djact / maskes Goto Github PK

Security is not my forté, but: on all user fields, we should make sure that SQL and XSS injections are not possible by validating or sanitizing the input.

https://www.acunetix.com/websitesecurity/sql-injection/
https://www.acunetix.com/websitesecurity/cross-site-scripting/

We should probably use PST if possible.

This might already be the case, but we should make sure to set a max upload size on receipts to make sure they don't end up eating too much disk space. Likewise with profile pics and other things that get uploaded.

It seems like the requests are displayed in no particular order for now. Ideally we should sort them by urgency and submitted date, so that older urgent requests are shown first.

It could be nice to be able to select more than one city to filter with, for example.

It's a minor issue, but some cultures don't have two names, others have "mandatory" middle names, etc. Unless there's a specific reason we want to separate first and last name (like emailing with only the first name?), it might be best to have a single "Full name" field.

Very minor, but this:

Seems to imply that there are only 3 pages. In reality there are 12. Usually this is shown by having something like:
[1][2]...[12]

Instead of having the user look through a long list of locations, maybe we could use the City field in the address below?

If the location are more like "service areas", an ambitious solution would be to calculate the correct area from the zip code. This could also let us automatically forward out-of-area requests to the correct Mutual Aid groups.

Right now the family size selector only lets you select a minimum family size:

Some volunteers might only have limited cargo size/time to shop/amount they want to donate, and would prefer to deliver to smaller families. We should let people set both a minimum and a maximum family size.

For example here:

If I click on the "Phone number - text" string, it will enable the radio button of the "call" option. In general it seems to always enable the first option only.

Fields that have a defined format (like phone numbers and zip) could benefit from being validated to ensure that they're correct. For phone number, we should make sure we allow country code for people with foreign numbers.

Stretch goal: look into these address-validation libraries that some online stores use to make sure the address is correct as well :)

This is a lot to read and looks somewhat worrying:

Maybe we could skip this step, and instead contact out-of-area people to get their consent afterwards? That way only the people who need to agree to this will have to take that step.

After creating, I get this screen:

The new request doesn't appear in the list. Refreshing the page fixes the issue.

It's maybe just me, but when I see a grayed out option like here:

My first thought is that the toggle is disabled (as in, it can't be changed). Also I'm not sure if it makes sense that the colored, "on"-looking design is private, and the grey out is public?

Same issue as #12, but with support items.

It could be nice to have a way to edit or cancel the requests, at least while they're in the "new" stage.

None of these seem connected to anything yet:

Should be "upcoming events"

Some info (like phone number) is useful for both volunteers and requesters. And some info (like address, allergies, etc.) will most likely not change between requests. Consider having these in the profile to speed up request entry.

Currently there is no way for the volunteer to say that they don't need reimbursement, and it looks like they need to always upload a receipt etc.

We could add a button that says "I don't need to be reimbursed" or similar to skip this step.

Currently it seems like things are ordered by columns, like such (notice the date):

It's probably more clear to have the requests sorted by rows: