cjh] Added the Horde_Image:: class.


------
v2.2.1
------

[jan] Fix incompatibility with PHP < 4.2.0 in the SQL VFS driver.
[jan] Fix undefined variable in Cipher.php (cjh).
[mms] Complete merging of SQL session handler.


----
v2.2
----

[cjh] Add support for user-defined session handlers
      (Mike Cochrane <mike at graftonhall.co.nz>).
[mac] Change Secret:: from using PEAR Crypt_HCEMD5 to the Horde_Cipher class.
[mac] Add Horde_Cipher:: class to provide a common abstracted interface to
      various Ciphers for encryption of arbitrary length pieces of data.
[mms] Correctly get charset information for MIME_Parts in MIME_Structure.
[jan] Add Latvian translation (Kaspars Kapenieks <kaspars at rcc.lv>).
[jan] Add Romanian translation (Corneliu MUSAT <cmusat at tiamat.keysys.ro>).
[jon] Added support for an <eref> entity to the help system.  This allows an
      external link to be embedded in a help entry. (<g.hort at unsw.edu.au>)
[cjh] Rename VFS:: to Horde_VFS:: for PEAR packaging.
[cjh] VFS:: is now packaged so that it can be exported as a PEAR component.
[cjh] Add a multi-user SQL VFS backend (Mike Cochrane <mike at graftonhall.co.nz>).
[cjh] The VFS api now consistently takes a temp file in the write() method
      across all backends (Michael Varghese <mike.varghese at ascellatech.com>).
[cjh] Add a VFS API for storage of files in an abstracted filesystem.
[cjh] Add a preference to allow maintenance ops with no confirmation screen
[cjh] Replace 'show' attribute in the registry with a more flexible 'state'
      attribute.
[jan] Allow setting the number of columns in the summary screen as a user
      preference (Brian Keifer <brian at valinor.net>).
[cjh] Add Horde::getGet() and Horde::getPost().
[cjh] Add an initial_application preference so users can select an app
      to be taken to instead of the Horde Summary on login.
[cjh] Make text, icon, or both menus a user preference
      (KaalH! <kaalh at smol.org>).
[cjh] Add a parameter for setting the session timeout.
[cjh] Add a parameter for setting the session delimiter.
[mms] Add MIME_Magic::filenameToMIME().
[jan] Use arg_separator.output instead of hardcoding '&' (David Ulevitch
      <davidu at everydns.net>).
[jan] Add Notification::count() (David Ulevitch <davidu at everydns.net>).
[cjh] Add Auth::isAdmin().
[cjh] Allow loading of sub-classes from several additional sources.
[jan] Remove references to not yet released applications (Gollem, Troll).
[cjh] Rewrite Category_sql implementation to be much more efficient.
[jan] Add Lithuanian translation (Darius Matuliauskas <darius at lnk.lt>).
[mms] Add Horde::compressOutput().
[mms] Add a kerberos Auth:: driver.
[jan] Add Bulgarian translation (Miroslav Pendev <pendev at hotmail.com>).
[jan] Remove deprecated DB::isWarning() calls.
[mms] Add Horde::createTempDir().
[cjh] Add Horde::usingSSLConnection().
[cjh] Replace <?= with <?php echo to remove the short_open_tags requirement.
[jan] Add Text::toHTML(), Text::highlightQuotes() and Text::dimSignature().
[cjh] Add Registry::listApps().
[cjh] Add Prefs::getPref() for getting preferences for someone other than the
      logged-in user.
[cjh] Add the ability to load identities for someone other than the logged-in
      user.
[mms] Add Horde::removeParameter().
[mms] All browser headers for downloading a file have been moved to the
      Browser:: class.
[jan] Add detection for UTF capability to Browser class.
[mms] Added images MIME_Viewer.
[bjn] Add PostgreSQL command flag (Richard G Konlon <RGKonlon at 1MailPlace.com>).


----
v2.1
----

[jan] Add Hungarian translation (Laszlo L. Tornoci <torlasz at xenia.sote.hu>).
[jan] Add Norwegian Nynorsk translation (Per-Stian Vatne <psv at orsta.org>).
[jon] Major overhaul to the LDAP preferences driver. Note the changes to
      config/horde.php and scripts/ldap/horde.schema when upgrading.
[jan] Add Slovenian translation (Jure Krasovic <jurek at rcc-irc.si>).
[cjh] Add a Horde preferences screen, and a preference to refresh the summary
      screen.
[cjh] Add text/enriched MIME_Viewer
      (Eric Rostetter <eric.rostetter at physics.utexas.edu>).
[jan] Improve language selection.
[jan] Add Japanese translation (B.J. Black <william.black at sun.com>).
[cjh] Close a potential problem with register_globals On and $js_onLoad.
[jan] Add Prefs::isDefault() method to determine if a preference's value is
      set by the user or the default value from prefs.php.
[jon] Overhauled LDAP preferences driver.
[cjh] Make Horde::dispelMagicQuotes() recursive, so that it handles arrays.
[cjh] Have Secret::setKey() check for the session cookie explicitly, to avoid
      problems with old cookies being sent to a site when they are really
      disabled.
[cjh] Add a PrefsUI class for handling the form processing and UI generation
      for user preferences; this code was duplicated all through Horde.
[cjh] Add a mapping function to the enscript driver which maps file
      extensions to enscript language codes, and pass the language
      directly to enscript, to avoid having to use a file extension.
[cjh] Fix MIME_Magic::MIMEToExt() to work with x-extension/ext types.
[cjh] Add MIME_Magic::MIMEToExt() to map MIME types to file extensions.
[cjh] Rewrite Perms:: to use the Categories backend.
[jan] Change the Norwegian Bokmal locale from no_BOK to nb_NO and make it the
      default language for Norwegian users.
[cjh] Make Horde's login screen nicer; include reasons in it.
[cjh] Use HORDE_TEMPLATES for all template paths.
[cjh] Use $registry->getParam() for all Registry information.
[cjh] Removed administration code which is incomplete and confusing to users.
[jan] Add Estonian translation (Toomas Aas <toomas.aas at raad.tartu.ee>).
[jan] Add Slovak translation (Leo Mrafko <leo at oel.sk>).
[jon] Enable the "portability" option in the PEAR DB (sql) drivers.
[cjh] Use Horde's 'initial_page' configuration value in the Horde frameset.
[jan] Add Portugues translation (Nuno Loureiro <nuno at eth.pt>).
[jan] Rebuild the language selection logic. The language selected on the login
      screen is now respected and the site's standard language is defined in
      lang.php instead of each application's preferences.
[jan] Add javascript to set the frameset's page title (Michael Cochrane
      <mike at graftonhall.co.nz>).
[jan] Add Ukrainian translation (Andriy Kopystyansky <anri at polynet.lviv.ua>).
[jan] Update gettext documentation and Makefiles for Solaris and Debian.
[jon] Maintenance fixes from Michael M Slusarz <slusarz at bigworm.colorado.edu>.
[jan] Add Danish translation (Martin List-Petersen <martin at list-petersen.dk>).


----
v2.0
----

[jan] Add Norwegian Bookmal translation (Oystein Steimler <oystein at rexta.net>).
[avsm] Add .htaccess files to deny access to data directories.
[jan] Add Finnish translation (Leena Heino <liinu at uta.fi>).
[cjh] Fix one last problem with POP3 and multipart/alternative attachments.


--------
v2.0-RC4
--------

[rich] Include rewritten and reorganized documentation.
[cjh] Add an MSPowerpoint MIME_Viewer.
[jan] The language cookie was removed in favor of new methods in the Lang::
      class that select the language and set the gettext domain.
[avsm] Include Chora in this release cycle, but not showing in the toolbar.
[cjh] Add MIME_Viewer_zip.
[cjh] Trim registry.php.dist to only list apps in this release cycle.
[jan] Add deleteObject() method to the SessionCache class.
[bjn] Change 'en' and 'en_EN' locales to 'en_US' (default).


--------
v2.0-RC3
--------

[cjh] Recognize a few Palm.net browsers and set quirks/features accordingly.
[cjh] Support for adding and listing LDAP users given a set schema.
[cjh] Set the session cookie parameters with our cookie_path/cookie_domain
      settings. This means that you can be logged into multiple Horde
      installations on the same server (different paths) and not have the
      sessions interfere.
[cjh] Use 'hostspec' consistently in Auth drivers.


--------
v2.0-RC1
--------

[jan] Add Brazilian Portuguese translation (Carlos Daniel Kibrit <kibrit at terra.com.br>).
[jan] Add Greek translation (Stefanos I. Dimitriou <sdimitri at teiath.gr>).
[jan] Add vCard MIME driver. Changed config/mime_drivers.php.dist.
[jan] Add Swedish translation (Andreas Dahlén <andreas at dahlen.ws>).
[jan] Add Korean translation (J.I Kim <aporie at netian.com>).


------
v1.3.5
------

[jon] Added $file and $line parameters to Horde::fatal().
[jon] Removed the PREFS_* and AUTH_* constants in favor of PEAR_Error objects.
[avsm] Don't depend on the registry being available when displaying
      the 'Horde is not configured' message.
[cjh] Clean up the Identity class to be a generalized, clean piece of the
      framework that can be used in other apps and subclassed if necessary.
[cjh] Make failure to connect to the preferences datasource a fatal error.
[cjh] Added the Serialize:: class for various methods of encapsulating data
      (steph <shuther at yahoo.fr>).
[cjh] Added the capability to get authentication credentials other than
      username back from the Auth framework, and completed the
      authentication realm functionality.
[jon] Allow the table cell and link CSS classes to be specified when creating
      menu items.
[jan] Add registry method for linking to a nag task.
[jan] Add identity class.
[max] Add Registry::getName() for querying application names.
[cjh] Horde now provides the Horde::logMessage() method for logging of
      information according to configurable priorities, etc.
[jan] Add functionality to map date and time fields to the Data class.
[cjh] Add the beginnings of a user administration system.
[cjh] Add Chinese (Traditional) translation (David Chang
      <david at thbuo.gov.tw>).
[jan] Add Italian translation (Giovanni Meneghetti <gmeneghetti at infvic.it>).
[jan] Add Data class for importing and exporting data.
[jon] Cleaned up the help system a bit.
[cjh] Add Horde::fatal() for displaying PEAR_Error objects and aborting.
[avsm] Extend Horde::getTempFile() to allow directory to be overridden.
[avsm] Allow temporary files to be unregistered from deletion.
[avsm] Add a Cache framework for persistently storing objects, along
       with a filesystem driver.
[jan] Add Polish translation.
[cjh] Fix a problem with $registry->call() and switching application
      contexts.
[cjh] Get rid of the invoke() methods in the registry.
[cjh] Don't re-include application config files; save configs in a cache so
      that we can just point $GLOBALS['conf'] at the old config on
      $registry->popApp(), etc.
[jan] Add French translation (Frederic Trudeau <ftrudeau at CAM.ORG>).
[cjh] Add Czech translation (pchytil at asp.ogi.edu).
[jan] Add new timezone handling with cleartext timezone names in lang.php.
[cjh] Add Russian translation (Ignat Ikryanov <ignat at ibd.ru>).
[jon] New methods in Browser.php for retrieving versions. <izzy at qumran.org>
[jon] Browser.php now detects Opera. <izzy at qumran.org>
[cjh] Move the language and charset defaults into config/lang.php, and add a
      Registry method to get the current charset.
[cjh] Map browser codes such as 'nl' to the full code ('nl_NL', etc.).
[avsm] Replace $conf['paths'] with the $registry equivalents.
[avsm] Add four registry functions to query webroots and paths.
[avsm] Many MIME_Viewer changes: API tweaks, new drivers, works with IMP.
[cjh] $conf['user']['online_help'] is now a Horde-level setting.
[avsm] Enable applications to have local MIME_Viewer drivers in addition
       to the global Horde ones.
[avsm] Shuffle around the MIME_Viewer API: getDriver() is now private
[avsm] Add an 'initial_page' option to the registry, to let us link into
      any page inside an application.
[cjh] Add a framework-level base.php file and make framework scripts use it.
[cjh] Add re-organized but still mostly out of date HELP/LISTS/SOURCE files
      (Josh Miller <joshlists at nebonet.com>).
[cjh] Add a parameter that determines whether or not apps are linked on the
      Horde menubar.
[cjh] Clear the whole session when the user logs out of Horde.
[jon] Added Prefs::isEmpty() for determining whether a preference is empty.
[jon] Added an $onclick parameter to Horde::link() for specifying an anchor's
      'onclick' JavaScript event.
[cjh] Use the *url() functions more consistently to make sure that
      cookie-less sessions work.
[cjh] Modify css.php to use the Registry to get application file paths.
[cjh] Add cookie_path and cookie_domain settings for people who keep apps
      outside of the Horde webroot or on multiple servers.


