- User mail is not working
-- Userinfo is not working
- ()
-
-- Uploading of datafiles is not working
-
- Registration process is not working
(rewrite sending of reg. mails)
-- fix ALL sql injections
+- SQL injections (many fixed, but some should be still there)
- remove absolute paths from all source files (!) (over 50)
-- remove hard-coded kyberia.sk from:
- ( ./inc/eventz/configure_email.inc )
- ( ./inc/eventz/delete.inc )
- ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
- ( ./inc/replaceLocalURLs.inc )
- ( ./nodes.php )
- ( ./cron/rssparse.php )
- ( ./scripts/contentregexp.php ) (obsolete?)
- Fix https vs http problem (url)
+- remove hard-coded hostname from:
+ ( registration mails )
+ ( scripts in "scripts" directory (system paths))
+- Fix https vs http problem (url)
- Suspected security holes:
( cron/process-img.sh )
( ./inc/eventz/add_test.inc )
( ./inc/eventz/add_ubik_friend.inc )
( ./inc/eventz/cron_test.inc )
- ( ./inc/eventz/login_lockout_test.inc )
( ./inc/eventz/login_test.inc )
( ./inc/eventz/mail_test.inc )
( ./inc/eventz/test_button.inc )
( ./inc/eventz/addPlugin.inc )
( ./inc/eventz/kyberia.inc ) (wtf)
-
- Refactor directory structure
- Deprecated PHP features
- Implement URL handling using PATH_INFO instead of mod_rewrite
+- some templates are fixed only in .tpl, not in sql database
+
- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
(We can use multiple hash algorithms (so we'll have backward DB compatibility):
{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e