| 1 | - User mail is not working |
| 2 | |
| 3 | - Registration process is not working |
| 4 | (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) |
| 5 | |
| 6 | - Cron scripts are not executed |
| 7 | (no automatic logouts, no K generation, ...) |
| 8 | |
| 9 | - fix uploading of files |
| 10 | |
| 11 | - fix ALL sql injections |
| 12 | |
| 13 | - remove absolute paths from all source files (!) (over 50) |
| 14 | |
| 15 | - remove hard-coded kyberia.sk from: |
| 16 | ( ./inc/eventz/configure_email.inc ) |
| 17 | ( ./inc/eventz/delete.inc ) |
| 18 | ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) |
| 19 | ( ./inc/replaceLocalURLs.inc ) |
| 20 | ( ./nodes.php ) |
| 21 | ( ./cron/rssparse.php ) |
| 22 | ( ./scripts/contentregexp.php ) (obsolete?) |
| 23 | Fix https vs http problem (url) |
| 24 | |
| 25 | - Suspected security holes: |
| 26 | ( cron/process-img.sh ) |
| 27 | ( sms_payment.php => yes, sqli but is it really used? ) |
| 28 | ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling, |
| 29 | "strange" filenames like .htacess (to allow listing of folder) |
| 30 | |
| 31 | - Refactor directory structure |
| 32 | |
| 33 | - Deprecated PHP features |
| 34 | ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 ) |
| 35 | |
| 36 | - keep fixing XSS |
| 37 | |
| 38 | - documentation/installation guide (see README) |
| 39 | |
| 40 | - Clean code => fix uninitialized variables |