vBulletin v6.1.0

Markers

Table of Contents

vb/api/content/attach.php	1
vb/api/content/channel.php	1
vb/api/content/photo.php	1
vb/api/content/privatemessage.php	4
vb/api/editor.php	2
vb/api/hv.php	1
vb/api/node.php	3
vb/api/page.php	3
vb/api/paidsubscription.php	2
vb/api/profile.php	4
vb/api/reactions.php	6
vb/api/reputation.php	1
vb/api/route.php	1
vb/api/search.php	2
vb/api/socialgroup.php	1
vb/api/style.php	1
vb/api/styleschedule.php	1
vb/api/template.php	3
vb/api/unsubscribe.php	1
vb/api/user.php	3
vb/api/vb4/activity.php	4
vb/api/vb4/album.php	15
vb/api/vb4/cms.php	10
vb/api/vb4/private.php	1
vb/api/vb4/report.php	1
vb/api/widget.php	5
vb/api.php	1
vb/bbcodehelper.php	3
vb/cache/apc.php	1
vb/cache/memcached.php	1
vb/cache.php	1
vb/database.php	1
vb/datamanager/moderator.php	2
vb/datamanager/stylevar.php	1
vb/datamanager/stylevardefn.php	1
vb/datamanager/user.php	2
vb/entity/paidsubscription.php	1
vb/entity.php	1
vb/exception/404.php	1
vb/image/gd.php	1
vb/image/imagick.php	2
vb/image.php	1
vb/library/bbcode.php	14
vb/library/content/attach.php	3
vb/library/content/channel.php	1
vb/library/content/event.php	2
vb/library/content/link.php	1
vb/library/content/poll.php	3
vb/library/content/privatemessage.php	1
vb/library/content/text.php	2
vb/library/content/video.php	1
vb/library/content.php	13
vb/library/fcmessaging.php	2
vb/library/node.php	1
vb/library/notification.php	4
vb/library/phrase.php	1
vb/library/product.php	1
vb/library/reputation.php	2
vb/library/unsubscribe.php	2
vb/library/user.php	4
vb/library/usergroup.php	2
vb/library/vb4/functions.php	2
vb/mail.php	1
vb/notification/content/usermention.php	1
vb/notification/likednode.php	1
vb/notification/pollvote.php	1
vb/notification/visitormessage.php	1
vb/request/web.php	1
vb/usercontext.php	6
vb/utility/date.php	1
vb/utility/template/parsernode/curly/action.php	1
vb/utility/template/parsernode/curly/data.php	1
vb/utility/template/parsernode/curly/rawdata.php	1
vb/utility/template/parsernode/curly/template.php	1
vb/vb.php	2
vb/wysiwyghtmlparser.php	5
vb/xml/import/theme.php	4
vb/xml/import/widget.php	1

attach.php

Type	Line	Description
TODO	664	fix below. I think this is actually a bug.

channel.php

Type	Line	Description
TODO	509	fix this check?

photo.php

Type	Line	Description
TODO	279	replace this with a validate ACTION_VIEW check?

privatemessage.php

Type	Line	Description
TODO	382	Is there any reason to delete the humanverify record after the validate() call below instead of letting the cron deal with it?
TODO	490	log these errors.
TODO	593	get this from bbcode utility in the future.
TODO	1206	remove this function. Do not simply deprecate since

editor.php

Type	Line	Description
TODO	254	, set default values for this.
TODO	262	AND usergroup limit > 0

hv.php

Type	Line	Description
TODO	91	- We need a better solution. This works for now but is homely

node.php

Type	Line	Description
TODO	2500	why is setApproved() used to publish nodes?? Something does not look correct here.
TODO	2885	if this is ever corrected/implemented, be sure to add the old owner as a member of the channel
TODO	4827	make a legitimate map function that we can use everywhere for this. Is 'contenttypeclass' always set?

page.php

Type	Line	Description
TODO	450	Pagination? Currently fake-paginated (sliced) via the admincp page.
TODO	583	check for conflicts with existing pages for $url !!
TODO	795	If there already exists a "hard coded" '/' home navitem that's NOT associated with

paidsubscription.php

Type	Line	Description
TODO	369	replace the messy & confusing function params (i.e. wtf are $costs & $sub) with entity and update all paymentapis' generate_form_html()
TODO	373	vB_Template::create() has many PHP notices. We need to fix them.

