X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=8832f5fcc292e3cd8cc78a0fb71defc7c7f88cc7;hb=a1797ae2365c0b45e3456fd6bc98b2993ffc87a8;hp=c179516fcf9a4df121bf2f6f3c9708802495815d;hpb=78cc85116accdd5bf70ab6b195e7a0d420c74e37;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index c179516..8832f5f 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,15 +1,24 @@ -- User mail is not working +- When adding node, content is escaped twice(?) -- Registration process is not working - (rewrite sending of reg. mails) +- Registration process -> Add welcome texts & move them to one file/node + Temporary requests node does not exists. + Nodes are created with bad vector + (during registration we should generate GnuPG keypair + to user_gpg_prv and user_gpg_pub fields in table users) (harvie) + +- User images (icons) seems to be broken + +- User mail -> can't delete the mails... + Anyway move whole mail handling out of nodes.php (?) - SQL injections (many fixed, but some should be still there) -- remove absolute paths from all source files (!) (over 50) +- remove absolute paths from all source files (!) - remove hard-coded hostname from: ( registration mails ) ( scripts in "scripts" directory (system paths)) + - Fix https vs http problem (url) - Suspected security holes: @@ -17,23 +26,6 @@ ( ./inc/eventz/spamuj_ubik.inc ) ( ./inc/eventz/upload_own_template.inc ) (is even needed?) -- Remove eventz (and files) that are not used (verify this before removing) - ( ./inc/eventz/login_lockout_test.inc ) - ( ./inc/eventz/add_test.inc ) - ( ./inc/eventz/add_ubik_friend.inc ) - ( ./inc/eventz/cron_test.inc ) - ( ./inc/eventz/login_lockout_test.inc ) - ( ./inc/eventz/login_test.inc ) - ( ./inc/eventz/mail_test.inc ) - ( ./inc/eventz/test_button.inc ) - ( ./inc/eventz/testing_cron.inc ) - ( ./inc/eventz/testm.inc ) - ( ./inc/eventz/send-old.inc ) - ( ./inc/eventz/destroy_synapse2.inc ) - ( ./inc/eventz/login2.inc ) - ( ./inc/eventz/send2.inc ) - ( ./inc/eventz/set_parent2.inc ) - - Remove/fix not working eventz ( ./inc/eventz/addClass.inc ) ( ./inc/eventz/addEvent.inc ) @@ -48,18 +40,16 @@ - keep fixing XSS -- documentation/installation guide (see README) +- Test & scale logarithmic threading + +- Remove templates from git (they should be only in sql) - Clean code => fix uninitialized variables -- Implement URL handling using PATH_INFO instead of mod_rewrite +- documentation/installation guide (see README) -- some templates are fixed only in .tpl, not in sql database +- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) +- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) - (We can use multiple hash algorithms (so we'll have backward DB compatibility): - {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e - {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735 - 5b077a0ab90992d9763c5b120b22c9d7 - ) Harvie - + (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)