Conventions

Coding approach

We are redefining our coding standards using [1] and [2]

Read also Source code documentation.

Security

All Drake CMS software add-ons will automatically be certified through a webservice hosted at the sourceforge.net website; the main purpose is to not let insecure software spread, see also certification.htm.

These are the security parameters evaluated when establishing the security of a component, module or any other add-on, ordered from highest to lowest DRACON risk level:

0. no risk

  1. server-to-server URL access (see classes/sst.php)
  2. SQL read access (see also Database)
  3. SQL read/write access (see also Database)
  4. emailing capabilities (see classes/gelomail.php)
  5. file upload
  6. software installation (only allowed on GID 5)
  7. custom file read (no applications for this use, kept as reference)
  8. raw sockets access (possibly used by the embedded FTP client [3])
  9. custom file move/write in the allowed website root
  10. custom file move/write without allowed website root check
  11. variadic code execution (eval() or other code executed from external source, not allowed)

Each add-on should specify its minimal DRACON level and user GID granted to; if the allowed GID is customizable, then an asterisk should be used. Example:

 DRACON 9.5 5.*

Level 9 (custom file move/write) granted to users whose GID is equal to 5 (admin) Level 5 (file upload) granted to configured GID level and above

NOTE: Certification is not currently enforced

See also Groups

Output

Our output will be (milestone for version 1.0) conforming to the following standards:

Internationalization and localization

All language resources are located in the lang folder; Drake CMS currently supports only the UTF-8 charset.

If no native core function for encoding conversion is found within PHP, a raw UTF-8 encoding will be performed.

The date/time functions are overridden as follows:

When using the appropriate lc_* function the output will be UTF-8 and relative to the user's language and timezone.

CSS

See CSS.

Database & SQL

See Database.