- User mail is not working
- Registration process is not working
- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
- (We can use multiple hash algorithms (so we'll have backward DB compatibility):
- {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
- {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
- 5b077a0ab90992d9763c5b120b22c9d7
- )
+ (rewrite sending of reg. mails)
-- Cron scripts are not executed
- (no automatic logouts, no K generation, ...)
-
-- fix uploading of files
+- Cron scripts are not executed (most of them should be OK now)
+ (no automatic logouts, no K generation, ...)
- fix ALL sql injections
- Suspected security holes:
( cron/process-img.sh )
- ( sms_payment.php => yes, sqli but is it really used? )
- ( inc/eventz/upload_data_node.php => Shell injections in .zip handling, .jpg handling,
- "strange" filenames like .htacess (to allow listing of folder)
+ ( ./inc/eventz/spamuj_ubik.inc )
+ ( ./inc/eventz/upload_own_template.inc ) (is even needed?)
-- Implement URL handling using PATH_INFO instead of mod_rewrite
+- Remove eventz (and files) that are not used (verify this before removing)
+ ( ./inc/eventz/login_lockout_test.inc )
+ ( ./inc/eventz/add_test.inc )
+ ( ./inc/eventz/add_ubik_friend.inc )
+ ( ./inc/eventz/cron_test.inc )
+ ( ./inc/eventz/login_lockout_test.inc )
+ ( ./inc/eventz/login_test.inc )
+ ( ./inc/eventz/mail_test.inc )
+ ( ./inc/eventz/test_button.inc )
+ ( ./inc/eventz/testing_cron.inc )
+ ( ./inc/eventz/testm.inc )
+ ( ./inc/eventz/send-old.inc )
+ ( ./inc/eventz/destroy_synapse2.inc )
+ ( ./inc/eventz/login2.inc )
+ ( ./inc/eventz/send2.inc )
+ ( ./inc/eventz/set_parent2.inc )
+
+- Remove/fix not working eventz
+ ( ./inc/eventz/addClass.inc )
+ ( ./inc/eventz/addEvent.inc )
+ ( ./inc/eventz/addAjax.inc )
+ ( ./inc/eventz/addPlugin.inc )
+ ( ./inc/eventz/kyberia.inc ) (wtf)
+
- Refactor directory structure
- documentation/installation guide (see README)
- Clean code => fix uninitialized variables
+
+- Implement URL handling using PATH_INFO instead of mod_rewrite
+
+- (IMHO we should use SHA1 or stronger algorithm instead of MD5 for storing passwords)
+ (We can use multiple hash algorithms (so we'll have backward DB compatibility):
+ {SHA256}0654209dbde29a5c17e4f04ab63a91d303d2e7c791c7b5777581a7fa6550054e
+ {SHA1}f67c52c4a27cf05c99e4f3f946d6500f045a4735
+ 5b077a0ab90992d9763c5b120b22c9d7
+ ) Harvie
+
<?php
+
+// XXX WTF
+
function addClass() {
global $db,$error,$node, $error_messages;
$fp = fopen (OWN_TEMPLATE_DIR.$add_template_id.".tpl", "w+");
fwrite($fp,$node_content);
fclose($fp);
- chown(OWN_TEMPLATE_DIR.$add_template_id.".tpl","wwwedit");
+ chown(OWN_TEMPLATE_DIR.$add_template_id.".tpl","wwwedit"); // XXX WTF
$q="update nodes set external_link = 'template://$add_template_id' where node_id='".$add_template_id."'";
$db->query($q);
+++ /dev/null
-<?php
- // CONSIDER AS BETA!!! DO NOT TOUCH PLZ :) 2105641
- // Comments, requests and bugs na moj mail ;) dakujem.