------
v1.3.4
------

[cjh] Add a Horde summary framework, which uses the Registry to get
      summaries of available data - tasks, events, etc. - for the Horde
      login screen.
[cjh] The preferences settings should be Horde-wide, and so have been moved to
      horde/config/horde.php.
[cjh] Move prefs.gif and generic prefs templates into Horde.
[cjh] Move setting of the gettext domain into the Registry.
[jon] Simplified the preference system's cleanup functions.
[jon] Merge doctype.inc into common-header.inc.
[jon] Added Text::htmlspaces() and Text::htmlallspaces().
[cjh] Add an option to Horde::getTempFile() to not delete the file at the
      end of the request.
[cjh] Add a &singleton() method to the Registry class.
[jon] Added Nag interface to the registry.
[jon] Expanded the registry to handle importing application-specific
      configuration values.
[max] Add auth/login and auth/logout options for Gollem in the registry.
[max] Add Registry::getMethod function.
[max] Add contacts/sources service to the registry.
[cjh] Rename the Connection classes to Token.
[cjh] Rename the ObjectStore class to SessionCache.
[jon] Adding Dutch language.
[avsm] Add icon support to the MIME_Viewer framework
[avsm] Update the MIME_Viewer API to include getDriver() and getIcon()
[jon] Overhauled the preferences caching system a bit.
[cjh] Update Browser:: to recognize IE6.
[jon] Added Horde-wide and driver-specific cleanup methods to the preferences
      system.
[cjh] Remove the strtolower() from Lang::select() which was preventing
      proper locale names (like pt_BR) from working correctly.
[max] Added authentication handler to the Registry.
[jon] The 'session' preferences driver now honors preference scope.
[max] Made sitename title configurable.
[jon] Reworked the Menu::customItem() to accept PHP data structures instead
      of a string of encoded parameters.
[avsm] Added MIME_Viewer framework to handle rendering files into HTML
       (and other) formats in a user-extensible fashion (experimental)
[avsm] New MIME_Magic and mime_mapping.php config file (experimental)
[avsm] Two new temporary file handling functions, Horde::getTempFile() and
      Horde::getTempDir() to take care of the housekeeping of temp files.
[max] Added contacts/add service to registry.
[cjh] Registry::call() is now Registry::link(). There is a new
      Registry::call() which actually returns the result of a function call
      made to another application.
[cjh] Fix DB query result checking in sql drivers.
[cjh] Fix help so that generic help links (on menu bars) show the topic list
      correctly.
[cjh] Make the login form nicer, and add a logout link.
[cjh] Make sure all of the sql drivers use DB::quoteString() on all strings.
[cjh] Replace a @mysql_query() that was hiding in Connection/sql.php with
      $this->db->query().
[cjh] Return basename($language) from Lang::Select() to avoid possible
      exploits.
[cjh] Add Registry::hasMethod() for checking if a piece of functionality has
      been registered with Horde.
[jon] Another large overhaul to the preferences system.  Note that the
      isChangeable() function has been renamed isLocked().  There is also
      support for preference scope (via isShared() and setShared()).
[jon] Added capaiblity tests to those drivers that require non-standard PHP
      extensions (handled by Horde::functionCheck()).
[jon] Added an Auth_LDAP Horde authentication driver.
[cjh] Add little snippet-templates for dynamically building preference GUIs.
[cjh] Rename the Auth interface's auth() method to authenticate() to avoid
      overlapping the name of the constructor for the Auth parent class.
[cjh] The configuration array is now simply $conf. Any settings that must be
      accessible unchanged (not overridden) should be put into $conf['horde'].
      Everything else is fair game for applications to override.
[cjh] Add a wml/wap login form.
[max] Add an Auth_FTP Horde authentication driver.
[cjh] Add an Auth_MCAL Horde authentication driver.
[cjh] The Horde login form now actually does something. Logging in to it
      gets you a token in your session saying that you've authenticated and
      who you are. Apps can then use this information to allow or deny
      access, and to identify users.
[cjh] The format of the config/registry.php file has changed drastically to
      be more readable and less indirect. There is also a new app parameter,
      'allow_guests', which defines whether or not a user is allowed to
      access the application without logging in to Horde.
[cjh] The Auth:: classes now expect to receive a userid and an array of
      credentials. Right now all backends assume that those credentials
      contain a password, but the way is clear to have other kinds of auth
      (IP, time-based, whatever).
[jon] Added a new parameter to the LDAP preferences driver: 'always_bind'.
[cjh] Added a Menu:: class that all modules can use to generate menu items.
[jon] Cleaned up the LDAP preferences driver a bit.
[jon] Added session-level preferences caching to the preferences system.
[cjh] Have Horde::link() make sure that the status text is safe for
      javascript (htmlentities, addslashes).
[cjh] Fix ObjectStore to work when register_globals = On.
[jon] Added a Session-based preferences driver.


------
v1.3.3
------

[cjh] Further revamp the MIME interface. Be consistent in capitalization
      (acronyms are capitalized), break out MIME_Structure and MIME_Message
      into seperate files, and put all methods into classes.
[cjh] Add Horde::getFormData() to fetch a variable from either
      $HTTP_POST_VARS or $HTTP_GET_VARS (and to clean magic quotes, if
      necessary).
[cjh] Remove the Log:: class. This is part of PEAR now.
[cjh] Add a SessionCache:: class. This is intended for storing objects in
      the session intended for near-term use, and will currently start
      throwing out objects when more than 20 are put in. This will hopefully
      keep any one session from growing too large.
[cjh] Use the new PEAR class Mail_rfc822:: to parse address lists, so that
      we get rfc 822 group support (my-buddies: jon at horde,org,
      max at horde.org;), which imap_rfc822_parse_adrlist() doesn't have.
[max] Make Horde XHTML 1.0 compliant.
[cjh] Add a few fields to the problem report and try to make it more friendly.
[cjh] Flesh out the Mime:: class.
[cjh] Move trimEmailAddress() into the new Mime:: class.
[cjh] Move set_env_in_string() to Text::expandEnvironment().
[cjh] Rename horde_cleanup() to _fileCleanup().
[cjh] The zlib module now supplies a gzencode() function that obsoletes
      HTTP_Cache::gzEncode().
[cjh] Modify Horde::url() so that it defaults $conf['use_ssl'] to 2
      (auto-detect current mode).
[cjh] Modernize some of the Horde frontend (still lots to do here); get rid
      of package.HTMLDocument.php once and for all.
[avsm] Breakdown all special characters in URLs to entities, to avoid
      ambiguity in how various browsers parse them.
[cjh] Add Horde::raiseMessage() for creating Horde messages to be displayed
      to the user.
[cjh] Some general UI tweaks - font size, etc.
[cjh] Remove rfcdate() in favor of the new 'r' parameter to date.
[cjh] Added application 'webroot' and 'fileroot' properties to the registry
      config file. These allow more flexibility in placing apps, and let the
      registry work from more places.
[cjh] Moved package.Registry.php to Registry.php.
[cjh] Commented config/horde.php.dist heavily.
[cjh] Add a Secret:: class to Horde.php that provides a transparent
      interface to either the mcrypt extension (preferred) or the PEAR
      Crypt_HCEMD5:: class.
[jon] Accept a user-defined function for performing username lookups in the
      preferences code.  The preferences constructor looks for the function
      in $params['user_hook'].
[cjh] Check HTTP_ENV_VARS for the user-agent as well as HTTP_SERVER_VARS.
[cjh] Remove mailfrom() in favor of the PEAR Mail:: interface. Adjust the
      conf files and problem.php accordingly.
[cjh] Add a set of invoke() methods to the Registry:: class for directly
      invoking services (ie, actually popping up a window) instead of
      printing links to invoke them.
[cjh] Clean up package.Mime.php a bit; don't set a charset on MIME parts
      that aren't text.
[cjh] Added a file driver for the Connection:: class.
[cjh] Added a WAP index to provide quick links to all Horde wireless pages.
[cjh] Add basic WAP browser detection to Browser::. Currently this is of the
      "it detects the phone I have and the simulator I use" variety; it is
      _very_ far from complete.
[cjh] Added Max Kalika's Connection:: class for connection tracking.
[cjh] HTTP_Cache:: now compresses content without the use of a temp file.
[cjh] Fleshed out the Auth:: class with the ability to cache authorization
      in the session.
[jon] Removed the scripted wordwrap in favor of the native function.  Moved
      the wrap_message() function to Text::wrap().
[jon] Standardize on the rfcdate() function in lib/Horde.php.
[cjh] The prefs drivers now expect $params['hostspec'], for consistency with
      PEAR.
[cjh] The PEAR sql prefs driver now works.
[cjh] Move horde configuration values that should not be overridded by
      modules into $horde['horde'][] to allow modules to do
      overriding/inheritance of other options.
[cjh] Add the HTTP_Cache:: class to Horde.php for ETag generation, gzip
      compression of http content, etc.
[cjh] Replace $horde['localhost'] with $HTTP_SERVER_VARS['SERVER_NAME'].
[cjh] Reject outright envelope From addresses with spaces in them.
[cjh] Quote the from address passed to sendmail to prevent shell exploits.
[cjh] Update Browser.php to use HTTP_SERVER_VARS, consolidate the javascript
      version information, and add ssl_download_hack for browsers that need
      downloads to be cacheable.
[jon] Add Text::filter to lib/Horde.php.
[cjh] Check the return value of pclose() correctly in mailfrom().
[jon] Security fix for $from value in mailfrom(). <cw at coc-ag.net>
[jon] Silence session_start warnings.
[jon] Added new |extra| substitution to config/registry.php for extra,
      non-standard parameter passing.
[jon] Remove buildURL().  It's been replaced by Horde::url().
[jon] Restructured the SQL preferences schema.
[cjh] Added $horde['session_name'] to control the session name globally.
[cjh] Session:: doesn't really buy us anything, so we've moved the utility
      methods that do into Horde::, and are just using php4 session calls
      elsewhere.
[cjh] Added the beginnings of User and Auth interfaces, with a bare-bones
      working Auth_sql implementation.
[jon] Rewrote the Session class for instantiation with hooks for
      user-defined session handlers.
[cjh] The bare-bones implementation of the Perms scheme, with a sql driver,
      works. If you pass it a full path it will traverse up it, returning
      the first permission it finds.
[jon] Moved the language handling functions in Horde.php into their own
      classed named Lang.
[cjh] More consistent/css-based look for the help system.
[cjh] Starting to remove all uses of call-time pass-by-reference.
[cjh] Added css.php for automagical generation of stylesheets for apps.
[jon] Promoted the WebClient class from lib/Horde.php to its own component
      named Browser.php.
[cjh] Use wordwrap in a slightly different way, which seems to produce much
      prettier quoting of messages.
[jon] Added Prefs/mysql.php driver from Max Kalika <max at the-triumvirate.net>.
[jon] New XML-based help subsystem.
[cjh] Renamed package.horde.php to Horde.php.
[cjh] Add img() and pimg() functions to the Horde:: class so that modules
      using only stylesheets don't need the HTMLDocument package.
[cjh] Omit the session name/id from the URL if we can verify that cookies
      are being accepted.
[jon] New wrap_message function that uses the native wordwrap function if it
      exists.
[jon] Updating header comment copyright information.
[jon] Report module versions in test.php output.
[cjh] mime_encapsulate() now uses an array instead of an object.
[jon] Removed the $_html['compose*'] sizing parameters from config/html.php.
[cjh] Leave Bcc: out of the headers that are passed to sendmail.
[jon] Rewrite a good portion of the scripts/set_perms.sh script so
      that it enforces an extremely high level of security.
[cjh] The valid_lang() function now requires $nls['languages'][<language>]
      to be set for a language to be considered valid (instead of just the
      locale directory existing).
[cjh] Added a &singleton() method to make it easier to only create one log
      instance, no matter when you need it.
[cjh] Now mailfrom() works for recipient addresses with single quotes or
      other characters that need to be escaped in them.
[cjh] Log class now has an mcal instance, a composite (for grouping multiple
      log backends), and observers register the level of events they want to
      hear about, and only get notified of events as important or more
      important than that level.
[cjh] Added a Log:: framework and syslog implementation, including a
      Log_observer class intended to sit on top of Lob objects and take
      action in exceptional circumstances.
[cjh] Make sure to always send a charset with emails.
[cjh] Improved the mime_decode() and mime_encode() functions.
[cjh] Updated test.php to recognize php4 stable releases.
[jon] Removed all of the locale/*.lang dependencies.
[jon] Assume the browser is frames-capable by default.
[cjh] Add horde_cleanup($filename), which takes care of deleting files that
      should be unlinked regardless of whether or not the request is
      canceled by the user before we finish executing.
[cjh] Remove phplib dependancy in favor of php4 sessions/PEAR.
[cjh] Replace use with require_once.
[cjh] Fixed up select_lang() to work (identical to 1.2 now)
[cjh] Horde is now under the LGPL.
[cjh] Fix mailfrom() so it doesn't send extra headers when using mail()
[cjh] Adding a 'margins' attribute to HTMLDocument to enable turning off
      document margins.