profile.php

Type	Line	Description
TODO	180	is there supposed to be an else...error here for when pathinfo's empty?
TODO	420	check that this event is triggered when modifying the content of a subchannel
TODO	797	CACHE THIS???
TODO	1198	check that this event is triggered when modifying the content of a subchannel

reactions.php

Type	Line	Description
TODO	372	do we want to still update the totallikes even without rep perms?
TODO	456	We should figure out what to do about reputation & totallikes counters when a node that has likes on it is removed...
TODO	502	We probably want to refactor the LikedNode notification in phrasing & usage.
TODO	581	Also check globalignores & skip send?
TODO	624	Better permission check
TODO	655	Not sure if above type limiting is still necessary or valid. This was copied from

reputation.php

Type	Line	Description
TODO	94	Better permission check

route.php

Type	Line	Description
TODO	385	check channel perms instead of MAIN_CHANNEL perm later.

search.php

Type	Line	Description
TODO	92	$searchType shouldn't have a default value, but be explicitely declared in each call
TODO	1526	figure out how to actually implement this for photo attachments...

socialgroup.php

Type	Line	Description
TODO	858	this code is similar to vB_Api_Widget::saveChannel, add a library method with it?

style.php

Type	Line	Description
TODO	21	some of these methods shouldn't be public. We should move them to vB_Library_Style instead to avoid exposing them in the API.

styleschedule.php

Type	Line	Description
TODO	99	Hard-code the start time & end time to 00:00:00 & 23:59:59 in API? Or in admincp?

template.php

Type	Line	Description
TODO	585	Product API
TODO	762	Product API
TODO	1060	Product API

unsubscribe.php

Type	Line	Description
TODO	82	create a separate user lib function for saving email options, user::save() is ridiculous.

user.php

Type	Line	Description
TODO	1817	What's the difference in data between $userinfo & $olduser? Why do we need both?
TODO	4700	// also add max db column length check?
TODO	6879	what else should we lock behind canviewmembers?

activity.php

Type	Line	Description
TODO	346	Need to look into this.
TODO	363	TEST THIS
TODO	507	This doesn't seem right but I'm not going to go search around
TODO	669	include this as part of the regular 'photo' array info?

album.php

Type	Line	Description
TODO	29	Implement when vB5 is more well defined on this feature.
TODO	69	Implement when vB5 is more well defined on this feature.
TODO	88	Change this when VBV-9148 is fixed. There is no such thing as private albums in vb5 atm.
TODO	89	Change this when moderation of album pictures is respected
TODO	147	'pictureurl' => $thumbUrl,
TODO	152	, moderation?
TODO	182	'end' =>0, // TODO
TODO	188	'personalalbum' => ($album['viewperms'] == 0),
TODO	214	'messagestats' => array(
TODO	273	'caption_html' => '', // TODO
TODO	283	'prev_text_short' => '', //TODO
TODO	286	'next_text_short' => '', //TODO
TODO	309	'add_group_link' => 0, // TODO
TODO	311	'moderation' => 0, // TODO
TODO	313	),

cms.php

Type	Line	Description
TODO	289	should this array also have any section data?
TODO	913	spec this.
TODO	921	spec this.
TODO	1053	spec this.
TODO	1131	What's the actual analog of the list.php vB4 page???
TODO	1134	Is this the expected value??
TODO	1136	how's this used by the app?
TODO	1143	what is this
TODO	1220	What's the actual analog of the list.php vB4 page???
TODO	1222	Is this the expected value??

private.php

Type	Line	Description
TODO	465	when should a PM be read when fetched from MAPI?

report.php

Type	Line	Description
TODO	132	does the app require these error keys to have corresponding phrases in vB5 ?

widget.php

Type	Line	Description
TODO	184	update cleanWidgetConfigData() to better handle random values coming in from above...
TODO	336	this requires a phrase fetch... see addWidgetTitles
TODO	1761	reduce code duplication without degrading readability.
TODO	2137	Optimization-- this information has probably already been queried somewhere
TODO	2454	this doesn't use pagination. If/When UI changes, use vBForum:getChannel instead

api.php

Type	Line	Description
TODO	421	Check if this is truly necessary with mobile team

bbcodehelper.php

Type	Line	Description
TODO	205	need a way to also remove trailing   ... I think the only way   can get in
TODO	209	^-
TODO	362	do we need to escape smiliepath?

