
$Id: TODO,v 1.8 2001/06/04 22:24:18 chrisj Exp $

Things To Do for Release 7.2d:

1. Fix know bugs:

1) db_mysql.inc, function unlock() needs one line fix to mysql_query()
   to add $this->Link_ID.

2) ct_sql.inc, function ac_store() needs one line fix to if {} after
   $this->db->query($uquery) to prevent duplicate active sessions.

3) table.inc -- next_record() is called twice in the show_result() method,
	"swallows" the first result row

4) table.inc -- should be $this->print_array($d); instead of print_array($d) in several 
   places.

5) db_mssql.inc, line 126 -- uses mssql_affected_rows(), which does not exist in PHP.

6) prepend.php3 -- security problem as described below:
   There appears to be a security hole in the PHPLib prepend.php3 file by
   default.  There is a section where $_PHPLIB['libdir'] is set if it is not
   already set.  This allows somebody to pass a value for the variable with the
   GET if register globals is set.  If php is set to allow url's with fopen
   (which is the default) it is possible to supply your own include files to
   PHPLib.  You can pretty much run anything you want.  Am I missing something?
   How is this variable expected to be set prior to encountering prepend.php3?
   The documentaion only mentions this variable in passing, mostly just to say
   that the name is used.  It is possible to bypass this problem just by
   explicitly setting the variable in prepend.php3, so it's easy to fix.  I
   would appreciate any information on this you can give me.  William Stockall.


*) Others as they are found, reported or documented.

	Some possible bugs reported by Forrest J Cavalier III
	(forrest@mibsoftware.com):

	I am using a new tool for PHP code auditing.

	I found three items while auditing table.inc
	of 7.2.b.

	----------------------------------------------
	function show_table_page_rows()

	uses $key,$val, but does not set them:
	$this->table_row($row, $key, $val, $class);

	(This may be serious, I don't know)

	----------------------------------------------
	function show_table_heading_cells()
	has the line:
	$cell = 0;

	which I think that should be $col = 0;  (or
	the later line in that function should have
	$cell++)

	Since table_heading_cell() doesn't use the first
	argument, it seems like there is no observable
	defect.

	----------------------------------------------
	function table_heading_cell() 

	sets $found, but never uses it.

	Doing a little bit more auditing.  (Again,
	this is just for testing the tool.  I only
	have done table.inc and now db_mysql.inc
	from phplib...)

	I'm not sure this is a bug...
	In db_mysql.inc  seek()
	$this->Row = $this->num_rows;

	There is a num_rows function, but not a num_rows
	member variable.  

	Does PHP call the function even when there are no ()?
	-------------------------------------------
	In db_mysql.inc  lock()

	there is error handling code...

	if (!$res) {
	$this->halt("lock($table, $mode) failed.");
	return 0;
	}

	which doesn't work so well when $table is an
	array.



2. Certify correct for use with both PHP3 and PHP4.

3. Optionally, include use of PHP4 sessions.

4. Modularize the sqlquery class, add an option to sort the query results (?)