------
v1.3.2
------

[cjh] Replaced module.XML_RDF.php with a working copy.


------
v1.3.1
------

[cjh] Revamped the MimeMessage class to be much smaller and simpler.
[cjh] Replaced the MimePartData class with a set of functions that more
      cleanly and correctly implement the MIME standard.
[cjh] select_lang() now checks for en when the browser requests en_GB, etc.
[cjh] Replaced all calls to ereg* functions with preg* functions, for speed.
      Because of this we now require php 3.0.12 or later.


------
v1.3.0
------

[   ] German updated
[   ] Fixed the broken 'back' link in setup.php3 for non-English users
[   ] manager.php3, db.lib, and cohorts are now gone. They were all unmaintained, out of date, and not very useful.
      Various build scripts are updated to reflect this.
[jon] Removed config/defaults.php3 in preference of horde.php3
[   ] Fixed a setup.php3 bug where " was used instead of ' for $default values (mike)
[   ] New Finnish translations (Thanks to: leo.jaaskelainen at kolumbus.fi)
[   ] Fixed lynx support issue with login.php3
[   ] Fixed signup.php3 problems
[   ] Fixed problem.php3 problems (lynx support)
[   ] Added database creation scripts for building phplib complian tables
[   ] Moved all documentation (except README and COPYING) into docs/ subdir
[   ] Added a caching class so that caching can be turned on per page if needed


------
v1.1.1
------

[   ] Horde understands French (thanks to Mathieu Clabaut
      <clabault at multimania.com>)
[   ] Major frameset redesign
[   ] Auto registration/congiruation of modules


------
v1.0.3
------

[   ] Horde is now web surfable.
[   ] Horde handles lynx (pseudoly)
[   ] Extendable menus. (menu.txt in horde/config)
[   ] Signup, problem reporting, help functions are now part of horde

--- NEW FILE: CODING_STANDARDS ---
========================
 Horde Coding Standards
========================

:Date:		$Date: 2005/10/31 11:43:12 $
:Revision:	$Revision: 1.1 $
:Authors:   Jon Parise, Chuck Hagenbuch
:Contact:   dev at lists.horde.org

.. contents:: Contents
.. section-numbering::

Indenting
=========

Use an indent of 4 spaces, with no tabs.


Control Structures
==================

These include ``if``, ``for``, ``while``, ``switch``, etc.  Here is an example
``if`` statement, since it is the most complicated of them::

  if ((condition1) || (condition2)) {
      action1;
  } elseif ((condition3) && (condition4)) {
      action2;
  } else {
      defaultaction;
  }

Multi-line if conditions are braced this way::

  if ((condition1) || (condition2) || (condition3) ||
      (condition4)) {
      action1;
  }

Control statements should have one space between the control keyword and
opening parenthesis, to distinguish them from function calls.

Do not omit the curly braces under any circumstance.  In the case of a large
number of short tests and actions, the following is acceptable::

  if (condition)   { action; }
  if (condition 2) { action 2; }
  ...

For switch statements::

  switch (condition) {
  case 1:
      action1;
      break;

  case 2:
      action2;
      break;

  default:
      defaultaction;
      break;
  }


Function Calls
==============

Functions should be called with no spaces between the function name, the
opening parenthesis, and the first parameter; spaces between commas and each
parameter, and no space between the last parameter, the closing parenthesis,
and the semicolon.  Here's an example::

  $var = foo($bar, $baz, $quux);

As displayed above, there should be one space on either side of an equals sign
used to assign the return value of a function to a variable.  In the case of a
block of related assignments, more space may be inserted to promote
readability::

  $short         = foo($bar);
  $long_variable = foo($baz);

If assigning a reference to a variable, place the ampersand next to the
referenced object, not the equal sign::

  $reference = &$foo;
  $reference = &foo();


Function Definitions
====================

Function declaractions follow the "one true brace" convention::

  function fooFunction($arg1, $arg2 = '')
  {
      if (condition) {
          statement;
      }
      return $val;
  }

Arguments with default values go at the end of the argument list.  Always
attempt to return a meaningful value from a function if one is appropriate.

Functions used only in the current script/class (e.g. private member methods)
should begin with a ``_`` character (e.g. ``_exampleLibrary``).  This helps
distinguish these private function calls from other, public function calls.


Naming Libraries
================

Libraries (any file located in the ``lib/`` directory of the application)
should be named with capital letters at the beginning of each word.  Use
studlycaps for naming; a session cache class would be stored in
``lib/SessionCache.php``.

If the library/class is extended, the extending files should be stored in a
directory under ``lib/`` with the same name as the original library.
Subclasses follow the exact same naming requirements, except that if the
subclass is instantiated by a factory method, it should be all lowercase.

Example
-------

The "Example Library" library should be saved as ``lib/ExampleLibrary.php``.
Any file extending the library/class should be stored in the directory
``lib/ExampleLibrary/``.


Comments
========

Inline documentation for classes should follow the `Javadoc convention`_.

.. _Javadoc convention: http://java.sun.com/products/jdk/javadoc/writingdoccomments/index.html

Quick example for private variable definition for Horde::

    /**
     * Variable description.
     *
     * @var datatype $variable name
     */

Quick example function definition for Horde::

    /**
     * The description of the function goes here.
     *
     * @access [public | private]
     *
     * @param [optional] datatype $variablename   Description of variable.
     * @param [optional] datatype $variable2name  Description of variable2.
     * ...
     * [Insert 2 spaces after the longest $variable definition, and then line
     *  up all descriptions with this description]
     *
     * @return datatype  Description of return value.
     * [Once again, insert 2 spaces after the datatype, and line up all
     *  subsequent lines, if any, with this character.]
     *
     * @abstract [Only if necessary]
     *
     * @since Horde x.x [Only if necessary - use if function is added to the
     * current release versions to indicate that the function has not been
     * available in previous versions.]
     */


Including Code
==============

If you are including a class, function library, or anything else which would
cause a parse error if included twice, always use `include_once`_.  This will
ensure that no matter how many factory methods we use or how much dynamic
inclusion we do, the library will only be included once.

If you are including a static filename, such as a conf file or a template that
is *always* used, use `require`_.

If you are dynamically including a filename, or want the code to only be used
conditionally (an optional template), use `include`_.

.. _include_once: http://www.php.net/manual/en/function.include-once.php
.. _require: http://www.php.net/manual/en/function.require.php
.. _include: http://www.php.net/manual/en/function.include.php


PHP Code Tags
=============

Always use ``<?php ?>`` to delimit PHP code, not the ``<? ?>`` shorthand.
This is required for PEAR compliance and is also the most portable way to
include PHP code on differing operating systems and setups.

In templates, make sure to use this as well (``<?php echo $varname ?>``), as
the shortcut version (``<?= $var ?>``) does not work with `short_open_tag`_
turned off.

.. _short_open_tag: http://www.php.net/manual/en/configuration.directives.php#ini.short-open-tag


Header Comment Blocks
=====================

All source code files in the Horde distribution should contain the following
comment block as the header:

Example for `LGPL`_'ed Horde code::

    /**
     * The Horde_Foo:: class provides an API for various foo
     * techniques that can be used by Horde applications.
     *
     * $Horde: horde/docs/CODING_STANDARDS,v 1.80 2004/04/09 01:59:19 jon Exp $
     *
     * Copyright 1999-2001 Original Author <author at example.com>
     * Copyright 2001 Your Name <you at example.com>
     *
     * See the enclosed file COPYING for license information (LGPL). If you
     * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
     *
     * @author  Original Author <author at example.com>
     * @author  Your Name <you at example.com>
     * @version $Revision: 1.1 $
     * @since   Horde 3.0
     * @package Horde_Package
     */

.. _LGPL: http://www.opensource.org/licenses/lgpl-license.php

Example for `GPL`_'ed application code::

    /**
     * The App_Bar:: class contains all functions related to handling
     * bars in App.
     *
     * $Horde: horde/docs/CODING_STANDARDS,v 1.80 2004/04/09 01:59:19 jon Exp $
     *
     * Copyright 1999-2001 Original Author <author at example.com>
     * Copyright 2001 Your Name <you at example.com>
     *
     * See the enclosed file COPYING for license information (GPL). If you
     * did not receive this file, see http://www.fsf.org/copyleft/gpl.html.
     *
     * @author  Original Author <author at example.com>
     * @author  Your Name <you at example.com>
     * @version $Revision: 1.1 $
     * @since   App 1.0
     * @package app
     */


.. _GPL: http://www.opensource.org/licenses/gpl-license.php

There's no hard rule to determine when a new code contributer should be added
to the list of authors for a given source file.  In general, their changes
should fall into the "substantial" category (meaning somewhere around 10% to
20% of code changes).  Exceptions could be made for rewriting functions or
contributing new logic.

Simple code reorganization or bug fixes would not justify the addition of a
new individual to the list of authors.


CVS Tags
========

Include the <dollar>Horde: <dollar> CVS vendor tag in each file.  As each file
is edited, add this tag if it's not yet present (or replace existing forms
such as <dollar>Id<dollar>, "Last Modified:", etc.).

EXCEPTION: Don't include these in templates.


Example URLs
============

Use ``example.com`` for all example URLs, per `RFC 2606`_.

.. _RFC 2606: http://www.faqs.org/rfcs/rfc2606.html


php.ini settings
================

All Horde code should work with `register_globals`_ disabled.  This means
using ``$_COOKIE``, ``$_SESSION``, ``$_SERVER`` and ``$_ENV`` to access all
cookie, session, server and environment data, respectively.

To retrieve posted data (in the global ``$_GET`` and ``$_POST`` variables),
you should normally use `Util::getFormData()`_ which will automatically run
`Util::dispelMagicQuotes()`_. This will ensure that all Horde code will work
regardless of the setting of `magic_quotes_gpc`_. The only time you should not
use `Util::getFormData()`_ is if you want to directly access a GET or POST
variable instead; in this case, you should use `Util::getGet()`_ or
`Util::getPost()`_ respectively.

All Horde code should work with `error_reporting`_ = E_ALL. Failure to do so
would result in ugly output, error logs getting filled with lots of warning
messages, or even downright broken scripts.

No Horde code should assume that '.' is in the include path. Always specify
'./' in front of a filename when you are including a file in the same
directory.

.. _register_globals: http://www.php.net/manual/en/security.registerglobals.php
.. _magic_quotes_gpc: http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc
.. _error_reporting: http://www.php.net/manual/en/ref.errorfunc.php#ini.error-reporting
.. _Util::getFormData(): http://dev.horde.org/api/framework/Horde_Util/Util.html#methodgetFormData
.. _Util::dispelMagicQuotes(): http://dev.horde.org/api/framework/Horde_Util/Util.html#methoddispelMagicQuotes
.. _Util::getGet(): http://dev.horde.org/api/framework/Horde_Util/Util.html#methodgetGet
.. _Util::getPost(): http://dev.horde.org/api/framework/Horde_Util/Util.html#methodgetPost


XHTML 1.0 Compliance
====================

All tag names and parameters must be lower case including javascript event
handlers::

    <font color="#FFFFFF">...</font>
    <a href="http://example.com" onmouseover="status=''" onmouseout="status=''">...</a>

All tag parameters must be of a valid parameter="value" form (numeric values
must also be surrounded by quotes).  For parameters that had no value in HTML,
the parameter name is the value.  For example::

    <input type="checkbox" checked="checked">
    <select name="example">
        <option selected="selected" value="1">Example</option>
    </select>
    <td nowrap="nowrap">Example</td>

All tags must be properly closed.  Tags where closing is forbidden must end
with a space and a slash::

    <br />
    <hr />
    <img src="example.gif" alt="Example" />
    <input type="submit" value="Example" />

All form definitions must be on their own line and either fully defined within
a ``<td></td>`` pair or be outside table tags.  Forms must also always have an
action parameter::

    <form method="post" action="http://example.com/example.cgi">
    <table>
        <tr><td>example</td></tr>
    </table>
    </form>

    <table>
        <tr><td>
            <form action="javascript:void(0)" onsubmit="return false;">
            </form>
        </td></tr>
    </table>

All JavaScript tags must have a valid language and type parameters::

    <script language="JavaScript" type="text/javascript">
    <!--
    ...
    // -->
    </script>

Nothing may appear after ``</html>``, therefore include any common footers
after all other output.

