X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=65fa20a6e2e2408ae74115604dc390f80bf823b1;hb=b7445c84b510c811e8ec6cec894b97ffbefeec5e;hp=6dcc3745b898c71f91205d911eb989ac3e7b7e53;hpb=445972a1965e441eaff524168f6bac0bdd5b9030;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index 6dcc374..65fa20a 100644 --- a/doc/TODO +++ b/doc/TODO @@ -7,7 +7,7 @@ - User mail -> can't delete the mails... Anyway move whole mail handling out of nodes.php (?) -- SQL injections (many fixed, but some should be still there) +- SQL injections (many fixed, but some are still there) - remove absolute paths from all source files (!) - convert to some more inteligent path system... eg.: @@ -29,7 +29,7 @@ - Uploading user images works, but resizing? - Suspected security holes: - ( cron/process-img.sh ) + ( ./inc/smarty/node_methodz/function.fetch.php) (read local files?) ( ./inc/eventz/spamuj_ubik.inc ) ( ./inc/eventz/upload_own_template.inc ) (is even needed?) @@ -58,9 +58,6 @@ - Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) - Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) -- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) - (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB) - - Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-") (Rename images to _images - and fix hardcoded stuff...) @@ -74,3 +71,7 @@ (Mark all nodes that should become part of distribution of kyberia software) (Delete unused tables) (Replace duplicit tables with VIEWs) + +- Image uploading not working (?) + +- put "setParent" everywhere