X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=doc%2FTODO;h=f84097257d4a6742fd0bedaea4563dcf663d64a9;hb=97778f770e2e1ff1c383862ab54cde44d488e5ba;hp=41b464c7a0bc6c3a9e1cba6b86104ccdefc19b3b;hpb=97677ee1875f50f95a51aa6516ee341207c35fb9;p=mirrors%2FKyberia-bloodline.git diff --git a/doc/TODO b/doc/TODO index 41b464c..f840972 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,33 +1,36 @@ -- User mail is not working +- Registration process -> Add welcome texts & move them to one file/node + Temporary requests node does not exists. + Nodes are created with bad vector + (during registration we should generate GnuPG keypair + to user_gpg_prv and user_gpg_pub fields in table users) (harvie) -- Registration process is not working - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) +- Uploading user images works, but resizing? -- Cron scripts are not executed - (no automatic logouts, no K generation, ...) +- User mail -> can't delete the mails... + Anyway move whole mail handling out of nodes.php (?) -- fix uploading of files +- SQL injections (many fixed, but some should be still there) -- fix ALL sql injections +- remove absolute paths from all source files (!) -- remove absolute paths from all source files (!) (over 50) +- remove hard-coded hostname from: + ( registration mails ) + ( scripts in "scripts" directory (system paths)) -- remove hard-coded kyberia.sk from: - ( ./inc/eventz/configure_email.inc ) - ( ./inc/eventz/delete.inc ) - ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) - ( ./inc/replaceLocalURLs.inc ) - ( ./nodes.php ) - ( ./cron/rssparse.php ) - ( ./scripts/contentregexp.php ) (obsolete?) - Fix https vs http problem (url) +- Fix https vs http problem (url) - Suspected security holes: ( cron/process-img.sh ) - ( sms_payment.php => yes, sqli but is it really used? ) - ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling, - "strange" filenames like .htacess (to allow listing of folder) - + ( ./inc/eventz/spamuj_ubik.inc ) + ( ./inc/eventz/upload_own_template.inc ) (is even needed?) + +- Remove/fix not working eventz + ( ./inc/eventz/addClass.inc ) + ( ./inc/eventz/addEvent.inc ) + ( ./inc/eventz/addAjax.inc ) + ( ./inc/eventz/addPlugin.inc ) + ( ./inc/eventz/kyberia.inc ) (wtf) + - Refactor directory structure - Deprecated PHP features @@ -35,6 +38,19 @@ - keep fixing XSS -- documentation/installation guide (see README) +- Test & scale logarithmic threading + +- Remove templates from git (they should be only in sql) - Clean code => fix uninitialized variables + +- documentation/installation guide (see README) + +- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite) +- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...) + +- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords) + (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB) + +- Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-") + (Rename images to _images - and fix hardcoded stuff...)