All images must have an ``alt`` attribute::

    <img src="example.gif" alt="<?php echo _("Example") ?>" />
    <?php echo Horde::img('example.gif', _("Example")) ?>                  (On the HEAD branch)
    <?php echo Horde::img('example.gif', 'alt="' . _("Example") . '"') ?>  (On the RELENG_2 branch)

Input fields of type "image" do not allow the border attribute and may render
with a border on some browsers.  Use the following instead::

   <a href="" onclick="document.formname.submit(); return false;"><?php echo Horde::img("example.gif", _("Example")) ?></a>



Database Naming Conventions
===========================

All database tables used by Horde resources and Horde applications need to
make sure that their table and field names work in all databases.  Many
databases reserve words like 'uid', 'user', etc. for internal use, and forbid
words that are SQL keywords (select, where, etc.).  Also, all names should be
lowercase, with underscores ('_') to separate words, to avoid case sensitivity
issues.

A good way to do this for field names is to make the field name
tablename_fieldname.

Other general guidelines: Table names should be plural (users); field names
should be singular (user_name).


Regular Expression Use
======================

Always use the `preg_`_ functions if possible instead of `ereg_`_ (and
`preg_split()`_ instead of `split()`_); they are included in PHP by default
and much more efficient and much faster than `ereg_`_.

**NEVER** use a regular expression to match or replace a static string.
`explode()`_ (in place of `split()`_), `str_replace()`_, `strstr()`_, or
`strtr()`_ do the job much more efficiently.

.. _preg_: http://www.php.net/manual/en/ref.pcre.php
.. _ereg_: http://www.php.net/manual/en/ref.regex.php
.. _preg_split(): http://www.php.net/manual/en/function.preg-split.php
.. _split(): http://www.php.net/manual/en/function.split.php
.. _explode(): http://www.php.net/manual/en/function.explode.php
.. _str_replace(): http://www.php.net/manual/en/function.str-replace.php
.. _strstr(): http://www.php.net/manual/en/function.strstr.php
.. _strtr(): http://www.php.net/manual/en/function.strtr.php


Parameter Passing
=================

Objects should be passed by reference.  Everything else, including arrays,
should be passed by value wherever semantically possible.

[Zend Engine 2: objects should also be passed by value]

This practice takes full advantage of reference counting.


Long Lines
==========

Wrap lines at 80 characters, including comments, unless this severely impacts
the clarity of the code.  Always wrap comments.


Line Breaks
===========

Only use UNIX style of linebreak (``\n``), not Windows/DOS/Mac style
(``\r\n``).

Using vim, to convert from DOS style type::

    :set ff=unix

Using vi, to convert from DOS style type::

    :g/^M/s///g

(Note that the ``^M`` is a control character, and to reproduce it when you
type in the vi command you have to pad it first using the special ``^V``
character.)


Private Variables
=================

Variables used exclusively within a class should begin with a underscore ('_')
character.  An example class variable definition:  ``var $_variablename;``


Array Definitions
=================

When defining arrays, or nested arrays, use the following format, where
indentation is noted via the closing parenthesis characters::

    $arrayname['index'] = array(
        'name1' => 'value1',
        'name2' => array(
            'subname1' => 'subvalue1',
            'subname2' => 'subvalue2'
        )
    );

The only exception should be for empty arrays, which may be written on a
single line such as::

    $arrayname['index'] = array();


Internationalization (I18n)
===========================

Mark all strings presented to the user as gettext strings by calling the
gettext shortcut function (``_()``)::

    echo _("Hello world");

Don't use the gettext functions for strings that will be written to a log file
or otherwise presented to the administrator.

The String:: class contains several string manipulation methods that are, as
opposed to their PHP equivalents, locale and charset safe.

Use String::convertCharset() if you need to convert between different
character set encodings (for example, between user input and a storage backend
or data from an external source and the user interface).  You don't need to
care if the character sets are really different.

Use the String::lower() and String::upper() methods without a second
parameter if you need to perform a locale-independent string conversion.  
That's the case for all strings that are further processed or interpreted by
code.  Use these methods with the second parameter set to true for strings
that need to be converted correctly according to the current (or specified)
character set.

Use the other String:: equivalents of PHP string functions to manipulate
strings correctly according to the current (or specified) character set but
use the PHP functions for code/machine processed strings.


Error checking
==============

Horde code should use `PEAR_Error`_ objects to return most error conditions
from library calls, and many times we will simply pass back a `PEAR_Error`_
object generated by an underlying library (such as Mail or PEAR DB).

For these cases, use the following style of code block to check for success
after any call which could generate an error condition::

    $result = $something->call('may error');
    if (is_a($result, 'PEAR_Error')) {
        // Handle error condition.
    } else {
        // Succeeded.
    }

Note that `is_a()`_ checks for subclasses of the named class, as well, so if
the object you get back is really a `DB_Error`_ object, this will still catch
it (since `DB_Error`_ extends `PEAR_Error`_).

Calling PEAR::isError() results in the same behavior, but is_a()
accomplishes the same result with a single native PHP function call.

.. _PEAR_Error: http://pear.php.net/manual/en/core.pear.pear-error.php
.. _DB_Error: http://pear.php.net/manual/en/package.database.db.db-error.php
.. _is_a(): http://www.php.net/manual/en/function.is-a.php


Existence checking
==================

Often you'll need to check whether or not a variable or property exists.
There are several cases here:

a. If you need to know if a variable exists at all and is not ``null``, use
`isset()`_::

    // Check to see if $param is defined.
    if (isset($param)) {
        // $param may be false, but it's there.
    }

b. If you need to know if a variable exists AND has a non-empty value (not
``null``, 0, ``false``, empty string or undefined), use !`empty()`_::

    // Make sure that $answer exists, is not an empty string, and is
    // not 0:
    if (!empty($answer)) {
        // $answer has some non-false content.
    } else {
        // (bool)$answer would be false.
    }

As pointed out in the comment of the else clause, `empty()`_ essentially does
the same check as `isset()`_ -- is this variable defined in the current scope?
-- and then, if it is, returns what the variable would evaluate to as a
boolean. This means that 0, while potentially valid input, is "empty" - so if
0 is valid data for your case, don't use !`empty()`_.

c. If you know you are working with a mixed variable then using just
`isset()`_ and `empty()`_ could cause unexpected results, for example if
testing for a key and the variable is actually a string::

    $foo = 'bar';
    if (isset($foo['somekey'])) {
        // This will evaluate to TRUE!
    }

If you know that there is a possibility of a mixed type variable the solution
in this case would be to add an `is_array()`_ check in the ``if()`` statement.

d. Use `array_key_exists()`_ when you want to check if an array key is defined
even if it has a value of ``null``::

    // Make sure we have a charset parameter. Value could also be null.
    if (!array_key_exists('charset', $params)) {
        Horde::fatal('Incomplete configuration.');
    }

Please note that `array_key_exists()`_ is a performance hit (25%-100%) and
should only be used when necessary. Instead try to use !`empty()`_ or
`isset()`_ instead.

.. _isset(): http://www.php.net/manual/en/function.isset.php
.. _empty(): http://www.php.net/manual/en/function.empty.php
.. _is_array(): http://www.php.net/manual/en/function.is-array.php
.. _array_key_exists(): http://www.php.net/manual/en/function.array-key-exists.php


Quotes
======

You should always use single quote (') characters around strings, except where
double quote (") characters are required.  All literal strings should be in
single quotes.  A comparison of single and double quote usage follows:

Single Quotes:
  * Variables in the string are not parsed or expanded.
  * New line symbols can be included as literal line ends (not recommended).
  * To include a single quote character, escape it with a ``\`` (backslash)
    character, as in: ``echo 'Here\'s an example';``
  * To specify a ``\`` (backslash) character, double it: ``echo 'c:\\temp';``

Double Quotes:
  * Parses and expands variables in the string.
  * Uses advanced (`sprintf`_-style) escape sequences like ``\n``, ``\$``,
    ``\t``, etc.
  * Should be used in the gettext shortcut ``_("")`` format.
  * Use with care, as many correct looking strings are really invalid.

The following are all incorrect::

    echo "Today is the $date['day'] of $date['month']"
    $_SESSION[index] = $_SESSION["old_index"];

.. _sprintf: http://www.php.net/sprintf


define()
========

Surprisingly enough, `define()`_ is a somewhat slow function in PHP (as of PHP
4.3.x) so excessive use is discouraged.

Using `define()`_ in classes should be OK - we will sacrifice a tiny bit of
speed for readability of code.  `define()`_ should NOT be used for actionIDs -
use a plain old string instead.  For anything else, use your best judgment.

Additionally, every constant should be prefixed with ``HORDE_``, its package
name, or the application name.

.. _define(): http://www.php.net/manual/en/function.define.php


Optimizations
=============

The following optimizations should be used, if possible:

extension_loaded()
------------------
This appears to be an expensive PHP call.  Use Horde::extensionExists()
instead, which will cache the results of the call.

Loops
-----
Make sure that you do not continue to define the same variable within a
loop. Instead, declare the variable a single time before the loop is run.


.. vim: tabstop=4 shiftwidth=4 softtabstop=4 expandtab textwidth=78:

--- NEW FILE: CONTRIBUTING ---
HORDE: How to Help
------------------

There are many ways in which you can help out in the development of any of
the Horde projects. The first and best way you are already doing: you're
using them. One of the keys to a great product is its users. Without users
we can't find bugs or get feedback on what's good and what's bad.

It is darn near impossible for the developers to test the code on every
Operating System and every different version of Web Browser available to make
sure the code runs smoothly everywhere.  Linux is not Windows, and IE is not
Mozilla, and it is (frequently) difficult to to predict behavior between
platforms/browsers.

With this said, one of the best ways you can help is to test. If you can
help us smooth out the code across all (or even any) platforms, you're doing
a great service to the project.

Now, if that's not enough and you want to dig in and help code, you should
first subscribe to the project lists, particularly the general Horde
developers list dev at lists.horde.org (see http://www.horde.org/mail/ for
information on subscribing to the mailing lists).  Additionally, you MUST
read the Horde Coding Standards to ensure that the code your submitting will
want to be analyzed and potentially committed by the developers (see 
CODING_STANDARDS in this directory).  You should probably read the various
README files (for that matter, all the documentation in the docs/ directory)
for the particular application you are working on also.

Please send any comments or questions pertaining to this document to
<core at horde.org>.

$Horde: horde/docs/CONTRIBUTING,v 1.3 2004/03/11 07:54:12 slusarz Exp $

--- NEW FILE: CREDITS ---
========================================
|| HORDE Version 3.0 Development Team ||
========================================


===============
Core Developers
===============

Chuck Hagenbuch <chuck at horde.org>
- original Horde design and programming
- stuff

Jon Parise <jon at csh.rit.edu>
- preferences subsystem
- help subsystem
- general code maintenance
- miscelleaneous functions
- shell scripts
- documentation
- html doctor
- stuff

Anil Madhavapeddy <anil at recoil.org>
- to quote Chuck: 'stuff'

Rich Lafferty <rich at horde.org>
- documentation

Jan Schneider <jan at horde.org>
- themes
- i18n, l10n
- stuff

Michael Slusarz <slusarz at bigworm.colorado.edu>
- MIME rendering/handling code
- Other stuff


============
Localization
============

Arabic (Syria)          Platinum Development Team <devteam at platinum-sy.net>
Brazilian Portuguese    Carlos Daniel Kibrit <kibrit at terra.com.br>
Bulgarian               Miroslav Pendev <pendev at hotmail.com>
Catalan                 Angels Guimerà <angels.Guimera at uab.es>
Chinese (Simplified)    WangHengWen <whw at my169.com>
                        Liaobin <liaobin at jite.net>
Chinese (Traditional)   David Chang <david at thbuo.gov.tw>
Czech                   Pavel Chytil <paja at asp.ogi.edu>
Danish                  Martin List-Petersen <martin at list-petersen.dk>
Dutch                   Jan Kuipers <jrkuipers at lauwerscollege.nl>
Estonian                Toomas Aas <toomas.aas at raad.tartu.ee>
Finnish                 Leena Heino <liinu at uta.fi>
French                  Frederic Trudeau <ftrudeau at cam.org>
                        Thierry Thomas <thierry at pompo.net>
                        Benoit St-André <ben at benoitst-andre.net>
Galician                Rafael Varela <rafael.varela at usc.es>
                        Guillermo Mendez <guille at usc.es>
German                  Jan Schneider <jan at horde.org>
Greek                   Stefanos I. Dimitriou <support at teiath.gr>
                        Silligardos Xristoforos
                        Anagnostopoulos Apostolis
Hungarian               Laszlo L. Tornoci <torlasz at xenia.sote.hu>
Indonesian              Slamin <slamin at unej.ac.id>
Italian                 Paola Carpenter <pcarpenter at infvic.it>
                        Giovanni Meneghetti <gmeneghetti at infvic.it>
                        Federico Giannici <giannici at neomedia.it>
Japanese                B.J. Black <william.black at sun.com>
                        Takeshi Morishima <tm at onepost.net>
Korean                  J.I Kim <aporie at netian.com>
Latvian                 Kaspars Kapenieks <kaspars at rcc.lv>
Lithuanian              Darius Matuliauskas <darius at lnk.lt>
                        Vilius Sumskas <vilius at lnk.lt>
Macedonian              Stojan Pesov <ssp at eureka.com.mk>
Norwegian Bokmaal       Oystein Steimler <oystein at rexta.net>
Norwegian Nynorsk       Per-Stian Vatne <psv at orsta.org>
Polish                  Mariusz Zynel <mariusz at math.uwb.edu.pl>
Portuguese              Nuno Loureiro <nuno at eth.pt>
Romanian                Corneliu Musat <cmusat at tiamat.keysys.ro>
Russian                 Ignat Ikryanov <ignat at ibd.ru>
                        Fedor A. Fetisov <faf at ssc.ru>
Slovak                  Leo Mrafko <leo at oel.sk>
                        Ivan Noris <noris at bgs.sk>
Slovenian               Jure Krasovic <jurek at rcc-irc.si>
Spanish                 Raúl Alvarez Venegas <rav at tecoman.ucol.mx>
Swedish                 Andreas Dahlén <andreas at dahlen.ws>
Turkish                 Genco Yilmaz <gencoyilmaz at yahoo.com>
Ukrainian               Andriy Kopystyansky <anri at polynet.lviv.ua>


======
Themes
======

Barbie          Atif Ghaffar <aghaffar at developer.ch>
Brown           Marco Obaid <marco at muw.edu>
Camouflage      Atif Ghaffar <aghaffar at developer.ch>
Cherry          Christophe Guilloux <rootix at bootix.net>
Green           Nacer Laradji <laradji at tuxfamily.org>
Grey            Nacer Laradji <laradji at tuxfamily.org>
Lavender        Ziaur Rahman <zia at qalacom.com>
Light-Blue      Atif Ghaffar <aghaffar at developer.ch>
Mozilla         Michael Cochrane <mike at graftonhall.co.nz>
Orange          Ronnie Garcia <ronnie at mk2.net>
Simplex         Cariad Ilmàra <cariad at adnx.net>
Sun             Christophe Guilloux <rootix at bootix.net>


=============
Contributions
=============

HTML to Text Converter: Jon Abernathy <jon at chuggnutt.com>


===================
Inactive Developers
===================

Ivan E. Moore II <rkrusty at tdyc.com>
Mike Hardy <mike at itsprojects.com>

$Horde: horde/docs/CREDITS,v 1.73 2004/04/29 15:13:55 jan Exp $

--- NEW FILE: HACKING ---
Horde Development Resources
===========================

Online resources for developing with Horde (including Horde Framework
API documentation) are available at:

   http://dev.horde.org/   


Hacking on Horde from CVS
=========================

Horde and its modules use CVS for source control. CVS is well-documented,
but the manual page assumes you already know how it works. An excellent
guide to getting started with CVS is _Open Source Development with CVS_
by Karl Fogel. It's published by Coriolis, and the technical part of the
book is available for free on the Web at 

   http://cvsbook.red-bean.com/

The paper version includes chapters on organizing and managing Open
Source development. You can obtain a CVS client for your operating
system at CVSHOME, at 

   http://www.cvshome.org/downloads.html

of them may be found at http://www.cyclic.com - they support CVS
commercially, even though it is an open source program.

You will need a CVS client to do any of the following (check out the Cyclic
homepage if you don't have one).

For those already familiar with CVS, the anonymous CVSROOT is:

    :pserver:cvsread at anoncvs.horde.org:/repository


Downloading Horde modules from CVS
----------------------------------

You will want to do this if you want bleeding edge code.

1. Go to the directory you want to download the code to:

      cd ~/work

2. Set CVSROOT to the location of the CVS repository. (You could also
   pass cvs the name of the CVS root with the "-d" option.) Be
   sure to note the colon (":") in front of "pserver".

  (in sh, ksh, bash, zsh):
      CVSROOT=:pserver:cvsread at anoncvs.horde.org:/repository
      export CVSROOT

  (in csh, tcsh):
      setenv CVSROOT :pserver:cvsread at anoncvs.horde.org:/repository

3. Login to the anonymous CVS repository. When prompted for a 
   password, enter "horde".
      
      cvs login

4. Check out the module you want to download from the repository.
   Replace MODULE with horde, imp, turba, troll, and so forth.
   (The "-z3" tells cvs to compress the data it sends over the network,
   uncompressing it when you 

      cvs -z3 co MODULE

   If you want to check out a particular branch of a module (for example,
   the older STABLE_2_2 branch of IMP), include the branch tag like so,
   replacing TAG with the name of the branch:

      cvs -z3 co -r TAG MODULE

5. As you work with the software, you can periodically update your
   tree to match the master tree at any time, from the top directory
   of the module. Using "horde" as an example module:

      cd ~/work/horde
      cvs -z3 update


Obtaining a CVS account
-----------------------

If you're going to be a regular contributor to Horde, then you can
request a CVS account in order to commit your changes to the
repository yourself. (If you're only going to be contributing once in
a while, there truly is no need for you to have one, as posting your
changes to the application's mailing list will suffice to get your
changes reviewed and included.)

If you do get commit access to the CVS tree, you will have the ability
to mess some things up. Not for good, mind you, as CVS allows updates
to be backed off, but you still need to remember what you're doing and
be careful what you commit and when you commit it. Because of this, we
prefer that you submit your work to the mailing list for a while so we
can tell you know what you're doing.

If you're not a committer, the best way to submit a patch is to send
it either to the application's mailing list or to dev at lists.horde.org.
For more information on Horde mailing lists, see

   http://www.horde.org/mail/


Committing changes to CVS
-------------------------

Once you have a CVS account, you will need to log into the CVS server
so it knows who you are and can grant you the appropriate rights to
work on the sources.

The CVSROOT is different for committers; instead of the repository
listed above, set CVSROOT to

   :ext:USERNAME at cvs.horde.org:/repository

replacing USERNAME with your cvs username.

The committers' repository does not use pserver. You will need to have
ssh installed on your system, and have arranged with one of the core
developers to put your SSH key on the system. If you have not done
this, talk to one of the core developers.

To get cvs to use ssh, you will need to set the environment variable
CVS_RSH to "ssh" in your shell.

You do not need to do "cvs login"; you will be prompted for the 
passphrase for your SSH key whenever you access the repository.

You may also wish to set the environment variable EDITOR to point to
your favorite text editor. This way when you commit software changes
and it asks you to enter a change description, you can do so in your
favorite editor.

Then, for work on developmental, bleeding-edge versions:

  1) Check out the code by typing "cvs co MODULE"
  2) Work on the code <hack, hack, hack>
  3) Commit any changes with "cvs commit FILENAMES" in the directory the
     files are in.

Sometimes, others will make changes and you will need to update your tree so
the changes show up in your local sources. You do this with the "cvs update"
command in the horde directory. Please be sure to update your tree regularly;
merging changes is considerably more work than running "cvs update".

To work with any tagged branch (to patch a stable release, for instance):

  1) Check out the code with "cvs co -r TAG MODULE"
  2) Work on the code <hack, hack, hack>
  3) Commit any changes with "cvs commit FILENAMES" in the directory the
     files are in.

If somebody else also makes changes to the labeled version, you can get them
in your local source tree with the "cvs update" command issued in the module
directory.

If you are done working with the labeled source branch, and would like
to move back into the bleeding-edge development source tree, you can
issue the command "cvs update -A" to update everything to the current
"HEAD" version.

(We used to document how to merge code from HEAD into a labeled branch here,
but since it was heavily peppered with "talk to core developers first",
it's been elided to prevent errors of experimentation. If you think you need
to do that, you have to talk to core developers anyhow -- they'll explain
how.)


Other CVS Notes
---------------

If you do end up getting a CVS account, here are some tips to help keep
things going smoothly:

1. Subscribe to the cvs at lists.horde.org and dev at lists.horde.org mailing
   lists.

2. Be sure to modify the file docs/CHANGES to reflect the changes to the
   code you are committing.

3. If you're planning on doing anything major, please let people know in
   advance on the dev@ or application mailing lists as appropriate.

   Developers need to communicate extensively in order to make sure everyone
   knows what's going on. This is extremely important when you work on
   key components.

4. Use the Bug Tracking System. Currently we are using Bugzilla to
   keep track of bugs. All new submissions are being cc'd to the
   cvs at lists.horde.org mailing list so that if we aren't paying
   attention, we'll at least get mail about it. Using the Bugs database
   helps us keep track of issues we are having and where we stand with
   the product.

5. Remember to advance the library version whenever anything major is
   changed.


Please send any comments or questions pertaining to this document to
core at horde.org.

-------------------------------------------------------------------------

Copyright 1999 Ivan E. Moore II <rkrusty at tdyc.com>
Copyright 1999 Mike Hardy <mikeh at spark.com>

This code is licensed under the GNU Public License.
See the file COPYING in the top directory.


$Horde: horde/docs/HACKING,v 1.6 2003/08/29 21:56:51 jan Exp $

--- NEW FILE: INSTALL ---
========================================
|| INSTALLING THE HORDE 3.0 FRAMEWORK ||
========================================

This document contains instructions for installing the Horde
Framework on your system.

The Horde Framework, by itself, does not provide any significant end
user functionality; it provides a base for other applications and
tools for developers. When you have installed Horde as described
below, you will probably want to install some of the available Horde
applications, such as IMP (a webmail client), or Kronolith (a
calendar). There is a list of Horde applications and projects at
http://www.horde.org/projects.php.

If you are interested in developing applications for Horde, there is
developer documentation and references available at
http://dev.horde.org/, and some tutorials and papers on Horde
available at http://www.horde.org/papers/.

For information on the capabilities and features of Horde, see
the file README in the top-level directory of the Horde
distribution.


OBTAINING HORDE
---------------

The Horde Framework can be obtained from the Horde website and FTP
server, at

   http://www.horde.org/horde/
   ftp://ftp.horde.org/pub/horde/

Or, better yet, use a mirror that is closer to you.  The mirror list can be
found at:

   http://www.horde.org/mirrors.php

(For the rest of the documentation, all links will point to the main Horde
website - simply replace www.horde.org with the hostname of your preferred
mirror to access the files at a mirrored location.)

The "tarballs/" subdirectory contains the Horde PHP files which can
be unpacked using tar+gunzip (see INSTALLING HORDE, below).  If you
are using Red Hat Linux and prefer to use RPMs, they can be found
here:

   ftp://ftp.horde.org/pub/RPMS/

(For an RPM install, consult the README file in the RPM directory
for important instructions!)

Bleeding-edge development versions of Horde and its applications are
available via CVS; see the file docs/HACKING, or visit the website
http://www.horde.org/source, for information on accessing the Horde
CVS repository.

You will probably also want one or more Horde applications, since
Horde doesn't do much by itself; a list of available applications,
with links to descriptions and downloads, can be found at

   http://www.horde.org/projects.php

While previous versions of Horde were numbered to correspond with a
particular version of the IMP webmail application, that is no longer
true as of Horde version 2.0. The current version of Horde will work
with the current version of Horde applications.


PREREQUISITES
-------------

The following prerequisites are REQUIRED for Horde to function
properly.

  1. A webserver that supports PHP.

     Horde and its applications are developed under the Apache
     webserver, which we recommend. Apache is available from

        http://httpd.apache.org/

     Horde has also been reportedly used successfully under Microsoft IIS,
     among others.

  2. PHP 4.2.1 or above.

     PHP is the interpreted language in which Horde is written.
     You can obtain PHP at

        http://www.php.net/

     Follow the instructions in the PHP package to build PHP
     for your system. If you use Apache, be sure to build PHP
     as a library with the

         --with-apache
     or
         --with-apxs

     options to ./configure, and not as a standalone executable.