-
- function __cin_get_img_type(&$_file_i) {
- list($_mime_type, $_mime_subtype) = explode('/', $_file_i['type']);
- if ($_mime_type != 'image') return (false);
-
- $_img_i = getimagesize($_file_i['tmp_name']);
- switch ($_mime_subtype) {
- case 'gif': return (($_img_i[2] == 1)?'gif':false); break;
- case 'jpeg': return (($_img_i[2] == 2)?'jpg':false); break;
- case 'png': return (($_img_i[2] == 3)?'png':false); break;
-
- default: return (false); break;
- }
- }
-
- function __cin_create_tmp_image($_src_f, $_dest_f, $_img_t, $_img_w) {
-
- switch ($_img_t) {
- case 'gif': $_img_c_func = 'imagecreatefromgif'; break;
- case 'jpg': $_img_c_func = 'imagecreatefromjpeg'; break;
- case 'png': $_img_c_func = 'imagecreatefrompng'; break;
-
- default: return (false); break;
- }
-
- $_src_i = $_img_c_func($_src_f);
- $_src_w = imagesx($_src_i);
- $_src_h = imagesy($_src_i);
-
- $_dest_w = floor($_src_w / ($_src_w / min($_src_w, $_img_w)));
- $_dest_h = floor($_src_h / ($_src_w / min($_src_w, $_img_w)));
-
- $_dest_i = imagecreatetruecolor($_dest_w, $_dest_h);
-
- imagecopyresampled($_dest_i, $_src_i, 0, 0, 0, 0, $_dest_w, $_dest_h, $_src_w, $_src_h);
-
- imagegif($_dest_i, $_dest_f);
- chmod($_dest_f, 0664);
-
- imagedestroy($src_i);
- imagedestroy($dest_i);
-
- return (true);
- }
-
- function configure_image_new() {
- global $error, $node;
-
- if (empty($_FILES['description_image'])) {
- $error = '#00: Invalid file supplied.';
- return (false);
- }
-
- // if is owner, find out type of the image
- if ($node['node_permission'] == 'owner') {
-
- if (!($_img_t = __cin_get_img_type($_FILES['description_image']))) {
- $error = '#01: Invalid file format (JPEG, GIF & PNG are only allowed)';
- return (false);
- }
-
- $_WEBROOT_PATH = realpath(dirname(__FILE__).'/../..');
- $_PROCESS_IMG_PATH = $_WEBROOT_PATH.'/process-img';
-
- $_required_dims = ($node['node_id'] == $_SESSION['user_id'])?50:NODE_IMAGE_WIDTH;
- $_prepared_fname = sprintf('%s/prepared/%03s_%s.gif.upload', $_PROCESS_IMG_PATH, $_required_dims, $node['node_id']);
- $_nodeimg_fname = sprintf('%s/images/nodes/%s/%s/%d.gif', $_WEBROOT_PATH, $node['node_id'][0], $node['node_id'][1], $node['node_id']);
-
- if (!is_uploaded_file($_FILES['description_image']['tmp_name'])) {
- $error = '#02: Invalid file upload';
- return (false);
- }
-
- if (!__cin_create_tmp_image($_FILES['description_image']['tmp_name'], $_nodeimg_fname, $_img_t, $_required_dims)) {
- $error = '#03: Unable to create temporary thumbnail image!';
- return (false);
- }
-
- if (!move_uploaded_file($_FILES['description_image']['tmp_name'], $_prepared_fname)) {
- $error = '#04: Error moving uploaded file!';
- return (false);
- }
-
- chmod($_prepared_fname, 0664);
- rename($_prepared_fname, substr($_prepared_fname, 0, -7));
-
- }
-
- return (true);
- }
-?>
\ No newline at end of file
<?php
+
+// XXX permision check?
+
function debugging() {
if ($_SESSION['debugging']) unset($_SESSION['debugging']);
else $_SESSION['debugging']=true;
<?php
+
+// XXX remove completly?
+
function upload_own_template() {
global $db,$error,$node;
$db->query("update nodes set node_template='$node_template' where node_id='$node_id'");
}
-?>
\ No newline at end of file
+?>
<?php
class filez {
-function filez($id) {
+//XXX function not used, remove?
+
+public static function files($id) {
global $db,$error;
if (!is_dir(FILE_DIR.$_SESSION['user_id'])) {
mkdir(FILE_DIR.$_SESSION['user_id']);
return $_SESSION['user_id'].'/'.$_FILES['data_file']['name'];
}
+// Function that check if given filename is "secure" (for uploading)
+// Dont use for reading files, directory traversal is not checked
+
+public static function filename_secure(name){
+ $suffix = array_pop(explode('.', basename($name)));
+
+ // This is unfornately blacklist
+ // TODO extend for all possible server configuations
+ // TODO: why js?
+ $preg_disallowed = '/([a-z]*)(php|htm|inc|js|vbs|cgi|asp|jsp|htaccess)([a-z]*)$/i';
+ if (preg_match($preg_disallowed, $suffix) > 0) {
+ return false;
+ }
+ return true;
+}
+
}
/*
}
-?>
\ No newline at end of file
+?>
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / commitdiff
