[mirrors/Kyberia-bloodline.git] / doc / TODO

- fix uploading of files
- fix ALL sql injections
- keep fixing XSS
- documentantion/instalation guide (see README)
- remove absolute paths from all source files (!) (over 50)
- remove hard-coded kyberia.sk from:
  ( ./inc/eventz/configure_email.inc )
  ( ./inc/eventz/delete.inc )
  ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
  ( ./inc/replaceLocalURLs.inc )
  ( ./nodes.php )
  ( ./cron/rssparse.php )
  ( ./scripts/contentregexp.php ) (obsolete?)

- Suspected security holes:
  ( cron/process-img.sh )
  ( sms_payment.php  => yes, sqli but is it really used? )
  ( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
    "strange" filenames like .htacess (to allow listing of folder)

- Refactor directory structure
  ( Whole <Directory "/var/www/kyberia-wwwroot> section from apache should go to .htaccess )

- Deprecated PHP features
  ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )
Commit	Line	Data
dcee7633	1	- fix uploading of files
	2	- fix ALL sql injections
	3	- keep fixing XSS
	4	- documentantion/instalation guide (see README)
	5	- remove absolute paths from all source files (!) (over 50)
	6	- remove hard-coded kyberia.sk from:
	7	( ./inc/eventz/configure_email.inc )
	8	( ./inc/eventz/delete.inc )
	9	( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
	10	( ./inc/replaceLocalURLs.inc )
	11	( ./nodes.php )
	12	( ./cron/rssparse.php )
	13	( ./scripts/contentregexp.php ) (obsolete?)
	14
	15	- Suspected security holes:
	16	( cron/process-img.sh )
	17	( sms_payment.php => yes, sqli but is it really used? )
	18	( inc/eventz/upload_data_node.php => Shell injections in .zip hanling, .jpg handling,
	19	"strange" filenames like .htacess (to allow listing of folder)
	20
d48685b8 H	21	- Refactor directory structure
d48685b8 H	22	( Whole <Directory "/var/www/kyberia-wwwroot> section from apache should go to .htaccess )
2f9b4885 H	23
	24	- Deprecated PHP features
	25	( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )