| 1 | - When adding node, content is escaped twice(?) |
| 2 | |
| 3 | - Registration process -> Add welcome texts & move them to one file/node |
| 4 | Temporary requests node does not exists. |
| 5 | Nodes are created with bad vector |
| 6 | (during registration we should generate GnuPG keypair |
| 7 | to user_gpg_prv and user_gpg_pub fields in table users) (harvie) |
| 8 | |
| 9 | - Fix uploading user images |
| 10 | |
| 11 | - User mail -> can't delete the mails... |
| 12 | Anyway move whole mail handling out of nodes.php (?) |
| 13 | |
| 14 | - SQL injections (many fixed, but some should be still there) |
| 15 | |
| 16 | - remove absolute paths from all source files (!) |
| 17 | |
| 18 | - remove hard-coded hostname from: |
| 19 | ( registration mails ) |
| 20 | ( scripts in "scripts" directory (system paths)) |
| 21 | |
| 22 | - Fix https vs http problem (url) |
| 23 | |
| 24 | - Suspected security holes: |
| 25 | ( cron/process-img.sh ) |
| 26 | ( ./inc/eventz/spamuj_ubik.inc ) |
| 27 | ( ./inc/eventz/upload_own_template.inc ) (is even needed?) |
| 28 | |
| 29 | - Remove/fix not working eventz |
| 30 | ( ./inc/eventz/addClass.inc ) |
| 31 | ( ./inc/eventz/addEvent.inc ) |
| 32 | ( ./inc/eventz/addAjax.inc ) |
| 33 | ( ./inc/eventz/addPlugin.inc ) |
| 34 | ( ./inc/eventz/kyberia.inc ) (wtf) |
| 35 | |
| 36 | - Refactor directory structure |
| 37 | |
| 38 | - Deprecated PHP features |
| 39 | ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 ) |
| 40 | |
| 41 | - keep fixing XSS |
| 42 | |
| 43 | - Test & scale logarithmic threading |
| 44 | |
| 45 | - Remove templates from git (they should be only in sql) |
| 46 | |
| 47 | - Clean code => fix uninitialized variables |
| 48 | |
| 49 | - documentation/installation guide (see README) |
| 50 | |
| 51 | - Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) |
| 52 | - Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) |
| 53 | |
| 54 | - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) |
| 55 | (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB) |
| 56 | |
| 57 | - Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-") |
| 58 | (Rename images to _images - and fix hardcoded stuff...) |