sucs-site issueshttps://projects.sucs.org/sucssite/sucs-site/-/issues2017-10-10T17:22:08Zhttps://projects.sucs.org/sucssite/sucs-site/-/issues/35Give better feedback to the user when submitting bananas2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgGive better feedback to the user when submitting bananasUse the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.Use the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.https://projects.sucs.org/sucssite/sucs-site/-/issues/36Staff list is out of date2017-10-10T17:22:08ZOsian SmithStaff list is out of dateThis is probably a admin job if its in the database otherwise I would be happy fixing itThis is probably a admin job if its in the database otherwise I would be happy fixing ithttps://projects.sucs.org/sucssite/sucs-site/-/issues/33SUSignup code can't handle people (student numbers) being in the signup table...2017-12-21T14:44:28ZImran Hussainimranh@sucs.orgSUSignup code can't handle people (student numbers) being in the signup table more than onceSo they became a full member a few years back, got their account deleted now is still a student and has paid via the su and wants to signup again.
The code goes with the assumption that sid (student number) is a primary key in that ta...So they became a full member a few years back, got their account deleted now is still a student and has paid via the su and wants to signup again.
The code goes with the assumption that sid (student number) is a primary key in that table but in reality it's signupid+sid as the primary key.
So when it does a search for them ```$signuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?",array($sid));``` it returns more than one row of data so bits of code like ```$signuptmpresult->fields["sid"] == $sid``` will blow up.
My suggestion would be to write a foreach loop and look for a place where in the feilds activated == NULL and use that.
Of course you have to account for not finding activated == NULL or finding it multiple times etc...
EDIT: all the code you should care about is in components/susignup.php https://projects.sucs.org/sucssite/sucs-site/-/issues/34Update components/membershiprenew.php to use the new renew_membership() function2019-10-02T16:25:21ZImran Hussainimranh@sucs.orgUpdate components/membershiprenew.php to use the new renew_membership() functioncomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phpcomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phphttps://projects.sucs.org/sucssite/sucs-site/-/issues/31Societies page needs to be updated or removed2017-10-10T17:22:08ZOsian SmithSocieties page needs to be updated or removedat the moment it says that we are hosting website for Xtreme radio, Waterfront, SUTV and a few other societies where all of those sites have not updated their site in a few years/ dont use it/partly broken/broken completely.
at the moment it says that we are hosting website for Xtreme radio, Waterfront, SUTV and a few other societies where all of those sites have not updated their site in a few years/ dont use it/partly broken/broken completely.
https://projects.sucs.org/sucssite/sucs-site/-/issues/32Colourblind support2017-10-10T17:22:08ZMathew Ian EstienneColourblind supportThe current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yello...The current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yellow.
To check a page, I have been using [this colourblind tester]. The three options I have been using are Protan, Deutan and Tritan.
If any colourblind users want to contribute their eyes, they could help flag particularly troublesome pages for review.
[this colourblind tester]: <http://colorfilter.wickline.org/>
https://projects.sucs.org/sucssite/sucs-site/-/issues/29Outdated information on the Room section on about2017-10-10T17:22:08ZOsian SmithOutdated information on the Room section on aboutThe site says "The SUCS room is located at the bottom of the Student Union building, approximately halfway along the side facing the back of Fulton House. To unlock the door, members can swipe their student card in the card reader or hol...The site says "The SUCS room is located at the bottom of the Student Union building, approximately halfway along the side facing the back of Fulton House. To unlock the door, members can swipe their student card in the card reader or hold it up to the rfid sensor pad denoted by the black square (both located to the right of our blue door, underneath the window)."
The tab is a faded orange...https://projects.sucs.org/sucssite/sucs-site/-/issues/30Desktop on demand is broken and still on display2017-10-10T17:22:08ZOsian SmithDesktop on demand is broken and still on displayThe desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?The desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?https://projects.sucs.org/sucssite/sucs-site/-/issues/25Broken links on the 'projects' page2017-10-10T17:22:08ZLaurence Sebastian Boweselbows@sucs.orgBroken links on the 'projects' pageon this page https://sucs.org/Community/Projects
pybackpack, pymail and sucs-cd are all broken links
consider removing them if the projects are dead (which is my guess)on this page https://sucs.org/Community/Projects
pybackpack, pymail and sucs-cd are all broken links
consider removing them if the projects are dead (which is my guess)https://projects.sucs.org/sucssite/sucs-site/-/issues/28Current Milliways Users list broken2019-05-21T09:13:59ZDom RushbrookCurrent Milliways Users list brokenhttp://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it mig...http://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it might need something changing on the sucssite too.https://projects.sucs.org/sucssite/sucs-site/-/issues/23Make the in site editor actually save your changes2017-10-10T17:22:08ZTim ClarkMake the in site editor actually save your changesIt doesn't save, just gives the error "Write failed"It doesn't save, just gives the error "Write failed"https://projects.sucs.org/sucssite/sucs-site/-/issues/27CSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injection2017-10-10T17:22:08ZChris PiperCSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injectionSUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed o...SUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed out).
Banana awards allow arbitrary html (including script tags onto the page).
PROOF OF WORK:
Tests were done on https://sucs.org/~elbows/sucssite/ . Users with banana privileges who had previously logged on to elbows sucs site (or had it open in another tab), who visited the url http://ninekaku.com/test [update: now offline, see comments] found a nearly empty page. In the background they had automatically awarded a user called "test" -3 bananas and given as the reason javascript url redirection back to the page http://ninekaku.com/test
SUGGESTED FIX:
Randomly generate a token when the page is loaded and make that part of the post request. If the wrong random string is submitted validation fails.
More details on prevention measures for this type of attack. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_SheetFix #27https://projects.sucs.org/sucssite/sucs-site/-/issues/22Links on the video streaming page are broken2017-10-10T17:22:08ZDom RushbrookLinks on the video streaming page are brokenThe "Click here for instructions" and "FAQ" links on https://sucs.org/Community/Stream/ link to the wrong place and thus present 404 errors.
They add an extra /Community to the url thus "click here" tries to go to:
https://sucs.o...The "Click here for instructions" and "FAQ" links on https://sucs.org/Community/Stream/ link to the wrong place and thus present 404 errors.
They add an extra /Community to the url thus "click here" tries to go to:
https://sucs.org/Community/Community/Stream/External
and "FAQ" tries to go to
https://sucs.org/Community/Community/Stream/FAQ
They should go to https://sucs.org/Community/Stream/External and https://sucs.org/Community/Stream/FAQ respectively.
https://projects.sucs.org/sucssite/sucs-site/-/issues/19Out-dated link on counter strike2017-10-10T17:22:08ZOsian SmithOut-dated link on counter strikehttps://games.sucs.org/auth/https://games.sucs.org/auth/https://projects.sucs.org/sucssite/sucs-site/-/issues/26Php72019-10-02T16:26:16ZImran Hussainimranh@sucs.orgPhp79. We expect to ship next Debian release (stretch) only with PHP
7.0, that means that all packages needs to be made compatible
with PHP 7.0. Fortunately the PHP 7.0 is mostly compatible with
properly maintained softwar...9. We expect to ship next Debian release (stretch) only with PHP
7.0, that means that all packages needs to be made compatible
with PHP 7.0. Fortunately the PHP 7.0 is mostly compatible with
properly maintained software. However some extensions has been
deprecated (f.e. mysql) and thus old unmaintained software will
stop working and it will have to be either patched or removed
from stable Debian.https://projects.sucs.org/sucssite/sucs-site/-/issues/17Non member links to banana page don't work correctlly2017-10-10T17:22:08ZStuart John WatsonNon member links to banana page don't work correctllySpecifically from the recentlly awarded list:
eg stigs_dad links to https://sucs.org/Community/Bananasstigs_dad
instead of https://sucs.org/Community/Bananas/stigs_dad
Leaderboards seem to work just fine thoughSpecifically from the recentlly awarded list:
eg stigs_dad links to https://sucs.org/Community/Bananasstigs_dad
instead of https://sucs.org/Community/Bananas/stigs_dad
Leaderboards seem to work just fine thoughhttps://projects.sucs.org/sucssite/sucs-site/-/issues/24Loss of WYSIWYG editor on content pages2017-10-10T17:22:08ZTim ClarkLoss of WYSIWYG editor on content pagesFeature regression:
Increases the barrier to entry for editing the site content.Feature regression:
Increases the barrier to entry for editing the site content.https://projects.sucs.org/sucssite/sucs-site/-/issues/16Google search is broken2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgGoogle search is brokenThe title.The title.https://projects.sucs.org/sucssite/sucs-site/-/issues/21history.sucs.org looks fugly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orghistory.sucs.org looks fuglyBasically the titleBasically the titlehttps://projects.sucs.org/sucssite/sucs-site/-/issues/15Postcode lookup dead2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgPostcode lookup deadThe uni got rid of their postcode lookup.
