+- remove hard-coded constants (everywhere):
+
- Registration process -> Add welcome texts & move them to one file/node
- Temporary requests node does not exists.
- Nodes are created with bad vector
- (during registration we should generate GnuPG keypair
+ +(during registration we should generate GnuPG keypair
to user_gpg_prv and user_gpg_pub fields in table users) (harvie)
-- Uploading user images works, but resizing?
-
- User mail -> can't delete the mails...
Anyway move whole mail handling out of nodes.php (?)
-- SQL injections (many fixed, but some should be still there)
+- SQL injections (many fixed, but some are still there)
- remove absolute paths from all source files (!)
- convert to some more inteligent path system... eg.:
- Fix https vs http problem (url)
+- Uploading user images works, but resizing?
+
- Suspected security holes:
- ( cron/process-img.sh )
+ ( ./inc/smarty/node_methodz/function.fetch.php) (read local files?)
( ./inc/eventz/spamuj_ubik.inc )
( ./inc/eventz/upload_own_template.inc ) (is even needed?)
- keep fixing XSS
-- Test & scale logarithmic threading
+- Fix defaukt template (big tables)
- Remove templates from git (they should be only in sql)
- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
-- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
- (I've implemented this partially. We can now login using various hash algorithms, it's backward compatible, but we still need to edit registration/password changing to use SHA1 when updating passwords in DB)
-
- Rename all files&directories that should not be rewrited to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-")
(Rename images to _images - and fix hardcoded stuff...)
- Fix /(id|k)/*/download
(ERROR: Empty file to download.)
(I think this should be implemented as template (and smarty method for download). template can be ID down in base36 = 638807 in base10)
+
+- Cleanup DB
+ (Make script for deleting nodes in recycle bin)
+ (Some actions (like loging, etc...) may be implemented using SQL triggers)
+ (Mark all nodes that should become part of distribution of kyberia software)
+ (Delete unused tables)
+ (Replace duplicit tables with VIEWs)
+
+- Image uploading not working (?)
+
+- put "setParent" everywhere
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff