dcee7633 |
1 | - fix uploading of files |
2 | - fix ALL sql injections |
3 | - keep fixing XSS |
4 | - documentantion/instalation guide (see README) |
5 | - remove absolute paths from all source files (!) (over 50) |
6 | - remove hard-coded kyberia.sk from: |
7 | ( ./inc/eventz/configure_email.inc ) |
8 | ( ./inc/eventz/delete.inc ) |
9 | ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) |
10 | ( ./inc/replaceLocalURLs.inc ) |
11 | ( ./nodes.php ) |
12 | ( ./cron/rssparse.php ) |
13 | ( ./scripts/contentregexp.php ) (obsolete?) |
14 | |
15 | - Suspected security holes: |
16 | ( cron/process-img.sh ) |
17 | ( sms_payment.php => yes, sqli but is it really used? ) |
18 | ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling, |
19 | "strange" filenames like .htacess (to allow listing of folder) |
20 | |