Update of /cvsroot/phpwebapp/top10/docs
In directory sc8-pr-cvs1:/tmp/cvs-serv19176/docs
Modified Files:
ToDo.txt
Log Message:
Index: ToDo.txt
===================================================================
RCS file: /cvsroot/phpwebapp/top10/docs/ToDo.txt,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** ToDo.txt 26 Sep 2003 15:32:21 -0000 1.4
--- ToDo.txt 30 Sep 2003 07:06:58 -0000 1.5
***************
*** 1,27 ****
! * - Add the admin mode.
! * - Add the possibility to delete a comment (only admin,
! or owner of the comment with confirmation).
! * - Add the possibility to delete a project or
! to add a new project (only admin).
! * - Install it in SF (together with the DB) and contact SF support
! for further help (filling the database with the relevant data).
! Add a link from phpWebApp page to Top10 page.
- Write a script that is executed periodically and updates the
status of old pending requests to 'expired'.
! - Make periodic backups for the database.
! - Check for malicious requests. Username is given by the user
! and sometimes the project id as well; check their values so
! that it is not possible for them to have a malicious value.
- If a user makes another request without confirming the first
one, invalidate the first request.
! - Using browse.php everybody can read the password of the database
! and any other sensitive information. Find out how to fix this.
--- 1,49 ----
! - At 'List of Projects' there will be a button 'Add New Project',
! so that anybody can add a new project and its details. However
! this newly added project will have the status 'new' and will not
! be listed until the admin approves it and its status is changed
! to approved. So, there should be a way for admin to list only
! the newly added projects. Also, he should be notified (by email)
! whenever a new project is added.
! - The admin can also delete a new project or any other project.
! He can do this either from the list of projects or from the project
! details.
! - Only admin can edit the details of a project or he can pass the
! right to edit it to another person, by sending him by e-mail
! a confirmation url.
! - A comment can be deleted only by the user who submited it
! (sending him a confirmation e-mail).
! A comment can also be deleted by the admin.
!
! - Check for malicious requests. Username is given by the user
! and sometimes the project id as well; check their values so
! that it is not possible for them to have a malicious value.
- Write a script that is executed periodically and updates the
status of old pending requests to 'expired'.
! - Using browse.php everybody can read the password of the database
! and any other sensitive information. Find out how to fix this.
! - Make periodic backups for the database.
- If a user makes another request without confirming the first
one, invalidate the first request.
! - Keep the count of the comments when a new comment is added or
! deleted.
! - Add the field 'subject' (or 'title') in the table 'comments'.
!
! ------------------------------------------------------------------
!
! - Finish Top10 and fill the database with the relevant data
! (also with the help of SF team).
!
! - Add a link from phpWebApp page to Top10 page.
!
! - Send a notification message to SF users about it.
!
|
