X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=8528826c3904540190ad35f4a8a5005e3eda8687;hb=5b9c0808f40b7b6aa4545625b4dfa6a909f15e4e;hp=4cb74508d601ccd703aa9b62e6cd7699015c9f6c;hpb=9f213be0e1d5e9ea05e5583d61788af5bd7ef4e6;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index 4cb7450..8528826 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,40 +1,36 @@ - User mail is not working + (mail seems to be stored in db, + error is probably somewhere in template + 1549888.tpl, 1549887.tpl or 25.tpl ) + Anyway move whole mail handling out of nodes.php (?) - Registration process is not working - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) - (We can use multiple hash algorithms (so we'll have backward DB compatibility): - {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e - {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735 - 5b077a0ab90992d9763c5b120b22c9d7 - ) + (rewrite sending of reg. mails) (TEST) -- Cron scripts are not executed - (no automatic logouts, no K generation, ...) +- SQL injections (many fixed, but some should be still there) -- fix uploading of files +- remove absolute paths from all source files (!) -- fix ALL sql injections +- User images (icons) seems to be broken somehow -- remove absolute paths from all source files (!) (over 50) +- remove hard-coded hostname from: + ( registration mails ) + ( scripts in "scripts" directory (system paths)) -- remove hard-coded kyberia.sk from: - ( ./inc/eventz/configure_email.inc ) - ( ./inc/eventz/delete.inc ) - ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) - ( ./inc/replaceLocalURLs.inc ) - ( ./nodes.php ) - ( ./cron/rssparse.php ) - ( ./scripts/contentregexp.php ) (obsolete?) - Fix https vs http problem (url) +- Fix https vs http problem (url) - Suspected security holes: ( cron/process-img.sh ) - ( sms_payment.php => yes, sqli but is it really used? ) - ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling, - "strange" filenames like .htacess (to allow listing of folder) - -- Implement URL handling using PATH_INFO instead of mod_rewrite - + ( ./inc/eventz/spamuj_ubik.inc ) + ( ./inc/eventz/upload_own_template.inc ) (is even needed?) + +- Remove/fix not working eventz + ( ./inc/eventz/addClass.inc ) + ( ./inc/eventz/addEvent.inc ) + ( ./inc/eventz/addAjax.inc ) + ( ./inc/eventz/addPlugin.inc ) + ( ./inc/eventz/kyberia.inc ) (wtf) + - Refactor directory structure - Deprecated PHP features @@ -42,6 +38,21 @@ - keep fixing XSS -- documentation/installation guide (see README) +- Test & scale logarithmic threading + +- some templates are fixed only in .tpl, not in sql database + => synchronize .tpl vs SQL templates (permanently) - Clean code => fix uninitialized variables + +- documentation/installation guide (see README) + +- Implement URL handling using PATH_INFO instead of mod_rewrite + +- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) + (We can use multiple hash algorithms (so we'll have backward DB compatibility): + {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e + {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735 + 5b077a0ab90992d9763c5b120b22c9d7 + ) Harvie +