Commit | Line | Data |
---|---|---|
dcee7633 | 1 | - fix uploading of files |
2 | - fix ALL sql injections | |
3 | - keep fixing XSS | |
4 | - documentantion/instalation guide (see README) | |
5 | - remove absolute paths from all source files (!) (over 50) | |
6 | - remove hard-coded kyberia.sk from: | |
7 | ( ./inc/eventz/configure_email.inc ) | |
8 | ( ./inc/eventz/delete.inc ) | |
9 | ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) | |
10 | ( ./inc/replaceLocalURLs.inc ) | |
11 | ( ./nodes.php ) | |
12 | ( ./cron/rssparse.php ) | |
13 | ( ./scripts/contentregexp.php ) (obsolete?) | |
14 | ||
15 | - Suspected security holes: | |
16 | ( cron/process-img.sh ) | |
17 | ( sms_payment.php => yes, sqli but is it really used? ) | |
18 | ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling, | |
19 | "strange" filenames like .htacess (to allow listing of folder) | |
20 | ||
d48685b8 H |
21 | - Refactor directory structure |
22 | ( Whole <Directory "/var/www/kyberia-wwwroot> section from apache should go to .htaccess ) | |
2f9b4885 H |
23 | |
24 | - Deprecated PHP features | |
25 | ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 ) |