| 1 | - fix uploading of files |
| 2 | - fix ALL sql injections |
| 3 | - keep fixing XSS |
| 4 | - documentantion/instalation guide (see README) |
| 5 | - remove absolute paths from all source files (!) (over 50) |
| 6 | - remove hard-coded kyberia.sk from: |
| 7 | ( ./inc/eventz/configure_email.inc ) |
| 8 | ( ./inc/eventz/delete.inc ) |
| 9 | ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) |
| 10 | ( ./inc/replaceLocalURLs.inc ) |
| 11 | ( ./nodes.php ) |
| 12 | ( ./cron/rssparse.php ) |
| 13 | ( ./scripts/contentregexp.php ) (obsolete?) |
| 14 | |
| 15 | - Suspected security holes: |
| 16 | ( cron/process-img.sh ) |
| 17 | ( sms_payment.php => yes, sqli but is it really used? ) |
| 18 | ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling, |
| 19 | "strange" filenames like .htacess (to allow listing of folder) |
| 20 | |