sucs-site issueshttps://projects.sucs.org/sucssite/sucs-site/-/issues2017-10-10T17:22:08Zhttps://projects.sucs.org/sucssite/sucs-site/-/issues/35Give better feedback to the user when submitting bananas2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgGive better feedback to the user when submitting bananasUse the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.Use the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.https://projects.sucs.org/sucssite/sucs-site/-/issues/32Colourblind support2017-10-10T17:22:08ZMathew Ian EstienneColourblind supportThe current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yello...The current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yellow.
To check a page, I have been using [this colourblind tester]. The three options I have been using are Protan, Deutan and Tritan.
If any colourblind users want to contribute their eyes, they could help flag particularly troublesome pages for review.
[this colourblind tester]: <http://colorfilter.wickline.org/>
https://projects.sucs.org/sucssite/sucs-site/-/issues/30Desktop on demand is broken and still on display2017-10-10T17:22:08ZOsian SmithDesktop on demand is broken and still on displayThe desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?The desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?https://projects.sucs.org/sucssite/sucs-site/-/issues/27CSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injection2017-10-10T17:22:08ZChris PiperCSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injectionSUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed o...SUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed out).
Banana awards allow arbitrary html (including script tags onto the page).
PROOF OF WORK:
Tests were done on https://sucs.org/~elbows/sucssite/ . Users with banana privileges who had previously logged on to elbows sucs site (or had it open in another tab), who visited the url http://ninekaku.com/test [update: now offline, see comments] found a nearly empty page. In the background they had automatically awarded a user called "test" -3 bananas and given as the reason javascript url redirection back to the page http://ninekaku.com/test
SUGGESTED FIX:
Randomly generate a token when the page is loaded and make that part of the post request. If the wrong random string is submitted validation fails.
More details on prevention measures for this type of attack. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_SheetFix #27https://projects.sucs.org/sucssite/sucs-site/-/issues/24Loss of WYSIWYG editor on content pages2017-10-10T17:22:08ZTim ClarkLoss of WYSIWYG editor on content pagesFeature regression:
Increases the barrier to entry for editing the site content.Feature regression:
Increases the barrier to entry for editing the site content.https://projects.sucs.org/sucssite/sucs-site/-/issues/21history.sucs.org looks fugly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orghistory.sucs.org looks fuglyBasically the titleBasically the titlehttps://projects.sucs.org/sucssite/sucs-site/-/issues/20Refactor SUCS site PHP code to reduce duplication2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgRefactor SUCS site PHP code to reduce duplicationThe site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. The site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. https://projects.sucs.org/sucssite/sucs-site/-/issues/14No way to test the code/site deterministically2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgNo way to test the code/site deterministicallySo we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs sit...So we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs site provides that should still work.https://projects.sucs.org/sucssite/sucs-site/-/issues/13Find a better way to determine unread mail status2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFind a better way to determine unread mail statusMy current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.My current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.https://projects.sucs.org/sucssite/sucs-site/-/issues/11Web Milliways needs to be added as a git submodule2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgWeb Milliways needs to be added as a git submoduleTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwhttps://projects.sucs.org/sucssite/sucs-site/-/issues/10Standard of documentation varies wildly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgStandard of documentation varies wildlySome parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.Some parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.https://projects.sucs.org/sucssite/sucs-site/-/issues/9Bananas can't be awarded "from" the person who nominated them2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgBananas can't be awarded "from" the person who nominated themCurrently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins t...Currently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins to specify who a banana is from (open to abuse a bit too much?)
Allow banana admins to specify that a banana was from a nomination
Place banana nominations into a queue for admins to approve
see https://projects.sucs.org/projects/sucs-site/ticket/30https://projects.sucs.org/sucssite/sucs-site/-/issues/8Make WYSIWYG Editor Optional2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgMake WYSIWYG Editor OptionalSee https://projects.sucs.org/projects/sucs-site/ticket/59See https://projects.sucs.org/projects/sucs-site/ticket/59https://projects.sucs.org/sucssite/sucs-site/-/issues/7/Community/Members is (reasonably) uninformative and ugly when not logged in2017-10-10T17:22:08ZImran Hussainimranh@sucs.org/Community/Members is (reasonably) uninformative and ugly when not logged inhttps://projects.sucs.org/projects/sucs-site/ticket/42
Even the present information (links to members with public websites, a blatant attempt at search engine optimisation ;-)) could be better laid out. Perhaps alphabetically clustere...https://projects.sucs.org/projects/sucs-site/ticket/42
Even the present information (links to members with public websites, a blatant attempt at search engine optimisation ;-)) could be better laid out. Perhaps alphabetically clustered?
https://projects.sucs.org/sucssite/sucs-site/-/issues/6Fix the URL system2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFix the URL systemThe URL system is very buggy.
Creating a new post with the following title can screw up the site.
> "test"
or
> it's
We need to either make sure input validation is done everywhere (create a helper function) or change how...The URL system is very buggy.
Creating a new post with the following title can screw up the site.
> "test"
or
> it's
We need to either make sure input validation is done everywhere (create a helper function) or change how we handle URLs so no helper function/input validation is needed.
See:
https://projects.sucs.org/projects/sucs-site/ticket/62
https://projects.sucs.org/projects/sucs-site/ticket/36
I should say without breaking existing URLs, but If an elegant solution comes up then I suppose we can vote on it.https://projects.sucs.org/sucssite/sucs-site/-/issues/4Allow news posts to be automatically posted to social media2017-10-10T17:22:09ZImran Hussainimranh@sucs.orgAllow news posts to be automatically posted to social mediaWhenever someone adds a new post, there should be a tick box or something that allows what's being posted to the society facebook page and/or twitter account.Whenever someone adds a new post, there should be a tick box or something that allows what's being posted to the society facebook page and/or twitter account.https://projects.sucs.org/sucssite/sucs-site/-/issues/3Calendar/Events system2017-10-10T17:22:13ZImran Hussainimranh@sucs.orgCalendar/Events systemWe should add a events / calendar system to the site.We should add a events / calendar system to the site.https://projects.sucs.org/sucssite/sucs-site/-/issues/38Notify recipients of bananas2017-10-22T12:59:22ZAndrew PriceNotify recipients of bananashttps://projects.sucs.org/sucssite/sucs-site/-/issues/39No links to Slack/Discord2018-11-14T13:26:13ZLaurence Sebastian Boweselbows@sucs.orgNo links to Slack/DiscordThe main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Co...The main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Community.txt)https://projects.sucs.org/sucssite/sucs-site/-/issues/28Current Milliways Users list broken2019-05-21T09:13:59ZDom RushbrookCurrent Milliways Users list brokenhttp://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it mig...http://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it might need something changing on the sucssite too.