X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=65fa20a6e2e2408ae74115604dc390f80bf823b1;hb=b7445c84b510c811e8ec6cec894b97ffbefeec5e;hp=da4014826e8deee1baa2f0a48b89002aca417d11;hpb=f2e47e33e5b2753b886980b52b26641a62d9bec9;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index da40148..65fa20a 100644 --- a/doc/TODO +++ b/doc/TODO @@ -7,7 +7,7 @@ - User mail -> can't delete the mails... Anyway move whole mail handling out of nodes.php (?) -- SQL injections (many fixed, but some should be still there) +- SQL injections (many fixed, but some are still there) - remove absolute paths from all source files (!) - convert to some more inteligent path system... eg.: @@ -29,7 +29,7 @@ - Uploading user images works, but resizing? - Suspected security holes: - ( cron/process-img.sh ) + ( ./inc/smarty/node_methodz/function.fetch.php) (read local files?) ( ./inc/eventz/spamuj_ubik.inc ) ( ./inc/eventz/upload_own_template.inc ) (is even needed?) @@ -58,12 +58,20 @@ - Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) - Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) -- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) - (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB) - - Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-") (Rename images to _images - and fix hardcoded stuff...) - Fix /(id|k)/*/download (ERROR: Empty file to download.) (I think this should be implemented as template (and smarty method for download). template can be ID down in base36 = 638807 in base10) + +- Cleanup DB + (Make script for deleting nodes in recycle bin) + (Some actions (like loging, etc...) may be implemented using SQL triggers) + (Mark all nodes that should become part of distribution of kyberia software) + (Delete unused tables) + (Replace duplicit tables with VIEWs) + +- Image uploading not working (?) + +- put "setParent" everywhere