[mirrors/Kyberia-bloodline.git] / doc / TODO

- fix uploading of files
- fix ALL sql injections
- keep fixing XSS
- documentantion/instalation guide (see README)
- remove absolute paths from all source files (!) (over 50)
- remove hard-coded kyberia.sk from:
  ( ./inc/eventz/configure_email.inc )
  ( ./inc/eventz/delete.inc )
  ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
  ( ./inc/replaceLocalURLs.inc )
  ( ./nodes.php )
  ( ./cron/rssparse.php )
  ( ./scripts/contentregexp.php ) (obsolete?)

- Suspected security holes:
  ( cron/process-img.sh )
  ( sms_payment.php  => yes, sqli but is it really used? )
  ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
    "strange" filenames like .htacess (to allow listing of folder)
Commit	Line	Data
dcee7633	1	- fix uploading of files
	2	- fix ALL sql injections
	3	- keep fixing XSS
	4	- documentantion/instalation guide (see README)
	5	- remove absolute paths from all source files (!) (over 50)
	6	- remove hard-coded kyberia.sk from:
	7	( ./inc/eventz/configure_email.inc )
	8	( ./inc/eventz/delete.inc )
	9	( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
	10	( ./inc/replaceLocalURLs.inc )
	11	( ./nodes.php )
	12	( ./cron/rssparse.php )
	13	( ./scripts/contentregexp.php ) (obsolete?)
	14
	15	- Suspected security holes:
	16	( cron/process-img.sh )
	17	( sms_payment.php => yes, sqli but is it really used? )
	18	( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
	19	"strange" filenames like .htacess (to allow listing of folder)
	20