     The following PHP options are REQUIRED by Horde (listed with
     their own prerequisites and configure options). In many cases,
     the required libraries and tools can be obtained as packages from
     your operating system vendor.

       a. Gettext support. (--with-gettext)

          Gettext is the GNU Translation Project's localization library.
          Horde uses gettext to provide local translations of text
          displayed by applications. Information on obtaining the
          gettext package is available at

             http://www.gnu.org/software/gettext/gettext.html

          (See also note below on configuring translations.)

       b. XML and DOMXML support. (--with-xml --with-dom)

          Horde's help engine and component configuration require
          XML support. While some webservers (including recent Apache
          versions) have XML libraries built-in, others will require
          the expat XML parser libraries, available from

             http://www.jclark.com/xml/expat.html

          IMPORTANT: You must have BOTH XML libraries installed for Horde
                     to work properly!

     The following PHP options are RECOMMENDED to enable advanced features
     in Horde:

       a. A preferences container.

          Horde applications can store user preferences in an SQL
          database, an LDAP directory, or in PHP sessions.

          For SQL database preferences storage, Horde is
          thoroughly tested on MySQL (--with-mysql) and PostgreSQL
          (--with-pgsql) and has been reported to work with Oracle
          (--with-oracle). It may also work with any other database
          supported by PEAR, but they are untested.

          Preferences can also be stored via LDAP (--with-ldap).

          Alternatively, preferences can be stored in PHP sessions,
          which requires no external programs or configure options,
          but which will not maintain preferences between sessions.

          While the LDAP or database server need not be running on
          the machine onto which you are installing Horde, the
          appropriate client libraries to access the LDAP or
          database server must be available locally.

          If a preference container is not configured, no preference
          options will be configurable via Horde's web interface - the
          default values stored in each applications config/prefs.php
          file will be used.

       b. Mcrypt support (--with-mcrypt)

          Mcrypt is a general-purpose cryptography library which is
          broader and significantly more efficient (FASTER!) than
          PHP's own cryptographic code. You can obtain mcrypt from

             http://mcrypt.sourceforge.net/

          Building PHP without mcrypt support will not stop Horde
          from working, but will force it to use weaker (and much slower)
          encryption.

       c. UTF-8 support (--with-iconv --enable-mbstring)

          If these extensions are enabled, Horde can support the UTF-8 
          character set (meaning that content with any charset can be viewed
          with any translation).

       d. GD support (--with-gd)

          Horde will use the GD extension to perform manipulations on image
          data through the Horde_Image library.

          If you want GD to be able to work with PNG images, you should use
          the --with-png-dir option to make sure PHP can find the PNG
          libraries it needs to compile.
          
          If you want GD to be able to work with JPEG images, you should use
          the --with-jpeg-dir option to make sure PHP can find the JPEG

          You can also use the ImageMagick package
          (http://www.imagemagick.org/) to do these manipulations instead.
          See horde/config/conf.php for more details.

     ** Additionally, individual Horde applications may REQUIRE other     **
     ** options to be built into PHP also. Please check docs/INSTALL      **
     ** for all applications you wish to use to see if other PHP options  **
     ** are needed.                                                       **


  3. Additional PEAR Modules

     PEAR is short for "PHP Extension and Application Repository".
     The goal of PEAR is to provide a means of distributing reusable
     code.

     For more information, see http://pear.php.net/

     ** Make sure you are running a supported (i.e. new enough) version **
     ** of PEAR: use the test script described below under Section 5 of **
     ** "Configuring Horde".                                            **

     These PEAR modules are REQUIRED to be installed for complete Horde
     functionality:

       a. Log
       b. Mail_Mime
       c. VFS

          To install, enter the following at the command prompt:
            pear install Log Mail_Mime VFS

     These PEAR modules are RECOMMENDED to be installed:

       a. File

          REQUIRED only if you wish to import CSV files.
          To install, enter the following at the command prompt:
            pear install File

       b. Date

          REQUIRED only if you are dealing with calendar data.
          To install, enter the following at the command prompt:
            pear install Date

       c. XML_SVG

          REQUIRED only if you are dealing with SVG image elements.
          To install, enter the following at the command prompt:
            pear install XML_SVG

     This method of installing PEAR modules requires that your PHP has
     been compiled as a static binary. If you installed PHP as a webserver
     module, recompile PHP without the module option (for Apache, without
     BOTH --with-apache and --with-apxs) and do a 'make install'.

     Note that recent versions of PHP (4.3.0+) build both a SAPI module
     (Apache, CGI, etc.) and a command-line (CLI) binary at the same
     time. Check if you have a php binary in /usr/local/bin (/usr/bin if
     if you installed from an operating system package) before recompiling.

     If you receive the error "Could not read cmd args",
     you should run the pear script this way:
       php -d register_argc_argv=1 _PEAR_ install _URL_

     _PEAR_ is the complete path of the pear script installed by PHP
     during installation (e.g. /usr/local/bin/pear).
     Make sure the 'pear' script appears in your path. The default
     installation path for pear is '/usr/local/bin/pear'.

     _URL_ is the URL, listed above, which you wish to download
     from.

     If you are unable to find any of the above PEAR packages, make
     sure you have allowed the installation of beta packages. Check
     for this by typing the following on the command line:
       pear config-get preferred_state

     If PEAR reports the preferred_state as 'stable', then run the following
     command to add support for installing beta packages:
       pear config-set preferred_state beta

     For more detailed directions on installing PEAR modules, see
     the PEAR documentation at http://pear.php.net/manual/

  4. Additional PECL Modules

     PECL is short for "PHP Extension Community Library".
     The goal of PECL is to provide a means of easily distributing 
     PHP extensions.

     For more information, see http://pecl.php.net/

     PECL is the "sister" of PEAR and uses the same packaging and
     distribution system as PEAR, so the configuration/setup is essentially
     identical to the PEAR instructions above.

     These PECL modules are RECOMMENDED to be installed:

       a. fileinfo

          Allows Horde modules to guess the MIME type of files by analyzing
          their contents.

          If not enabled, Horde will use its own PHP code to perform MIME
          magic lookups.  However, this lookup is slower, less accurate, and
          detects fewer MIME types than the PECL extension will.

          To install, enter the following at the command prompt:
            pear install fileinfo

     For additional help on using the pear command-line program to install
     PECL extensions, see the PEAR installation section above.


The following non-PHP prerequisites are RECOMMENDED, or are REQUIRED
if you use a specific Horde application (as noted in [brackets]):

  1. Sendmail or equivalent.

     Horde uses sendmail, or a program that implements the
     sendmail(8) API (as included with postfix, qmail, and exim,
     among others). If your system does not already have a full
     mail transport with a sendmail interface, you can configure
     Horde to speak directly with a remote SMTP server, but this
     may incur a performance penalty.


INSTALLING HORDE
----------------

Horde is written in PHP, and must be installed in a web-accessible
directory. The precise location of this directory will differ from
system to system. If you have no idea where you should be installing
Horde, install it directly under the root of your webserver's document
tree.

(For an RPM installation, consult the README file in the RPM directory
for important instructions!  The following instructions are for a tarball
installation.)

Since Horde is written in PHP, there is no compilation necessary;
simply expand the distribution where you want it to reside and rename
the root directory of the distribution to whatever you wish to appear
in the URL. For example, with the Apache webserver's default document
root of '/usr/local/apache/htdocs', you would type::

   cd /usr/local/apache/htdocs
   tar zxvf /path/to/horde-3.0.tar.gz
   mv horde-3.0 horde

At this point, the Horde framework modules need to be installed. This must be
done as root (or another user with sufficient administrator priviledges)::

   cd horde/framework
   php -q install-packages.php

For Windows systems - use the ``install-packages.bat`` file instead.
For Debian systems - the command-line PHP interpreter might be called ``php4``
instead of ``php``.

You would then find Horde at the URL::

   http://your-server/horde/


CONFIGURING HORDE
-----------------

1. Configuring the web server

   Horde requires the following webserver settings. Examples shown are
   for Apache; other webservers' configurations will differ.

   a. PHP interpretation for files matching "*.php"

         AddType application/x-httpd-php .php

   NOTE: The above instructions may not work if you have specified
         PHP as an output filter with SetOutputFilter directive 
         in Apache 2.x versions.  In particular, Red Hat 8.0 and
         above Apache 2.x RPMS have the output filter set, and
         MUST NOT have the above AddType directive added.

   b. "index.php" as an index file (brought up when a user requests
      a URL for a directory)

         DirectoryIndex index.php

2. Creating databases

   The specific steps to create a preferences storage container depend
   on which database you've chosen to use.

   First, look in scripts/db/ to see if a "_create" script already
   exists for your database. If so, you should be able to simply
   execute that script as superuser in your database.  Consult the
   scripts/db/README file for more information.

   Be sure to change the default password, "horde", to something
   else before creating the tables! (Remember to use this password
   when you configure Horde in the next step.)

   If such a script does not exist, you'll need to build your own, using
   the files auth.sql, prefs.sql, and category.sql as a starting point.
   If you need assistance in creating databases for a database for
   which no "_create" script exists, you may wish to let us know on
   the Horde mailing list.

   Note that the "_drop" scripts in the scripts/db/ directory remove
   the changes made by the "_create" scripts.

3. Configuring Horde

   To configure Horde, change to the config/ directory of the
   installed distribution, and make copies of all of the configuration
   "dist" files without the "dist" suffix:

      cd config/
      for foo in *.dist; do cp $foo `basename $foo .dist`; done

   Or if you are installing Horde an a Windows system:

      cd config
      copy *.dist *.

   Documentation on the format of those files can be found in each
   file. You must at least complete the "Preferences System Settings"
   section of conf.php and provide paths to helper applications in
   mime_drivers.php.

   Configuration of applications in registry.php is documented in
   the INSTALL file of each application.  Most applications require
   you to configure them with a "Horde administrator" account.  A
   Horde administrator account is any normal Horde account that has been
   listed in the $conf['auth']['admins'] array in horde/config/conf.php
   It is recommended that you define an administrator account at this
   time.

   The other files in that directory need only be modified if you wish
   to customize Horde's appearance or behaviour -- the defaults will
   work at most sites.

   Note for international users:  Horde uses GNU gettext to provide local
   translations of text displayed by applications; the translations are
   found in the po/ directory.  If a translation is not yet available
   for your locale (and you wish to create one), or if you're having
   trouble using a provided translation, please see the horde/docs/TRANSLATIONS
   file for instructions.

4. Securing Horde

   a. Passwords

      Some of Horde's configuration files contain passwords which local
      users could use to access your database. It is recommended to ensure
      that at least the Horde configuration files (in config/) are not
      readable to system users. There are .htaccess files restricting
      access to directories that do not need to be accessed directly;
      before relying on those, ensure that your webserver supports
      .htaccess and is configured to use them, and that the files in
      those directories are in fact inaccessible via the browser.

      An additional approach is to make Horde's configuration files
      owned by the user 'root' and by a group which only the webserver
      user belongs to, and then making them readable only to owner and
      group. For example, if your webserver runs as www.www, do as
      follows:

         chown root.www config/*
         chmod 0440 config/*

   b. Sessions

      Session data -- including hashed versions of your users'
      passwords, in some applications -- may not be stored as securely
      as necessary.

      If you are using file-based PHP sessions (which are the default),
      be sure that session files are not being written into /tmp with
      permissions that allow other users to read them. Ideally, change
      the 'session.save_path' setting in php.ini to a directory only
      readable and writeable by your webserver.

      Additionally, you can change the session handler of PHP to use any
      storage backend requested (e.g. SQL database) via the
      $conf['sessionhandler']['type'] parameter. See config/conf.php
      for further information.

5. Testing Horde

   Once you have configured your webserver, PHP, and Horde, bring up the
   included test page in your Web browser to ensure that all necessary
   prerequisites have been met. If you installed Horde as described
   above, the URL to the test page would be

      http://your-server/horde/test.php

   Check that your PHP and PEAR versions are acceptably recent, that
   all required module capabilities are present, and that
   magic_quotes_runtime is set to Off. Then note the "Session counter: 1"
   line under "PHP Sessions", and reload the page. The session counter
   should increment.


CONFIGURING APPLICATIONS
------------------------

A list of available Horde applications can be found at

   http://www.horde.org/projects.php

Instructions on configuring Horde applications can be found in
the INSTALL file in the application's docs/ directory.


TEMPORARY FILES
---------------

Various Horde applications will generate temporary files in PHP's
temporary directory (see the $conf['tmpdir'] entry in config/conf.php).
For various reasons, some of these files may not be removed when the
user's session ends. To reclaim this disk space, it may be necessary to
periodically delete these old temporary files.

An example cron-based solution can be found at scripts/temp-cleanup.cron.
Another possible solution is to use Red Hat's "tmpwatch" utility to remove
old files (see http://www.redhat.com/).


OBTAINING SUPPORT
-----------------

If you encounter problems with Horde, help is available!

The Horde Frequently Asked Questions List (FAQ), available on the Web
at

  http://www.horde.org/faq/

The Horde Project runs a number of mailing lists, for individual
applications and for issues relating to the project as a whole.
Information, archives, and subscription information can be found at

  http://www.horde.org/mail/

Finally, Horde developers, contributors and users also make occasional
appearances on IRC, on the channel #horde on the freenode Network 
(irc.freenode.net).

Please keep in mind that Horde is free software written by volunteers.
For information on reasonable support expectations, please read

  http://www.horde.org/support.php

Thanks for using Horde!

The Horde team
horde at lists.horde.org

$Horde: horde/docs/INSTALL,v 1.69 2004/04/29 19:37:26 slusarz Exp $

--- NEW FILE: PERFORMANCE ---
Some tips on performance tuning systems for Horde.  This does not cover
hardware tuning or even low level system (network, filesystem, etc) 
tuning.

Linux Tuning:
* Recompile RPMS for your architecture (e.g. i586, i686, athlon, etc).
  This applies most to your Apache, PHP, IMAP, and POP3 packages.

Apache/PHP tuning
* Consider a PHP accelerator program.  See for example
  The Zend Performance Suite (http://www.zend.com/horde.php), The ionCube PHP
  Accelerator (http://www.php-accelerator.co.uk/),
  or Turck MMCache for PHP (http://turck-mmcache.sourceforge.net/).
  These accelerators speed up access by caching the compiled PHP code,
  eliminating the need to recompile the code for every single page load. THIS
  IS PROBABLY THE EASIEST WAY TO IMPROVE THE PERFORMANCE OF HORDE.
* Compile PHP with the "--enable-inline-optimization" option to generate the
  fastest possible PHP executable.
* Only load as many Apache and PHP extensions as needed (to reduce memory
  usage).
* If using SSL with a large site, consider a hardware SSL accelerator.
* Use shared memory for the Apache SSL cache if possible.
* Use of the mcrypt PHP extension should significantly increase performance
  while also increasing security.
* Disable DNS lookups in your Apache logging, or use a caching DNS server
  on the web server host.
* Enable Apache keepalives.
* Enable PHP output compression (either in php.ini or horde/config/conf.php).
* Don't run PHP session garbage collection too often if using a slow
  storage medium (like SQL). (See session.gc_probability in php.ini)
* Consider using a faster storage medium for sessions, such as a tmpfs
  or other memory based file system.  If you are sure your apache setup
  is rock solid and you don't restart it there is a mm session driver.
  However, be aware that certain Horde applications (like IMP) make heavy
  use of caching data in sessions so memory based solutions may be exhausted
  quickly, particularly if there will be more than a single user.

Sending Mail
* Generally using a local sendmail command to send mail will result in better
  peformance than using a SMTP connection.
* Some MTA servers may be faster or more efficient than others.
  Consider switching to a faster format if needed.

IMAP tuning
* Consider an IMAP proxy for more persistent connections.  Some IMAP proxies
  are up-imapproxy (http://www.imapproxy.org/), imapproxy
  (http://www.horde.org/imapproxy/), and Perdition
  (http://www.vergenet.net/linux/perdition/).
* Some IMAP servers (or IMAP mailbox store formats) perform better than 
  others.  Consider switching to a faster format if needed.

Postgresql tuning
* Do a vacuum command periodically to tune your database
* Increase shared_buffers and sort_mem memory settings.
* If web server and database is on the same unix host, use unix sockets
  instead of network connections for database access.

MySQL tuning
* If web server and database is on the same unix host, use unix sockets
  instead of network connections for database access.
* Enable mysql query cache if you have sufficient RAM.  Edit your my.cnf
  file and add the following (change the memory size to meet your needs):
  set-variable = query_cache_size=128M 

$Horde: horde/docs/PERFORMANCE,v 1.8 2003/11/18 16:31:32 ericr Exp $

--- NEW FILE: RELEASE ---
=================================
|| Horde Release Process Notes ||
=================================

$Horde: horde/docs/RELEASE,v 1.22 2004/04/01 20:37:36 jan Exp $


The steps to use when cutting a new release:

-   Examine */docs/CHANGES files:

    --  Add the word SECURITY in front of any security-related changes,
        and move them to the top, to draw attention to them.

    --  Cull out the most important ones, and prepare the text of an
        announcement.

    --  Write the release announcements into the docs/RELEASE_NOTES file and
        check if it parses with `php -l docs/RELEASE_NOTES'.

-   Examine */README and docs/* files, and update the version if necessary.

-   Make sure your settings in horde/scripts/make-release-conf.php are
    correct.

-   If you want to use another CVSROOT than the default one, set the CVSROOT
    environment variable to a user with commit privs
    (e.g. user at cvs.horde.org:/repository) and change to an empty directory.

-   Make a "dry run" of the make-release.php script by adding "--nocommit
    --noftp --noannounce" to the command line parameters.

-   Create the tarballs/patches using (HEAD) horde/scripts/make-release.php:

    --  Must be run as root (to set file ownership).

    --  Can optionally add "--nocommit --noftp --noannounce" to do a "dry run"
        that will not make any CVS and FTP changes or announcements.

    --  Example commands (omit "--branch" when building HEAD):

        # make-release.php --module=horde --version=2.<n> --branch=RELENG_2
        # make-release.php --module=imp --version=3.<n> --branch=RELENG_3
        # make-release.php --module=turba --version=1.<n> --branch=RELENG_1

-   If upgrading from a release candidate, remove the old tarball from the FTP
    server.

-   Update the web site (hordeweb CVS directory):

    --  Edit top-level hordeweb/main.html

    --  For Horde, under hordeweb/horde edit:

        horde.html

    --  For IMP, under hordeweb/imp edit:

        3.0/2002 (or current year) 3.0/latest.html 3.0/imp.html
        download/download.html

    --  For Turba, under hordeweb/turba edit:

        content.txt download/download.html

    --  If applicable, under hordeweb/source edit:

        versions.html

-   Add new version to bugs.horde.org.


** Guidelines for release candidates (RCs):

* The last time we introduced a bug with code from a new minor release so
we had to release another version right after. This might always happen if
there is more than one change since the last release or if the changes were
done recently.

* If we have a security leak that needs to be plugged immediately, it is
the common way to release a new minor version that *only* contains the fix
for that leak.

* RCs are necessary for every release (except 3) because many translators
only update their translations when there is a new (minor) release cycle
starting because they don't translate on CVS versions.


** Example format for announcement messages:

The Horde Team is pleased to announce the (first release candidate|official
release) of the [MODULE NAME] version [VERSION].

[MODULE DESCRIPTION]

[Barring any problems, this code will be released as [MODULE] [VERSION].
Testing is requested and comments are encouraged.
Updated translations would also be great.]

Major new changes in this release:

    - [CHANGE 1]
    - [CHANGE 2]
    ...

--- NEW FILE: RELEASE_NOTES ---
<?php
/**
 * Release focus. Possible values:
 * 0 - N/A
 * 1 - Initial freshmeat announcement
 * 2 - Documentation
 * 3 - Code cleanup
 * 4 - Minor feature enhancements
 * 5 - Major feature enhancements
 * 6 - Minor bugfixes
 * 7 - Major bugfixes
 * 8 - Minor security fixes
 * 9 - Major security fixes
 */
$this->notes['fm']['focus'] = 5;

/* Mailing list release notes. */
$this->notes['ml']['changes'] = <<<ML
After more than two years of work, the Horde Team is very excited to
announce the first alpha release of the Horde Application Framework
Version 3.0.

The Horde Application Framework is a modular, general-purpose web application
framework written in PHP.  It provides an extensive array of classes that are
targeted at the common problems and tasks involved in developing modern web
applications.

This is a preview version that should not be used on production
systems.  Some small parts are missing and there are still a few bugs,
some of which are listed below.  You should not use this preview
version over existing production data.

The API, configuration items, or features may change before the final
release, but we encourage widespread testing and feedback via the mailing
lists or our bug tracking system. Translations are not ready to be updated
yet, since some strings will change before the final release.

Horde Version 3 differs from the 2.x releases in many ways, including the
following:
    * Full support for groups and arbitrary permissions.
    * Completely rewritten, fully RFC-compliant MIME system with many
      new MIME viewers.
    * Many i18n improvements, including full charset support for the whole
      framework.
    * User customizable portal page.
    * Theme support.
    * Access (shortcut) keys.
    * DHTML tree menu for applications, including Mozilla sidebar support.
    * XML-based application configuration through a graphical user interface.
    * Forms creation and validation API.
    * Template engine.
    * Crypt API with support for PGP/GPG and S/MIME.
    * XML-RPC and SOAP server and client, SyncML on the way.
    * Improved notification system.
    * Many new APIs like Compress, Image, PDF, History, iCalendar, SyncML,
      CLI, Version control, NLS, Timer, and SVG.

Known issues:
    * Documentation is not completely updated yet.
    * A global interface to identities is missing.
    * If inserting invalid data in a tabbed form (e.g. the configuration
      interface), the tab with the errors is not selected.
ML;

/* Freshmeat release notes. */
$this->notes['fm']['changes'] = <<<FM
New in this release: Full group and permissions support; a robust
RFC-compliant MIME API with many new viewers; many i18n improvements,
including full charset support; User customizable portals and themes;
shortcut keys for many actions; a DHTML tree menu for applications;
XML-based configuration available through your browser; XML-RPC and
SOAP clients and servers. New code APIs: forms creation/validation, a
template engine, a crypt API with support for PGP/GPG and S/MIME,
Compress, Image, PDF, History, iCalendar, SyncML, CLI, Version
control, NLS, Timer and SVG.
FM;

$this->notes['name'] = 'Horde';
$this->notes['fm']['project'] = 'horde';
$this->notes['fm']['branch'] = 'FRAMEWORK_3';

--- NEW FILE: SECURITY ---
===========================================================================
|| Horde Security Notes                                                  ||
===========================================================================

---------------
Temporary files
===============

Horde applications make extensive use of temporary files.  In order to 
make sure these files are secure, you should make sure your installation
meets the following criteria.

Some applications use the PHP tempnam() function call to create temporary
files.  As of PHP 4.0.3, PHP tempnam() calls the mkstemp() function
which is designed to prevent mischief such as /tmp races, symbolic
link retargeting, etc.  Sites using PHP earlier than 4.0.3 should upgrade
so as not to be vulnerable to such abuse by local users.

Sites may also gain increased security by defining an upload_tmp_dir
(in the php.ini file) which is writable by the web server, but not writable
by other users.  Since the temporary files may contain sensitive information
it is best to also make these file unreadable by other users.  That is,
they can be made readable and writable only by the web server user.


------------
PHP Sessions
============

For the most security, you should enable PHP session cookies by enabling
the php setting session.use_cookies.  When doing so, be sure to set an
appropriate session.cookie_path and session.cookie_domain also to secure
your cookies.

If PHP sessions are set to use the "files" save_handler, then these files
should be secured properly.  Sites can increase security by setting the
php setting session.save_path to a directory that is only readable and
writable by the web server process.  

Sites with a large user base should consider setting the session.entropy_file
and session.entropy_length to appropriate values.

Horde will encrypt the user credentials before storing them in the session.
However, this encryption can be improved if you have and enable the php
extension "mcrypt" which allows for stronger encryption than is otherwise
provided by Horde.


--------------------------
Default database passwords
==========================

The Horde documentation and sample database creation scripts create
a default user and password for accessing the horde database.  Using
this password in a production environment is a security hole, since an
attacker will easily guess it.

It is very important that sites change at least the password to
something secure. 


----------------------------------------------
Prevent configuration file reading and writing 
==============================================

The configuration files may contain sensitive data (such as database
passwords) that should not be read or written by local system users or
remote web users.

If you use a Unix system, one way to make the configuration files and
directories accessible only to the web server is as follows.  Here we
assume that the web server runs as the user "apache" and the files
are located in /home/httpd/html -- substitute the correct user or file
path if needed.

# chown -R apache /home/httpd/html/horde/config
# chown -R apache /home/httpd/html/horde/*/config
# chmod -R go-rwx /home/httpd/html/horde/config
# chmod -R go-rwx /home/httpd/html/horde/*/config

For completely fascist permissions, you can make the entire Horde tree
inaccessible by anyone except the web server user (and root):

# chown -R apache /home/httpd/html/horde
# chmod -R go-rwx  /home/httpd/html/horde
# chmod -R a-w   /home/httpd/html/horde/

Note that the last line makes all files unwritable by any user (only root
can override this).  This makes the site secure, but may make it more
difficult to administrate.  In particular, it will defeat the Horde 
administrative configuration interface, forcing you to update the Horde
configuration files manually (as per the INSTALL instructions).

The above will not secure the files if other user's on the same machine
can run scripts as the apache user.  If you need to protect against
this you should make other user's scripts run under their own account
with some facility such as apache's suexec module.  You need to watch
out not only for cgi scripts, but also for other modules like mod_php,
mod_perl, mod_python, etc. that may be in use on your server.


--------------------------
Restricting test.php files
==========================

The test.php files provide a wealth of information that can be used
against the site by attackers.  One you have confirmed that everything
is working, you should disable access to the test.php files.  You can
do this via the web server, or via system file permissions.  On a unix
system, you might issue a command such as:

# chmod a-rwx /home/httpd/html/horde/test.php
# chmod a-rwx /home/httpd/html/horde/*/test.php


-------------------------------------------------------------
Preventing Apache from serving configuration and source files
==============================================================

The Horde configuration files may contain sensitive data (such as
database passwords) that should not be served by the web server. Other
directories contain PHP source code that isn't intended for viewing
by end-users. The Horde group has provided .htaccess files in 
various directories to help protect these files.  However, that
depends on your web server honoring .htacess files (which is a
performance hit, and may not be available in all web servers).

An Apache site can also prevent the web server from serving these
files by adding sections to httpd.conf such as the following:

<Directory "/home/httpd/html/horde/config">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/lib">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/locale">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/po">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/scripts">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/templates">
    order deny,allow
    deny from all
</Directory>

Repeat this pattern for each Horde application.  For example, for IMP
you would then add:

<Directory "/home/httpd/html/horde/imp/config">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/imp/lib">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/imp/locale">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/imp/po">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/imp/scripts">
    order deny,allow
    deny from all
</Directory>
<Directory "/home/httpd/html/horde/imp/templates">
    order deny,allow
    deny from all
</Directory>


-------------
Setup scripts
=============

There are various scripts use to setup or configure Horde.  If you
allow other users on the web server machine, you should protect these
files from being accessed by them.  On a unix system, you might restrict
these files to root access by using the following type of commands:

# chown -R root /home/httpd/html/horde/scripts
# chown -R root /home/httpd/html/horde/*/scripts
# chmod -R go-rwx /home/httpd/html/horde/scripts
# chmod -R go-rwx /home/httpd/html/horde/*/scripts


-------------------------------
Using a chroot web server setup
===============================

Unix users may want to consider using a chroot environment for their
web server.  How to do this is beyond the scope of this document, but
sufficient information exists on the world wide web and/or in your
server documentation to complete this task.


------------------------------
Hidding PHP info from the user
==============================

You should consider setting the following PHP variables in your php.ini file
to prevent information leak to the user, or global insertion by the user:

expose_php = Off
display_errors = Off
log_errors = On
register_globals = Off

You should also set up error logging (using the PHP error_log variable)
to log to a file, syslog, or other log destination.


-------------------------
Using a secure web server
=========================

Horde depends on passing sensitive information (such as passwords and
session information)  between the web server and the web client.  Using
a secure (SSL-enabled) web server will help protect this information as
it traversing the network.


-------------------------------
Using a secure POP3/IMAP server
===============================

If you are using a POP3/IMAP server with Horde (e.g. for authentication or
for IMP) then Horde is passing the user's login credentials between the
web server and the mail server.

If your web server and IMAP server are on the same host, you can increase
security by forcing all traffic over the loopback or localhost interface
so that it is not exposed to your network.

In cases where that is not possible, we recommend using a secure mail
connection such as IMAP-SSL or POP3-SSL to ensure that passwords remain
safe.


-------------------
TODO: LDAP Security
===================

LDAP security is similar to the above POP3/IMAP server security issue.
If you are using LDAP, you should make sure that you are not exposing
ldap passwords or any sensitive data in your LDAP database.


------------------------
Database socket security
========================

If your database (e.g. MySQL or PostgreSQL) is on the same host as your
web server, you may use unix sockets rather than tcp connections to help
improve your security (and performance).  (If it doesn't support unix
sockets, you can achieve some better security by restricting the tcp 
support to the loopback or localhost interface)

If the database keeps its socket file (e.g. mysql.sock) in a directory
like /tmp or /var/tmp, you should set permissions carefully to ensure that
local users (if you have any) can't delete the socket. The unix "sticky"
bit should already be sent on the temporary directory itself, but you
also need to make sure the socket itself isn't writable by "other"
or users can delete it.

You might consider moving the socket file to another location such
as /var/run or the top-level directory of your database program (e.g.
/var/lib/mysql or /var/lib/pgsql).


-------------------------------
Sendmail or SMTP considerations
===============================

In some cases, you can increase security by sending mail via the local
command-line sendmail program on your web server, rather than using SMTP. 
However, there may be reasons to use SMTP instead, such as if your smtp
server does spam or virus checking which would be skipped using the local
sendmail program.


----------------
Additional Notes
================

This is by far not a complete security HOWTO. This is just a compiled list
of what people have contributed so far. If you have tips, ideas, suggestions
or anything else that you think could help others in securing their Horde
installation, please let us know.

$Horde: horde/docs/SECURITY,v 1.8 2003/08/29 21:56:51 jan Exp $

--- NEW FILE: TODO ---
=================================
|| Horde Development TODO List ||
=================================

- Implement some sort of non-SQL persistent DataTree backend that can
be the default backend so that people don't get non-persistent
DataTree objects. Get rid of the null backend; we pretty much _need_ a
persistent DataTree for Horde 3.0's functionality to work as
advertised.

- Implement admin/deleteUser methods in applications' APIs to delete
user specific data.

- Implement a Horde_Lock class that sits on top of DataTree and
provides locking of any object in the Horde system, like Links
provides relations between any object and Perms provides permissions.

- Add a /services/groups/ section. Include public group homepages,
including any information marked public for the group (let the members
list be marked public/group only/admin only), add group administrators
(just a flag for users), add the ability to show all calendars/other
shares that a group has permissions to, allow creating a new
calendar/poll/etc. for a group.

- Add the ability to break out DataTree group_uids into their own
tables (one table per group).

- Use the freedesktop shared-mime-info XML file
(http://www.freedesktop.org/Software/shared-mime-info) to build our MIME_Magic
magic data files.


$Horde: horde/docs/TODO,v 1.15 2004/05/21 19:24:11 chuck Exp $

--- NEW FILE: TRANSLATIONS ---
$Horde: horde/docs/TRANSLATIONS,v 1.6 2004/05/04 14:26:29 jan Exp $

Horde Translation Guide
Copyright 2000-2002 Joris Braakman <jbraakman at yahoo.com>
Copyright 2001-2002 Chuck Hagenbuch <chuck at horde.org>
Copyright 2001-2004 Jan Schneider <jan at horde.org>

Contents
========
- GNU gettext, PHP and Horde
- Translations don't work
- Solaris


GNU gettext, PHP and Horde
--------------------------

Horde uses GNU gettext for internationalization (i18n) and localization
(l10n). The manual at http://www.gnu.org/manual/gettext/index.html is
biased against C and using Emacs. This is more for Horde.

There is a good explanation for PHP and gettext at:
http://www.faqts.com/knowledge-base/view.phtml/aid/2953/fid/422

People seem to like learning from examples better, so I have used
dutch (nl_NL) as an example everywhere.

There is a command line tool written in PHP for creating and managing
translations in the horde/po/ directory. Usage instructions can be found in
horde/po/README.


Translations don't work
-----------------------
If all or some translations don't work on your system, please follow the steps
described below. If you want to ask for help either on the i18n mailing list
(http://horde.org/mail/) or on Horde's bug system, please explain which steps
you tried and which failed.

You might also find some more information in the FAQ at http://horde.org/faq/.

Please note that Dutch (nl_NL) is only used as an example here. If you have
problems with a certain translation use this translation's language code
instead.

Is this locale (nl_NL) installed at all?
$ locale -a
should list all locales installed on your system.

On Debian not all locales may be enabled by default. Edit /etc/locale.gen and
run locale-gen if you changed the list of enabled locales.

Do you have any .mo files? Usually in /usr/share/locale/
e.g. /usr/share/locale/nl/LC_MESSAGES/tar.mo

Does gettext even work?
Get a string to translate,
$ strings /bin/tar | grep Memory
Memory exhausted
$ (LANG=nl_NL; LANGUAGE=nl_NL; LC_MESSAGES=nl_NL; gettext tar "Memory exhausted" )
Geheugen uitgeput

Does the local Horde file work?
Assuming that you have put the translated Horde file in
/data/www/horde/locale/nl_NL/LC_MESSAGES/horde.mo
$ export TEXTDOMAINDIR=/data/www/horde/locale
$ (LANG=nl_NL; LANGUAGE=nl_NL; LC_MESSAGES=nl_NL; gettext horde "Message" )
Bericht

Create a file in the horde directory, langtest.php:
<?php
setlocale(LC_MESSAGES, 'nl_NL');
putenv('LANG=nl_NL');
putenv('LANGUAGE=nl_NL');
// use the tar test.
echo dgettext('tar', 'Memory exhausted');
echo '<br />';

// Specify location of translation tables
bindtextdomain('horde', './locale');

// Choose domain
textdomain('horde');

// Print the already tested message
echo _("Message");
echo '<br />';

// this should print the same.
echo dgettext('horde', 'Message');

?>

OUTPUT web browser:
Geheugen uitgeput
Bericht
Bericht


Solaris
-------
Since the .mo files are binary, they are platform specific. You
have to rerun make in all po directories.

On Solaris 7, you don't have the Partial Locales (SUNWploc) and Supplementary
Partial Locales (SUNWploc1) packages installed if you get:
$ LANG=nl_NL
couldn't set locale correctly

On Solaris 8, you must install the local packages required for the locales you
desire (for example, you may need to install SUNWweuos for Western European
locales or SUNWmeaos for Middle Eastern locales). The packages are located on
Software Disk 1 of 2 in the directory: sol_8_1001_sparc/s0/Solaris_8/Product

This is what it should say:

Solaris 7:
$ pkginfo | grep ploc
system      SUNWploc       Partial Locales
system      SUNWploc1      Supplementary Partial Locales

Solaris 8:
$ pkginfo | grep euo
system      SUNWceuos      Central Europe OS Support
system      SUNWceuox      Central Europe 64-bit OS Support
system      SUNWeeuos      Eastern Europe OS Support
system      SUNWeeuox      Eastern Europe 64-bit OS Support
system      SUNWneuos      Northern Europe OS Support
system      SUNWneuox      Northern Europe 64-bit OS Support
system      SUNWseuos      Southern Europe OS Support
system      SUNWseuox      Southern Europe 64-bit OS Support
system      SUNWweuos      Western Europe OS Support
system      SUNWweuox      Western Europe 64-bit OS Support

The stuff is installed in /usr/lib/locale
$ ls /usr/lib/locale/nl
LC_COLLATE   LC_CTYPE     LC_MESSAGES  LC_MONETARY  LC_NUMERIC   LC_TIME      nl.so.1

We assume that the Solaris gettext implementation is installed when we compile
the translations. Thus the make process will fail if the installed gettext is
from GNU. If anyone knows how to determine if the installed gettext is from
Solaris or GNU on Solaris systems, please send us a note.

It was also reported that the HTTP server has to be linked to the same
libintl.so file as PHP on Solaris.  Also, it may be required that libintl.so
be loaded before libc is loaded.  If you are having conflicts, you may be
able to reside them by starting apache with one of the following commands:

LD_PRELOAD=libintl.so apachectl start

--- NEW FILE: UPGRADING ---
Upgrading to Horde 3.0
======================

This is a non-exhaustive, quick explanation of what has changed between
an Horde 2.x installation to Horde 3.0.

* Configuration files
Most configuration files have been changed to XML format. To generate a valid
configuration file from the XML file, follow the configuration instructions
in the applications' docs/INSTALL file.

* Preferences
The last_login preference has changed its format and scope. Just remove all
last_login preferences from the preferences backend.

$Horde: horde/docs/UPGRADING,v 1.1 2003/07/16 11:24:41 jan Exp $





More information about the commits mailing list