We need to find an alternative.The uni got rid of their postcode lookup.
We need to find an alternative.https://projects.sucs.org/sucssite/sucs-site/-/issues/20Refactor SUCS site PHP code to reduce duplication2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgRefactor SUCS site PHP code to reduce duplicationThe site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. The site currently has a lot of code duplicated. Updating it is a pita.
We should start making any code that needs to get called more than once into functions. https://projects.sucs.org/sucssite/sucs-site/-/issues/12ckeditor needs to be added as a git submodule2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgckeditor needs to be added as a git submodulehttps://github.com/ckeditor/ckeditor-releases needs to be under htdocs/js/ckeditorhttps://github.com/ckeditor/ckeditor-releases needs to be under htdocs/js/ckeditorhttps://projects.sucs.org/sucssite/sucs-site/-/issues/18Look into CI2019-10-02T16:26:58ZImran Hussainimranh@sucs.orgLook into CII'd be nice if when beta was merged into that it would auto deploy on silver, same with the live branch (sucs-site)
~~Gitlab does CI from the get go in 8 but 8 is buggy atm so we don't want to upgrade.~~~I'd be nice if when beta was merged into that it would auto deploy on silver, same with the live branch (sucs-site)
~~Gitlab does CI from the get go in 8 but 8 is buggy atm so we don't want to upgrade.~~~https://projects.sucs.org/sucssite/sucs-site/-/issues/5Finder a cleaner, more sustainable way to scrape the SU's site for membership...2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFinder a cleaner, more sustainable way to scrape the SU's site for membership dataWe currently have a somewhat unsustainable (relies on politics) way of getting data from the SUs system as to who is a sucs member.
There's has to be a better way.We currently have a somewhat unsustainable (relies on politics) way of getting data from the SUs system as to who is a sucs member.
There's has to be a better way.https://projects.sucs.org/sucssite/sucs-site/-/issues/14No way to test the code/site deterministically2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgNo way to test the code/site deterministicallySo we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs sit...So we don't really have a way to test the sucs site.
We could look into stuff like https://phpunit.de/ or https://github.com/Jakobo/snaptest to setup some unit testing.
Or even have a wiki page with a list of functions the sucs site provides that should still work.https://projects.sucs.org/sucssite/sucs-site/-/issues/2Script in my home directory2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgScript in my home directoryThe session library calls a script in my home directory.The session library calls a script in my home directory.Imran Hussainimranh@sucs.orgImran Hussainimranh@sucs.orghttps://projects.sucs.org/sucssite/sucs-site/-/issues/13Find a better way to determine unread mail status2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFind a better way to determine unread mail statusMy current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.My current bodge is a shell script that abuses finger.
There are better ways.
There is some commented out code in the session library to do it, but it needs going over.https://projects.sucs.org/sucssite/sucs-site/-/issues/1Test2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgTesthttps://projects.sucs.org/sucssite/sucs-site/-/issues/11Web Milliways needs to be added as a git submodule2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgWeb Milliways needs to be added as a git submoduleTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwTitle says it all.
https://projects.sucs.org/svn/mw/trunk/webclient/ needs to be added to htdocs/mwhttps://projects.sucs.org/sucssite/sucs-site/-/issues/10Standard of documentation varies wildly2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgStandard of documentation varies wildlySome parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.Some parts of the sucs site are very well documented, the signup system ( gj @eclipse ) others, not so much.
We need to go through it all and make sure it's all documented to a certain level.https://projects.sucs.org/sucssite/sucs-site/-/issues/9Bananas can't be awarded "from" the person who nominated them2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgBananas can't be awarded "from" the person who nominated themCurrently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins t...Currently any SUCS member can nominate someone to receive a banana award, but there's no facility for banana admins to easily make this award and have it come from the original member.
Some possible solutions:
Allow banana admins to specify who a banana is from (open to abuse a bit too much?)
