-- fix uploading of files
-- fix ALL sql injections
-- keep fixing XSS
-- documentantion/instalation guide (see README)
-- remove absolute paths from all source files (!) (over 50)
-- remove hard-coded kyberia.sk from:
- ( ./inc/eventz/configure_email.inc )
- ( ./inc/eventz/delete.inc )
- ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
- ( ./inc/replaceLocalURLs.inc )
- ( ./nodes.php )
- ( ./cron/rssparse.php )
- ( ./scripts/contentregexp.php ) (obsolete?)
+- remove hard-coded constants (everywhere):
+
+- Registration process -> Add welcome texts & move them to one file/node
+ +(during registration we should generate GnuPG keypair
+ to user_gpg_prv and user_gpg_pub fields in table users) (harvie)
+
+- User mail -> can't delete the mails...
+ Anyway move whole mail handling out of nodes.php (?)
+
+- SQL injections (many fixed, but some are still there)
+
+- remove absolute paths from all source files (!)
+- convert to some more inteligent path system... eg.:
+ define('SYSTEM_ROOT', '/srv/kyberia/');
+ define('SYSTEM_WWWROOT', SYSTEM_ROOT.'/wwwroot/');
+ define('SYSTEM_URL', '/'); //or https://dev.kyberia.cz/
+ define('SYSTEM_DATA', '_data/');
+ define('SYSTEM_IMAGES', '_images/');
+ because right now we can't determine both: filesystem path and URL of the same directory. this SUX!
+- when we will be doing this we should make kyberia compatible with "./" PHP open base dir.
+ i think that it's really nice philosophy when PHP script is never accessing files that are not in the same directory (or it's subdirectory) as the script itself (especially when it cannot do this - it can be good security improvement).
+
+- remove hard-coded hostname from:
+ ( registration mails )
+ ( scripts in "scripts" directory (system paths))
+
+- Fix https vs http problem (url)
+
+- Uploading user images works, but resizing?