apc.php

Type	Line	Description
TODO	84	This can be inherited once late static binding is available. For now it has to be redefined in the child classes

memcached.php

Type	Line	Description
TODO	101	This can be inherited once late static binding is available. For now it has to be redefined in the child classes

cache.php

Type	Line	Description
TODO	647	Provide more options

database.php

Type	Line	Description
TODO	1175	-- need to clean up VB_AREA stuff

moderator.php

Type	Line	Description
TODO	141	the way we return the int value directly disallows using this method to set perms to 0.
TODO	159	the way we return the int value directly disallows using this method to set perms to 0.

stylevar.php

Type	Line	Description
TODO	583	validate fontlist is a list of fonts, with "'" wrapped around font names with spaces, and each font separated with a ",".

stylevardefn.php

Type	Line	Description
TODO	111	TEST THIS FUNCTION!!! Coded w/o testing or reference

user.php

Type	Line	Description
TODO	1006	we may want to allow bypasses for these types too for third party data providers. For now
TODO	2429	Should *losing* a usergroup that has an auto channel sub remove the sub?

paidsubscription.php

Type	Line	Description
TODO	18	probably should make these readonly after php 8.1

entity.php

Type	Line	Description
TODO	175	need to figure out how to differentiate between backing-field properties

404.php

Type	Line	Description
TODO	27	Set the reroute path from vB_Router::$App->get404Route();

gd.php

Type	Line	Description
TODO	1280	Do we really care that they renamed the extension??

imagick.php

Type	Line	Description
TODO	816	force rewrite image?????
TODO	970	determine based on image size (width)? whether it's best to try to fit

image.php

Type	Line	Description
TODO	1554	What if the marker is split between 2 chunks?

bbcode.php

Type	Line	Description
TODO	114	refactor this property
TODO	149	remove $this->forumid
TODO	246	combine with $this->options?
TODO	874	discrepancy with frontend parser:
TODO	1599	edit & preview mode hit this. We may want Edit to use the existing cache...
TODO	2316	discrepancy, frontend seems to render 'video_frame' not 'bbcode_video" template?
TODO	2708	edit & preview mode hit this. We may want Edit to use the existing cache...
TODO	2971	Move to UNSHARED block at bottom
TODO	3171	This doesn't look right to me. I feel like htmlSpecialCharsUni should be outside of the
TODO	3186	can legacy attachments come through here...???
TODO	3340	Allow $size == 'icon' case for thumbs-only-channels??
TODO	4147	This doesn't look right to me. I feel like htmlSpecialCharsUni should be outside of the
TODO	4160	REPLACE USE OF unserialize() above WITH json_decode
TODO	4240	WHAT IS THIS CAPTION???

attach.php

Type	Line	Description
TODO	715	This needs to check signature related usergroup permissions. VBV-14819
TODO	1679	Remove need for $skipUploadPermissionCheck
TODO	1735	upload check? at the moment, all callers have already called $this->scanFileArray(...), so

channel.php

Type	Line	Description
TODO	94	API will no longer allow this. Remove this code as well at some point.

event.php

Type	Line	Description
TODO	44	should this be LIB? API should've checked perms..
TODO	323	Remove this, should not be needed any longer and we can't keep supporting

link.php

Type	Line	Description
TODO	357	uncomment this when the editor is ready

poll.php

Type	Line	Description
TODO	51	Why do we call this when the parent::getFullContent() already called it?
TODO	117	we need to improve this to consider voting permissions for guests.
TODO	480	Should subscribers get notifications for poll votes?

privatemessage.php

Type	Line	Description
TODO	1097	This isn't correct. There's no guarantee the first node (or ANY node requested here) is

text.php

Type	Line	Description
TODO	1169	figure out a way to do this in bulk
TODO	1525	Some legacy attachments may not be visible due to permissions. I don't think this function

video.php

Type	Line	Description
TODO	244	Permission check

content.php

Type	Line	Description
TODO	281	finish documenting this function
TODO	389	refactor this and create a vB5_Route method to get this info,
TODO	1079	Not sure if this is actually used. The CreateContent controller
TODO	1597	I think the $action below is supposed to be $thisaction, but unclear ATM and changing this is
TODO	2948	VM CHECKS. VM's got their own thang going on, and we should make sure that the backend & front-end match. And that the different parts of the rear match
TODO	3151	GET RID OF $record['canremove']
TODO	3155	GET RID OF $record['canremove']
TODO	3160	, update above with the new, real moderator permission when we work on VBV-12234
TODO	3230	figure out a way to combine this & the following if blocks into the
TODO	3257	figure out what this does and remove if it does nothing
TODO	3435	GET RID OF $record['canremove']
TODO	3552	fetch tag synonyms??
TODO	4045	Should this function return result of below call instead of guaranteed false if we hit this point?

