X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=95ccf36ac55f8cca2f51948a718051ceebd0a51a;hb=94c8f5b3e574715cc692f8a92f8d332e0c55804a;hp=135cc79bd20ad2eaac24801a806f59700237b898;hpb=dcee763368a1e3f380d07320a5254d91a09304e6;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index 135cc79..95ccf36 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,20 +1,54 @@ -- fix uploading of files -- fix ALL sql injections -- keep fixing XSS -- documentantion/instalation guide (see README) -- remove absolute paths from all source files (!) (over 50) -- remove hard-coded kyberia.sk from: - ( ./inc/eventz/configure_email.inc ) - ( ./inc/eventz/delete.inc ) - ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) - ( ./inc/replaceLocalURLs.inc ) - ( ./nodes.php ) - ( ./cron/rssparse.php ) - ( ./scripts/contentregexp.php ) (obsolete?) +- User mail is not working + (seems to be fixed, but we still can't delete the mails...) + Anyway move whole mail handling out of nodes.php (?) + +- Registration process is not working + (rewrite sending of reg. mails) (TEST) + (during registration we should generate GnuPG keypair to user_gpg_prv and user_gpg_pub fields in table users) + +- SQL injections (many fixed, but some should be still there) + +- remove absolute paths from all source files (!) + +- User images (icons) seems to be broken somehow + +- remove hard-coded hostname from: + ( registration mails ) + ( scripts in "scripts" directory (system paths)) + +- Fix https vs http problem (url) - Suspected security holes: ( cron/process-img.sh ) - ( sms_payment.php => yes, sqli but is it really used? ) - ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling, - "strange" filenames like .htacess (to allow listing of folder) + ( ./inc/eventz/spamuj_ubik.inc ) + ( ./inc/eventz/upload_own_template.inc ) (is even needed?) + +- Remove/fix not working eventz + ( ./inc/eventz/addClass.inc ) + ( ./inc/eventz/addEvent.inc ) + ( ./inc/eventz/addAjax.inc ) + ( ./inc/eventz/addPlugin.inc ) + ( ./inc/eventz/kyberia.inc ) (wtf) + +- Refactor directory structure + +- Deprecated PHP features + ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 ) + +- keep fixing XSS + +- Test & scale logarithmic threading + +- some templates are fixed only in .tpl, not in sql database + => synchronize .tpl vs SQL templates (permanently) + +- Clean code => fix uninitialized variables + +- documentation/installation guide (see README) + +- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) +- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) +- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) + (We really need this... I've cracked Hromi's password in few seconds (even when it was relatively secure)) + (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)