doc/TODO

   1 - User mail is not working
   2  (seems to be fixed, but we still can't delete the mails...)
   3   Anyway move whole mail handling out of nodes.php (?)
   4
   5 - Registration process is not working
   6   (rewrite sending of reg. mails) (TEST)
   7   (during registration we should generate GnuPG keypair to user_gpg_prv and user_gpg_pub fields in table users)
   8
   9 - SQL injections (many fixed, but some should be still there)
  10
  11 - remove absolute paths from all source files (!)
  12
  13 - User images (icons) seems to be broken somehow
  14
  15 - remove hard-coded hostname from:
  16   ( registration mails )
  17   ( scripts in "scripts" directory (system paths))
  18
  19 - Fix https vs http problem (url)
  20
  21 - Suspected security holes:
  22   ( cron/process-img.sh )
  23   ( ./inc/eventz/spamuj_ubik.inc )
  24   ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
  25
  26 - Remove/fix not working eventz
  27   ( ./inc/eventz/addClass.inc  )
  28   ( ./inc/eventz/addEvent.inc )
  29   ( ./inc/eventz/addAjax.inc )
  30   ( ./inc/eventz/addPlugin.inc )
  31   ( ./inc/eventz/kyberia.inc ) (wtf)
  32
  33 - Refactor directory structure
  34
  35 - Deprecated PHP features
  36   ( Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 163 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 184 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 196 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 208 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 220 Deprecated: Assigning the return value of new by reference is deprecated in /srv/kyberia/wwwroot/nodes.php on line 242 )
  37
  38 - keep fixing XSS
  39
  40 - Test & scale logarithmic threading
  41
  42 - some templates are fixed only in .tpl, not in sql database
  43   => synchronize .tpl vs SQL templates (permanently)
  44
  45 - Clean code => fix uninitialized variables
  46
  47 - documentation/installation guide (see README)
  48
  49 - Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
  50 - Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
  51
  52 - (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
  53   (We really need this... I've cracked Hromi's password in few seconds (even when it was relatively secure))
  54   (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)