X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=4cfbaaeaae37448672890e58d89586d383c1dd51;hb=a081a6fd9e8fd6a75cc95c1f1b4062c360f0fc0b;hp=069938d405a81a0bc515861c98f906d316ec363f;hpb=fe69da5f874fb15c978927554677a4c98dea9265;p=mirrors%2FKyberia-bloodline.git

diff --git a/doc/TODO b/doc/TODO
index 069938d..4cfbaae 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -1,11 +1,9 @@
 - User mail is not working
 
-- Registration process is not working
-
-- Cron scripts are not executed 
-  (no automatic logouts, no K generation, ...)
+- Uploading of datafiles is not working
 
-- fix uploading of files
+- Registration process is not working
+  (rewrite sending of reg. mails)
 
 - fix ALL sql injections
 
@@ -23,10 +21,33 @@
 
 - Suspected security holes:
   ( cron/process-img.sh )
-  ( sms_payment.php  => yes, sqli but is it really used? )
-  ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
-    "strange" filenames like .htacess (to allow listing of folder)
+  ( ./inc/eventz/spamuj_ubik.inc )
+  ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
+
+- Remove eventz (and files) that are not used (verify this before removing)
+  ( ./inc/eventz/login_lockout_test.inc )
+  ( ./inc/eventz/add_test.inc )
+  ( ./inc/eventz/add_ubik_friend.inc )
+  ( ./inc/eventz/cron_test.inc )
+  ( ./inc/eventz/login_lockout_test.inc )
+  ( ./inc/eventz/login_test.inc )
+  ( ./inc/eventz/mail_test.inc )
+  ( ./inc/eventz/test_button.inc )
+  ( ./inc/eventz/testing_cron.inc )
+  ( ./inc/eventz/testm.inc )
+  ( ./inc/eventz/send-old.inc )
+  ( ./inc/eventz/destroy_synapse2.inc )
+  ( ./inc/eventz/login2.inc )
+  ( ./inc/eventz/send2.inc )
+  ( ./inc/eventz/set_parent2.inc )
 
+- Remove/fix not working eventz
+  ( ./inc/eventz/addClass.inc  )
+  ( ./inc/eventz/addEvent.inc )
+  ( ./inc/eventz/addAjax.inc )
+  ( ./inc/eventz/addPlugin.inc )
+  ( ./inc/eventz/kyberia.inc ) (wtf)
+ 
 - Refactor directory structure
 
 - Deprecated PHP features
@@ -37,3 +58,15 @@
 - documentation/installation guide (see README)
 
 - Clean code => fix uninitialized variables
+
+- Implement URL handling using PATH_INFO instead of mod_rewrite
+
+- some templates are fixed only in .tpl, not in sql database
+
+- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+  (We can use multiple hash algorithms (so we'll have backward DB compatibility):
+		{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
+		{SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
+		5b077a0ab90992d9763c5b120b22c9d7
+  ) Harvie
+