-- User mail is not working
+- Registration process -> Add welcome texts & move them to one file/node
+ Temporary requests node does not exists.
+ Nodes are created with bad vector
+ (during registration we should generate GnuPG keypair
+ to user_gpg_prv and user_gpg_pub fields in table users) (harvie)
-- Registration process is not working
- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+- Uploading user images works, but resizing?
-- Cron scripts are not executed
- (no automatic logouts, no K generation, ...)
+- User mail -> can't delete the mails...
+ Anyway move whole mail handling out of nodes.php (?)
-- fix uploading of files
+- SQL injections (many fixed, but some should be still there)
-- fix ALL sql injections
+- remove absolute paths from all source files (!)
-- remove absolute paths from all source files (!) (over 50)
+- remove hard-coded hostname from:
+ ( registration mails )
+ ( scripts in "scripts" directory (system paths))
-- remove hard-coded kyberia.sk from:
- ( ./inc/eventz/configure_email.inc )
- ( ./inc/eventz/delete.inc )
- ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
- ( ./inc/replaceLocalURLs.inc )
- ( ./nodes.php )
- ( ./cron/rssparse.php )
- ( ./scripts/contentregexp.php ) (obsolete?)
- Fix https vs http problem (url)
+- Fix https vs http problem (url)
- Suspected security holes:
( cron/process-img.sh )
- ( sms_payment.php => yes, sqli but is it really used? )
- ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
- "strange" filenames like .htacess (to allow listing of folder)
-
+ ( ./inc/eventz/spamuj_ubik.inc )
+ ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
+
+- Remove/fix not working eventz
+ ( ./inc/eventz/addClass.inc )
+ ( ./inc/eventz/addEvent.inc )
+ ( ./inc/eventz/addAjax.inc )
+ ( ./inc/eventz/addPlugin.inc )
+ ( ./inc/eventz/kyberia.inc ) (wtf)
+
- Refactor directory structure
- Deprecated PHP features
- keep fixing XSS
-- documentation/installation guide (see README)
+- Test & scale logarithmic threading
+
+- Remove templates from git (they should be only in sql)
- Clean code => fix uninitialized variables
+
+- documentation/installation guide (see README)
+
+- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
+- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
+
+- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+ (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)
+
+- Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-")
+ (Rename images to _images - and fix hardcoded stuff...)
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff