alp2/alp2.c (27 lines): - line 57: // TODO This header is optional, but is not allowed to appear more than once. - line 72: // TODO This header is optional, but is not allowed to appear more than once. - line 279: // TODO Validate. - line 362: // TODO Validate. - line 417: // TODO Make sure this is not an escaped char - line 428: // TODO This parser implementation allows for invalid - line 506: // TODO This header is required (a check for its appearance is made when - line 523: // TODO Validate - line 527: // TODO Validate - line 552: // TODO This header is optional, but it is not allowed to appear more than once. - line 567: // TODO Validate - line 571: // TODO Validate - line 577: // TODO Validate - line 680: // TODO Only one allowed - line 687: // TODO Only one allowed - line 694: // TODO Only one allowed - line 701: // TODO Only one allowed - line 909: // TODO Do we want to do anything on error? - line 963: // TODO I think the right thing to do is use the port numbers - line 974: // TODO Do not use the port number if the hostname - line 980: // TODO Always use the port number if the hostname - line 989: // TODO If the hostname is not numeric, remove the port - line 1040: // TODO Validate - line 1044: // TODO Validate - line 1048: // TODO Validate - line 1052: // TODO Validate - line 1346: // TODO Needs improving (e.g. to support simplified HTTP/0.9 requests apache2/apache2_config.c (5 lines): - line 443: /* TODO: copy_rules return code should be taken into consideration. */ - line 470: /* TODO: copy_rules return code should be taken into consideration. */ - line 2233: /* TODO check whether the parameter is a valid MIME type of "???" */ - line 2283: /* TODO: Validate the range here, while we can still tell the user if it's invalid */ - line 2487: // FIXME: Should we handle more then one server at once? nginx/modsecurity/ngx_http_modsecurity.c (5 lines): - line 299: /* TODO: how to use ap_method_number_of ? - line 379: * TODO: deal more headers. - line 606: /* TODO: server_rec per server conf */ - line 782: * TODO: The current design of handing off modsec execution to a thread is happening too soon. It must - line 1102: /* TODO: set server_rec, why igonre return value? */ apache2/msc_json.c (4 lines): - line 92: * TODO: How do we free the previously string value stored here? - line 102: * TODO: Is there a way to define true null parameter values instead of - line 210: * TODO: Check if it is safe to do this kind of pointer tricks - line 259: * TODO: make UTF8 validation optional, as it depends on Content-Encoding apache2/msc_remote_rules.c (3 lines): - line 434: apr_size_t salt_len = 16; //FIXME: salt_len should not be hard coded. - line 523: // FIXME: size should not be hardcoded. - line 596: //FIXME: size should not be hardcoded like that. apache2/msc_reqbody.c (3 lines): - line 113: // TODO: All these below need to be registered in the same way as above - line 336: // TODO: All these below need to be registered in the same way as above - line 691: // TODO: All these below need to be registered in the same way as above apache2/mod_security2.c (2 lines): - line 1099: * TODO We might still want to hold onto the original headers - line 1406: // TODO: Holding off on this for now (needs more testing) apache2/modsecurity.c (2 lines): - line 133: // TODO: msre_engine_register_default_reqbody_processors(msce->msre); - line 396: // TODO: Why do we ignore return code here? apache2/msc_geo.c (2 lines): - line 329: /* TODO: check rc */ - line 395: /* TODO: check rc */ tools/rules-updater.pl.in (2 lines): - line 321: # TODO: Verify sig - line 414: # TODO: Diffs apache2/msc_util.c (2 lines): - line 2283: // TODO Support paths on operating systems other than Unix. - line 2629: char buf[HUGE_STRING_LEN + 1]; // FIXME: 2013-10-29 zimmerle: dynamic? apache2/re.c (1 line): - line 319: // TODO need a good way to remove the element from array, maybe change array by tables or rings alp2/alp2.h (1 line): - line 129: // TODO All these need reviewing alp2/alp2_pp.c (1 line): - line 66: // TODO Memory leak; use a single parser buffer to avoid per-entry apache2/apache2_io.c (1 line): - line 491: /* TODO: These need to move to flags in 2.6. For now log them apache2/persist_dbm.h (1 line): - line 29: * TODO: add as a configuration parameter apache2/re_actions.c (1 line): - line 2198: /* TODO Support relative filenames. */