Commit | Line | Data |
---|---|---|
dcee7633 | 1 | - fix uploading of files |
2 | - fix ALL sql injections | |
3 | - keep fixing XSS | |
4 | - documentantion/instalation guide (see README) | |
5 | - remove absolute paths from all source files (!) (over 50) | |
6 | - remove hard-coded kyberia.sk from: | |
7 | ( ./inc/eventz/configure_email.inc ) | |
8 | ( ./inc/eventz/delete.inc ) | |
9 | ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php ) | |
10 | ( ./inc/replaceLocalURLs.inc ) | |
11 | ( ./nodes.php ) | |
12 | ( ./cron/rssparse.php ) | |
13 | ( ./scripts/contentregexp.php ) (obsolete?) | |
14 | ||
15 | - Suspected security holes: | |
16 | ( cron/process-img.sh ) | |
17 | ( sms_payment.php => yes, sqli but is it really used? ) | |
18 | ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling, | |
19 | "strange" filenames like .htacess (to allow listing of folder) | |
20 | ||
d48685b8 H |
21 | - Refactor directory structure |
22 | ( Whole <Directory "/var/www/kyberia-wwwroot> section from apache should go to .htaccess ) |