sucs-site issueshttps://projects.sucs.org/sucssite/sucs-site/-/issues2020-09-28T11:54:45Zhttps://projects.sucs.org/sucssite/sucs-site/-/issues/43Single quotes lead to missing pieces of MOTD2020-09-28T11:54:45ZThomas LakeSingle quotes lead to missing pieces of MOTDThe HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
...The HTML escaping logic in `components/motd.php` had at least one bug that leads to missing text if single quotes/apostrophes are present in a news post.
Compare [this post](https://sucs.org/News/Community%2520update) to the following:
```
Community update
Greetings to anyone that found this.
It feel free to join the discord the exec team is usually online and it where we do most of our comunication at this point in time.
Other than that we are currently working to make communication more clear
about what we are doing Caleb(kalube) has recently created a new blog site,
over at blogs.sucs.org[2].
We hope to talk to you via the discord in this uncertain time.
----
[1]: https://discord.gg/NxRPqEY
[2]: http://blogs.sucs.org
whizzywig
```https://projects.sucs.org/sucssite/sucs-site/-/issues/42CI/CD & Merges: Enable fast forward merges2021-12-23T12:10:01ZThomas LakeCI/CD & Merges: Enable fast forward mergesCurrently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easi...Currently the correct process for a simple change is:
* Commit to master
* Merge to beta
* Merge from beta to sucs-site
:ballot_box_with_check: Generally good practice
:ballot_box_with_check: Bigger changes can be reviewed in beta easily
:no_entry_sign: Simple changes generate multiple merge commits
Is there any particular downside to enabling fast-forward merges through Gitlab?
The only one I can think of (and haven't checked) is that it might require a one-off rebase of beta and sucs-site to tidy up the current history before it would be useful.https://projects.sucs.org/sucssite/sucs-site/-/issues/41Build staus link broken2019-10-02T17:19:59ZChristian George SangerBuild staus link brokenLink on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Link on to build status broken, goes to non-exsistant sub project sucs/ci/ or at least not visable to me.Imran Hussainimranh@sucs.orgImran Hussainimranh@sucs.orghttps://projects.sucs.org/sucssite/sucs-site/-/issues/40/webmail now 404s2018-11-21T13:27:39ZDom Rushbrook/webmail now 404sWebmail has been moved to https://webmail.sucs.org/ but the old link https://sucs.org/webmail now 404s. It would probably be better for our users if instead it redirected them to the new location.Webmail has been moved to https://webmail.sucs.org/ but the old link https://sucs.org/webmail now 404s. It would probably be better for our users if instead it redirected them to the new location.https://projects.sucs.org/sucssite/sucs-site/-/issues/39No links to Slack/Discord2018-11-14T13:26:13ZLaurence Sebastian Boweselbows@sucs.orgNo links to Slack/DiscordThe main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Co...The main sucs site doesn't have any links to the slack (or the discord).
These should probably be put on the homepage or the Community page
The community page is [here](https://projects.sucs.org/sucssite/sucs-site/blob/master/static/Community.txt)https://projects.sucs.org/sucssite/sucs-site/-/issues/38Notify recipients of bananas2017-10-22T12:59:22ZAndrew PriceNotify recipients of bananashttps://projects.sucs.org/sucssite/sucs-site/-/issues/36Staff list is out of date2017-10-10T17:22:08ZOsian SmithStaff list is out of dateThis is probably a admin job if its in the database otherwise I would be happy fixing itThis is probably a admin job if its in the database otherwise I would be happy fixing ithttps://projects.sucs.org/sucssite/sucs-site/-/issues/35Give better feedback to the user when submitting bananas2017-10-10T17:22:08ZImran Hussainimranh@sucs.orgGive better feedback to the user when submitting bananasUse the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.Use the message message_flash() function when a user submits either a banana nomination or awards bananas saying an action has been taken or not.https://projects.sucs.org/sucssite/sucs-site/-/issues/34Update components/membershiprenew.php to use the new renew_membership() function2019-10-02T16:25:21ZImran Hussainimranh@sucs.orgUpdate components/membershiprenew.php to use the new renew_membership() functioncomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phpcomponents/membershiprenew.php needs to use renew_membership() in lib/member_functions.phphttps://projects.sucs.org/sucssite/sucs-site/-/issues/33SUSignup code can't handle people (student numbers) being in the signup table...2017-12-21T14:44:28ZImran Hussainimranh@sucs.orgSUSignup code can't handle people (student numbers) being in the signup table more than onceSo they became a full member a few years back, got their account deleted now is still a student and has paid via the su and wants to signup again.