fcmessaging.php

Type	Line	Description
TODO	1426	do we have to validate the device token (aka registration id)?
TODO	1469	do we have to validate the device token (aka registration id)?

node.php

Type	Line	Description
TODO	1878	instead of skipping $vmAvatar, generate a "default" array in case templates expect the avatar

notification.php

Type	Line	Description
TODO	254	also group by languageid for phrasing.
TODO	613	need to add heavy testing for the counts below
TODO	963	figure out how to get rid of this double call to follow API (this is also called in
TODO	1139	REFACTOR CONTENT LIBRARY'S sendEmailNotification()

phrase.php

Type	Line	Description
TODO	920	store this somewhere? -- might as well store phrases converted now to

product.php

Type	Line	Description
TODO	160	shouldn't subtype be empty or match $package?

reputation.php

Type	Line	Description
TODO	82	implement guest votes?
TODO	118	implement guest votes?

unsubscribe.php

Type	Line	Description
TODO	185	do we need a function to reset all mailoption secret & hashes? E.g. like resetting passwords after a breach.
TODO	187	delete record when user is deleted

user.php

Type	Line	Description
TODO	261	We need to skip perm checks for this so *all* user data gets caught in the net when
TODO	270	figure out what should happen with categories
TODO	3722	userfield scope for userlib saves???
TODO	5285	All of these selects are candidates for UNBUFFERED selects, when we implement it.

usergroup.php

Type	Line	Description
TODO	28	This seems to only be used by the channel XML importer.
TODO	693	push this into systemevent.

functions.php

Type	Line	Description
TODO	1369	Implement when vB5 adds them
TODO	1380	Implement when vB5 adds them

mail.php

Type	Line	Description
TODO	677	some claim that this header should NOT be RFC 2047 encoded as that'll be ignored

usermention.php

Type	Line	Description
TODO	93	Add UGP

likednode.php

Type	Line	Description
TODO	79	Confirm this behavior, should this be if_read instead?

pollvote.php

Type	Line	Description
TODO	86	Confirm this behavior, should this be if_read instead?

visitormessage.php

Type	Line	Description
TODO	393	Do phrases like {1}: {2} that can be hard-coded concatenations require phrasing for

web.php

Type	Line	Description
TODO	44	how should we determine this?

usercontext.php

Type	Line	Description
TODO	301	do we need a superadmin bypass here?
TODO	1145	do we need to allow superadmin bypass for infraction masking here?
TODO	1313	We probably need to check if any infraction groups are applied on this user and if they
TODO	1342	This needs to actually check. This is fairly complex, but it needs to check with
TODO	1484	We have a lot of cases where we do this operation:
TODO	2242	... is this right? We don't check if the node is actually their own channel or anything?

date.php

Type	Line	Description
TODO	268	This isn't really "broken", just not exactly the same. Should we

action.php

Type	Line	Description
TODO	32	Add an error phrase for no controller/action specified

data.php

Type	Line	Description
TODO	30	Add an error phrase for no controller/action specified

rawdata.php

Type	Line	Description
TODO	30	Add an error phrase for no controller/action specified

template.php

Type	Line	Description
TODO	25	Add an error phrase for no template specified

vb.php

Type	Line	Description
TODO	616	Do any hooks need this information?
TODO	662	this should be handled with an exception, the backend shouldn't produce output

wysiwyghtmlparser.php

Type	Line	Description
TODO	415	the [^>]+ breaks if there's any attribute that has > in quotes before the src attribute. We need a way to handle this.
TODO	688	update regex to also check that it is OUR server?
TODO	783	update regex to also check that it is OUR server?
TODO	1788	use stylevar
TODO	1822	use stylevar

theme.php

Type	Line	Description
TODO	141	need to test that overwrite works correctly
TODO	265	Figure out what this is used for
TODO	349	should we throw an exception if no guid is provided?
TODO	742	need better check to grab REAL files only. One approach is to use a filename prefix and check for that, like how customlanguages does it

widget.php

Type	Line	Description
TODO	801	update saved adminconfigs