X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=2ad1c92d7ecb2a36d0418501113fea4232423079;hb=006bd683df7dd016449e114e18508931fb1d90b1;hp=41b464c7a0bc6c3a9e1cba6b86104ccdefc19b3b;hpb=97677ee1875f50f95a51aa6516ee341207c35fb9;p=mirrors%2FKyberia-bloodline.git

diff --git a/doc/TODO b/doc/TODO
index 41b464c..2ad1c92 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,33 +1,45 @@
 - User mail is not working
 
 - Registration process is not working
-  (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+  (rewrite sending of reg. mails)
 
-- Cron scripts are not executed 
-  (no automatic logouts, no K generation, ...)
-
-- fix uploading of files
-
-- fix ALL sql injections
+- SQL injections (many fixed, but some should be still there)
 
 - remove absolute paths from all source files (!) (over 50)
 
-- remove hard-coded kyberia.sk from:
-  ( ./inc/eventz/configure_email.inc )
-  ( ./inc/eventz/delete.inc )
-  ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
-  ( ./inc/replaceLocalURLs.inc )
-  ( ./nodes.php )
-  ( ./cron/rssparse.php )
-  ( ./scripts/contentregexp.php ) (obsolete?)
-  Fix https vs http problem (url)
+- remove hard-coded hostname from:
+  ( registration mails )
+  ( scripts in "scripts" directory (system paths))
+- Fix https vs http problem (url) 
 
 - Suspected security holes:
   ( cron/process-img.sh )
-  ( sms_payment.php  => yes, sqli but is it really used? )
-  ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
-    "strange" filenames like .htacess (to allow listing of folder)
+  ( ./inc/eventz/spamuj_ubik.inc )
+  ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
 
+- Remove eventz (and files) that are not used (verify this before removing)
+  ( ./inc/eventz/login_lockout_test.inc )
+  ( ./inc/eventz/add_test.inc )
+  ( ./inc/eventz/add_ubik_friend.inc )
+  ( ./inc/eventz/cron_test.inc )
+  ( ./inc/eventz/login_test.inc )
+  ( ./inc/eventz/mail_test.inc )
+  ( ./inc/eventz/test_button.inc )
+  ( ./inc/eventz/testing_cron.inc )
+  ( ./inc/eventz/testm.inc )
+  ( ./inc/eventz/send-old.inc )
+  ( ./inc/eventz/destroy_synapse2.inc )
+  ( ./inc/eventz/login2.inc )
+  ( ./inc/eventz/send2.inc )
+  ( ./inc/eventz/set_parent2.inc )
+
+- Remove/fix not working eventz
+  ( ./inc/eventz/addClass.inc  )
+  ( ./inc/eventz/addEvent.inc )
+  ( ./inc/eventz/addAjax.inc )
+  ( ./inc/eventz/addPlugin.inc )
+  ( ./inc/eventz/kyberia.inc ) (wtf)
+ 
 - Refactor directory structure
 
 - Deprecated PHP features
@@ -38,3 +50,15 @@
 - documentation/installation guide (see README)
 
 - Clean code => fix uninitialized variables
+
+- Implement URL handling using PATH_INFO instead of mod_rewrite
+
+- some templates are fixed only in .tpl, not in sql database
+
+- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+  (We can use multiple hash algorithms (so we'll have backward DB compatibility):
+		{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
+		{SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
+		5b077a0ab90992d9763c5b120b22c9d7
+  ) Harvie
+