sucs-site issueshttps://projects.sucs.org/sucssite/sucs-site/-/issues2020-09-28T11:54:45Zhttps://projects.sucs.org/sucssite/sucs-site/-/issues/43Single quotes lead to missing pieces of MOTD2020-09-28T11:54:45ZThomas LakeSingle quotes lead to missing pieces of MOTDThe HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
...The HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
```
Community update
Greetings to anyone that found this.
It feel free to join the discord the exec team is usually online and it where we do most of our comunication at this point in time.
Other than that we are currently working to make communication more clear
about what we are doing Caleb(kalube) has recently created a new blog site,
over at blogs.sucs.org[2].
We hope to talk to you via the discord in this uncertain time.
----
[1]: https://discord.gg/NxRPqEY
[2]: http://blogs.sucs.org
whizzywig
```https://projects.sucs.org/sucssite/sucs-site/-/issues/42CI/CD & Merges: Enable fast forward merges2021-12-23T12:10:01ZThomas LakeCI/CD & Merges: Enable fast forward mergesCurrently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easi...Currently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easily
:no_entry_sign: Simple changes generate multiple merge commits
Is there any particular downside to enabling fast-forward merges through Gitlab?
The only one I can think of (and haven't checked) is that it might require a one-off rebase of beta and sucs-site to tidy up the current history before it would be useful.https://projects.sucs.org/sucssite/sucs-site/-/issues/41Build staus link broken2019-10-02T17:19:59ZChristian George SangerBuild staus link brokenLink on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Link on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Imran Hussainimranh@sucs.orgImran Hussainimranh@sucs.orghttps://projects.sucs.org/sucssite/sucs-site/-/issues/39No links to Slack/Discord2018-11-14T13:26:13ZLaurence Sebastian Boweselbows@sucs.orgNo links to Slack/DiscordThe main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Co...The main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Community.txt)https://projects.sucs.org/sucssite/sucs-site/-/issues/38Notify recipients of bananas2017-10-22T12:59:22ZAndrew PriceNotify recipients of bananashttps://projects.sucs.org/sucssite/sucs-site/-/issues/35Give better feedback to the user when submitting bananas2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgGive better feedback to the user when submitting bananasUse the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.Use the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.https://projects.sucs.org/sucssite/sucs-site/-/issues/34Update components/membershiprenew.php to use the new renew_membership() function2019-10-02T16:25:21ZImran Hussainimranh@sucs.orgUpdate components/membershiprenew.php to use the new renew_membership() functioncomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phpcomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phphttps://projects.sucs.org/sucssite/sucs-site/-/issues/32Colourblind support2017-10-10T17:22:08ZMathew Ian EstienneColourblind supportThe current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yello...The current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yellow.
To check a page, I have been using [this colourblind tester]. The three options I have been using are Protan, Deutan and Tritan.
If any colourblind users want to contribute their eyes, they could help flag particularly troublesome pages for review.
[this colourblind tester]: <http://colorfilter.wickline.org/>
https://projects.sucs.org/sucssite/sucs-site/-/issues/30Desktop on demand is broken and still on display2017-10-10T17:22:08ZOsian SmithDesktop on demand is broken and still on displayThe desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?The desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?https://projects.sucs.org/sucssite/sucs-site/-/issues/28Current Milliways Users list broken2019-05-21T09:13:59ZDom RushbrookCurrent Milliways Users list brokenhttp://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it mig...http://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it might need something changing on the sucssite too.https://projects.sucs.org/sucssite/sucs-site/-/issues/27CSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injection2017-10-10T17:22:08ZChris PiperCSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injectionSUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed o...SUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed out).
Banana awards allow arbitrary html (including script tags onto the page).
PROOF OF WORK:
Tests were done on https://sucs.org/~elbows/sucssite/ . Users with banana privileges who had previously logged on to elbows sucs site (or had it open in another tab), who visited the url http://ninekaku.com/test [update: now offline, see comments] found a nearly empty page. In the background they had automatically awarded a user called "test" -3 bananas and given as the reason javascript url redirection back to the page http://ninekaku.com/test
SUGGESTED FIX:
Randomly generate a token when the page is loaded and make that part of the post request. If the wrong random string is submitted validation fails.
More details on prevention measures for this type of attack. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_SheetFix #27https://projects.sucs.org/sucssite/sucs-site/-/issues/24Loss of WYSIWYG editor on content pages2017-10-10T17:22:08ZTim ClarkLoss of WYSIWYG editor on content pagesFeature regression:
Increases the barrier to entry for editing the site content.Feature regression:
Increases the barrier to entry for editing the site content.https://projects.sucs.org/sucssite/sucs-site/-/issues/21history.sucs.org looks fugly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orghistory.sucs.org looks fuglyBasically the titleBasically the titlehttps://projects.sucs.org/sucssite/sucs-site/-/issues/20Refactor SUCS site PHP code to reduce duplication2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgRefactor SUCS site PHP code to reduce duplicationThe site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. The site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. https://projects.sucs.org/sucssite/sucs-site/-/issues/18Look into CI2019-10-02T16:26:58ZImran Hussainimranh@sucs.orgLook into CII'd be nice if when beta was merged into that it would auto deploy on silver, same with the live branch (sucs-site)
~~Gitlab does CI from the get go in 8 but 8 is buggy atm so we don't want to upgrade.~~~I'd be nice if when beta was merged into that it would auto deploy on silver, same with the live branch (sucs-site)
~~Gitlab does CI from the get go in 8 but 8 is buggy atm so we don't want to upgrade.~~~https://projects.sucs.org/sucssite/sucs-site/-/issues/14No way to test the code/site deterministically2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgNo way to test the code/site deterministicallySo we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs sit...So we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs site provides that should still work.https://projects.sucs.org/sucssite/sucs-site/-/issues/13Find a better way to determine unread mail status2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFind a better way to determine unread mail statusMy current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.My current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.https://projects.sucs.org/sucssite/sucs-site/-/issues/11Web Milliways needs to be added as a git submodule2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgWeb Milliways needs to be added as a git submoduleTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwhttps://projects.sucs.org/sucssite/sucs-site/-/issues/10Standard of documentation varies wildly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgStandard of documentation varies wildlySome parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.Some parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.https://projects.sucs.org/sucssite/sucs-site/-/issues/9Bananas can't be awarded "from" the person who nominated them2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgBananas can't be awarded "from" the person who nominated themCurrently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins t...Currently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins to specify who a banana is from (open to abuse a bit too much?)
Allow banana admins to specify that a banana was from a nomination
Place banana nominations into a queue for admins to approve
see https://projects.sucs.org/projects/sucs-site/ticket/30