-- User mail is not working
+- remove hard-coded constants (everywhere):
-- Registration process is not working
- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
- (We can use multiple hash algorithms (so we'll have backward DB compatibility):
- {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
- {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
- 5b077a0ab90992d9763c5b120b22c9d7
- )
+- Registration process -> Add welcome texts & move them to one file/node
+ +(during registration we should generate GnuPG keypair
+ to user_gpg_prv and user_gpg_pub fields in table users) (harvie)
-- Cron scripts are not executed
- (no automatic logouts, no K generation, ...)
+- User mail -> can't delete the mails...
+ Anyway move whole mail handling out of nodes.php (?)
-- fix uploading of files
+- SQL injections (many fixed, but some are still there)
-- fix ALL sql injections
+- remove absolute paths from all source files (!)
+- convert to some more inteligent path system... eg.:
+ define('SYSTEM_ROOT', '/srv/kyberia/');
+ define('SYSTEM_WWWROOT', SYSTEM_ROOT.'/wwwroot/');
+ define('SYSTEM_URL', '/'); //or https://dev.kyberia.cz/
+ define('SYSTEM_DATA', '_data/');
+ define('SYSTEM_IMAGES', '_images/');
+ because right now we can't determine both: filesystem path and URL of the same directory. this SUX!
+- when we will be doing this we should make kyberia compatible with "./" PHP open base dir.
+ i think that it's really nice philosophy when PHP script is never accessing files that are not in the same directory (or it's subdirectory) as the script itself (especially when it cannot do this - it can be good security improvement).
-- remove absolute paths from all source files (!) (over 50)
+- remove hard-coded hostname from:
+ ( registration mails )
+ ( scripts in "scripts" directory (system paths))
-- remove hard-coded kyberia.sk from:
- ( ./inc/eventz/configure_email.inc )
- ( ./inc/eventz/delete.inc )
- ( ./inc/smarty/node_methodz/modifier.replaceLocalURLs.php )
- ( ./inc/replaceLocalURLs.inc )
- ( ./nodes.php )
- ( ./cron/rssparse.php )
- ( ./scripts/contentregexp.php ) (obsolete?)
- Fix https vs http problem (url)
+- Fix https vs http problem (url)
-- Suspected security holes:
- ( cron/process-img.sh )
- ( sms_payment.php => yes, sqli but is it really used? )
- ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
- "strange" filenames like .htacess (to allow listing of folder)
+- Uploading user images works, but resizing?
-- Implement URL handling using PATH_INFO instead of mod_rewrite
+- Suspected security holes:
+ ( ./inc/smarty/node_methodz/function.fetch.php) (read local files?)
+ ( ./inc/eventz/spamuj_ubik.inc )
+ ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
+- Remove/fix not working eventz
+ ( ./inc/eventz/addClass.inc )
+ ( ./inc/eventz/addEvent.inc )
+ ( ./inc/eventz/addAjax.inc )
+ ( ./inc/eventz/addPlugin.inc )
+ ( ./inc/eventz/kyberia.inc ) (wtf)
+
- Refactor directory structure
- Deprecated PHP features
- keep fixing XSS
-- documentation/installation guide (see README)
+- Fix defaukt template (big tables)
+
+- Remove templates from git (they should be only in sql)
- Clean code => fix uninitialized variables
+
+- documentation/installation guide (see README)
+
+- Make PATH_INFO not changing contents of $_GET[] (it should affect some other variable instead - requires complex rewrite)
+- Switch completely to Base36 (Templates, Links, don't change $_GET[], queries should convert between base10 in db and base36 in kyberia automatically, etc...)
+
+- Rename all files&directories that should not be rewritten to PATH_INFO to start with "_" (and if they should be also ignored by git they should start with "-")
+ (Rename images to _images - and fix hardcoded stuff...)
+
+- Fix /(id|k)/*/download
+ (ERROR: Empty file to download.)
+ (I think this should be implemented as template (and smarty method for download). template can be ID down in base36 = 638807 in base10)
+
+- Cleanup DB
+ (Make script for deleting nodes in recycle bin)
+ (Some actions (like loging, etc...) may be implemented using SQL triggers)
+ (Mark all nodes that should become part of distribution of kyberia software)
+ (Delete unused tables)
+ (Replace duplicit tables with VIEWs)
+
+- Image uploading not working (?)
+
+- put "setParent" everywhere
+
+- set_synapse_weigth not working sometimes (synapse from 904 to 332 for example)
+ Also weight is always shown as "1"
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blobdiff