Allow banana admins to specify that a banana was from a nomination
Place banana nominations into a queue for admins to approve
see https://projects.sucs.org/projects/sucs-site/ticket/30https://projects.sucs.org/sucssite/sucs-site/-/issues/8Make WYSIWYG Editor Optional2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgMake WYSIWYG Editor OptionalSee https://projects.sucs.org/projects/sucs-site/ticket/59See https://projects.sucs.org/projects/sucs-site/ticket/59https://projects.sucs.org/sucssite/sucs-site/-/issues/7/Community/Members is (reasonably) uninformative and ugly when not logged in2017-10-10T17:22:08ZImran Hussainimranh@sucs.org/Community/Members is (reasonably) uninformative and ugly when not logged inhttps://projects.sucs.org/projects/sucs-site/ticket/42
Even the present information (links to members with public websites, a blatant attempt at search engine optimisation ;-)) could be better laid out. Perhaps alphabetically clustere...https://projects.sucs.org/projects/sucs-site/ticket/42
Even the present information (links to members with public websites, a blatant attempt at search engine optimisation ;-)) could be better laid out. Perhaps alphabetically clustered?
https://projects.sucs.org/sucssite/sucs-site/-/issues/6Fix the URL system2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgFix the URL systemThe URL system is very buggy.
Creating a new post with the following title can screw up the site.
> "test"
or
> it's
We need to either make sure input validation is done everywhere (create a helper function) or change how...The URL system is very buggy.
Creating a new post with the following title can screw up the site.
> "test"
or
> it's
We need to either make sure input validation is done everywhere (create a helper function) or change how we handle URLs so no helper function/input validation is needed.
See:
https://projects.sucs.org/projects/sucs-site/ticket/62
https://projects.sucs.org/projects/sucs-site/ticket/36
I should say without breaking existing URLs, but If an elegant solution comes up then I suppose we can vote on it.https://projects.sucs.org/sucssite/sucs-site/-/issues/4Allow news posts to be automatically posted to social media2017-10-10T17:22:09ZImran Hussainimranh@sucs.orgAllow news posts to be automatically posted to social mediaWhenever someone adds a new post, there should be a tick box or something that allows what's being posted to the society facebook page and/or twitter account.Whenever someone adds a new post, there should be a tick box or something that allows what's being posted to the society facebook page and/or twitter account.https://projects.sucs.org/sucssite/sucs-site/-/issues/3Calendar/Events system2017-10-10T17:22:13ZImran Hussainimranh@sucs.orgCalendar/Events systemWe should add a events / calendar system to the site.We should add a events / calendar system to the site.https://projects.sucs.org/sucssite/sucs-site/-/issues/38Notify recipients of bananas2017-10-22T12:59:22ZAndrew PriceNotify recipients of bananashttps://projects.sucs.org/sucssite/sucs-site/-/issues/39No links to Slack/Discord2018-11-14T13:26:13ZLaurence Sebastian Boweselbows@sucs.orgNo links to Slack/DiscordThe main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Co...The main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Community.txt)https://projects.sucs.org/sucssite/sucs-site/-/issues/40/webmail now 404s2018-11-21T13:27:39ZDom Rushbrook/webmail now 404sWebmail has been moved to https://webmail.sucs.org/ but the old link https://sucs.org/webmail now 404s. It would probably be better for our users if instead it redirected them to the new location.Webmail has been moved to https://webmail.sucs.org/ but the old link https://sucs.org/webmail now 404s. It would probably be better for our users if instead it redirected them to the new location.https://projects.sucs.org/sucssite/sucs-site/-/issues/41Build staus link broken2019-10-02T17:19:59ZChristian George SangerBuild staus link brokenLink on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Link on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Imran Hussainimranh@sucs.orgImran Hussainimranh@sucs.orghttps://projects.sucs.org/sucssite/sucs-site/-/issues/42CI/CD & Merges: Enable fast forward merges2021-12-23T12:10:01ZThomas LakeCI/CD & Merges: Enable fast forward mergesCurrently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easi...Currently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easily
:no_entry_sign: Simple changes generate multiple merge commits
Is there any particular downside to enabling fast-forward merges through Gitlab?
The only one I can think of (and haven't checked) is that it might require a one-off rebase of beta and sucs-site to tidy up the current history before it would be useful.https://projects.sucs.org/sucssite/sucs-site/-/issues/43Single quotes lead to missing pieces of MOTD2020-09-28T11:54:45ZThomas LakeSingle quotes lead to missing pieces of MOTDThe HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
...The HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
```
Community update
Greetings to anyone that found this.
It feel free to join the discord the exec team is usually online and it where we do most of our comunication at this point in time.
Other than that we are currently working to make communication more clear
about what we are doing Caleb(kalube) has recently created a new blog site,
over at blogs.sucs.org[2].
We hope to talk to you via the discord in this uncertain time.
----
[1]: https://discord.gg/NxRPqEY
[2]: http://blogs.sucs.org
whizzywig
```