[mirrors/Kyberia-bloodline.git] / doc / TODO

- User mail is not working

- Registration process is not working
  (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
  (We can use multiple hash algorithms (so we'll have backward DB compatibility):
		{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
		{SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
		5b077a0ab90992d9763c5b120b22c9d7
  )

- Cron scripts are not executed 
  (no automatic logouts, no K generation, ...)

- fix uploading of files

- fix ALL sql injections

- remove absolute paths from all source files (!) (over 50)

- remove hard-coded kyberia.sk from:
  ( ./inc/eventz/configure_email.inc )
  ( ./inc/eventz/delete.inc )
  ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
  ( ./inc/replaceLocalURLs.inc )
  ( ./nodes.php )
  ( ./cron/rssparse.php )
  ( ./scripts/contentregexp.php ) (obsolete?)
  Fix https vs http problem (url)

- Suspected security holes:
  ( cron/process-img.sh )
  ( sms_payment.php  => yes, sqli but is it really used? )
  ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
    "strange" filenames like .htacess (to allow listing of folder)

- Implement URL handling using PATH_INFO instead of mod_rewrite

- Refactor directory structure

- Deprecated PHP features
  ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )

- keep fixing XSS

- documentation/installation guide (see README)

- Clean code => fix uninitialized variables
Commit	Line	Data
fe69da5f	1	- User mail is not working
	2
	3	- Registration process is not working
97677ee1	4	(IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
9f213be0 H	5	(We can use multiple hash algorithms (so we'll have backward DB compatibility):
	6	{SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
	7	{SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
	8	5b077a0ab90992d9763c5b120b22c9d7
	9	)
fe69da5f	10
	11	- Cron scripts are not executed
	12	(no automatic logouts, no K generation, ...)
	13
dcee7633	14	- fix uploading of files
fe69da5f	15
dcee7633	16	- fix ALL sql injections
fe69da5f	17
dcee7633	18	- remove absolute paths from all source files (!) (over 50)
fe69da5f	19
dcee7633	20	- remove hard-coded kyberia.sk from:
	21	( ./inc/eventz/configure_email.inc )
	22	( ./inc/eventz/delete.inc )
	23	( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
	24	( ./inc/replaceLocalURLs.inc )
	25	( ./nodes.php )
	26	( ./cron/rssparse.php )
	27	( ./scripts/contentregexp.php ) (obsolete?)
fe69da5f	28	Fix https vs http problem (url)
dcee7633	29
	30	- Suspected security holes:
	31	( cron/process-img.sh )
	32	( sms_payment.php => yes, sqli but is it really used? )
fe69da5f	33	( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
dcee7633	34	"strange" filenames like .htacess (to allow listing of folder)
dcee7633	35
9f213be0 H	36	- Implement URL handling using PATH_INFO instead of mod_rewrite
9f213be0 H	37
d48685b8	38	- Refactor directory structure
2f9b4885 H	39
	40	- Deprecated PHP features
	41	( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )
fe69da5f	42
	43	- keep fixing XSS
	44
	45	- documentation/installation guide (see README)
	46
	47	- Clean code => fix uninitialized variables