The code goes with the assumption that sid (student number) is a primary key in that ta...So they became a full member a few years back, got their account deleted now is still a student and has paid via the su and wants to signup again.
The code goes with the assumption that sid (student number) is a primary key in that table but in reality it's signupid+sid as the primary key.
So when it does a search for them ```$signuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?",array($sid));``` it returns more than one row of data so bits of code like ```$signuptmpresult->fields["sid"] == $sid``` will blow up.
My suggestion would be to write a foreach loop and look for a place where in the feilds activated == NULL and use that.
Of course you have to account for not finding activated == NULL or finding it multiple times etc...
EDIT: all the code you should care about is in components/susignup.php https://projects.sucs.org/sucssite/sucs-site/-/issues/32Colourblind support2017-10-10T17:22:08ZMathew Ian EstienneColourblind supportThe current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yello...The current site has issues with colourblind support, for multiple forms of colourblindness.
For example, dark-orange on orange is used in the top-right of the homepage, which appears to be almost invisible to red-green and blue-yellow.
To check a page, I have been using [this colourblind tester]. The three options I have been using are Protan, Deutan and Tritan.
If any colourblind users want to contribute their eyes, they could help flag particularly troublesome pages for review.
[this colourblind tester]: <http://colorfilter.wickline.org/>
https://projects.sucs.org/sucssite/sucs-site/-/issues/31Societies page needs to be updated or removed2017-10-10T17:22:08ZOsian SmithSocieties page needs to be updated or removedat the moment it says that we are hosting website for Xtreme radio, Waterfront, SUTV and a few other societies where all of those sites have not updated their site in a few years/ dont use it/partly broken/broken completely.
at the moment it says that we are hosting website for Xtreme radio, Waterfront, SUTV and a few other societies where all of those sites have not updated their site in a few years/ dont use it/partly broken/broken completely.
https://projects.sucs.org/sucssite/sucs-site/-/issues/30Desktop on demand is broken and still on display2017-10-10T17:22:08ZOsian SmithDesktop on demand is broken and still on displayThe desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?The desktop on demand broke a while back but I got told by @imranh in freshers that it wasnt going to be fixed, yet its still up - is it worth taking the link down?https://projects.sucs.org/sucssite/sucs-site/-/issues/29Outdated information on the Room section on about2017-10-10T17:22:08ZOsian SmithOutdated information on the Room section on aboutThe site says "The SUCS room is located at the bottom of the Student Union building, approximately halfway along the side facing the back of Fulton House. To unlock the door, members can swipe their student card in the card reader or hol...The site says "The SUCS room is located at the bottom of the Student Union building, approximately halfway along the side facing the back of Fulton House. To unlock the door, members can swipe their student card in the card reader or hold it up to the rfid sensor pad denoted by the black square (both located to the right of our blue door, underneath the window)."
The tab is a faded orange...https://projects.sucs.org/sucssite/sucs-site/-/issues/28Current Milliways Users list broken2019-05-21T09:13:59ZDom RushbrookCurrent Milliways Users list brokenhttp://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it mig...http://sucs.org/Community/Milliways should contain a list of current milliways users. However due to the removal of mw -who it is now garbage.
I've created issue 16 in the mw gitlab as really it's more of a problem with mw but it might need something changing on the sucssite too.https://projects.sucs.org/sucssite/sucs-site/-/issues/27CSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injection2017-10-10T17:22:08ZChris PiperCSRF Vulnerabilities in forms on SUCS site and arbitrary script/html injectionSUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed o...SUMMARY:
Post requests can be submitted automatically in javascript for some forms from any site and are automatically authenticated if the user was logged in at any point in the browser session and has not logged out (or been timed out).
Banana awards allow arbitrary html (including script tags onto the page).
PROOF OF WORK:
Tests were done on https://sucs.org/~elbows/sucssite/ . Users with banana privileges who had previously logged on to elbows sucs site (or had it open in another tab), who visited the url http://ninekaku.com/test [update: now offline, see comments] found a nearly empty page. In the background they had automatically awarded a user called "test" -3 bananas and given as the reason javascript url redirection back to the page http://ninekaku.com/test
SUGGESTED FIX:
Randomly generate a token when the page is loaded and make that part of the post request. If the wrong random string is submitted validation fails.
More details on prevention measures for this type of attack. https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_SheetFix #27https://projects.sucs.org/sucssite/sucs-site/-/issues/26Php72019-10-02T16:26:16ZImran Hussainimranh@sucs.orgPhp79. We expect to ship next Debian release (stretch) only with PHP
7.0, that means that all packages needs to be made compatible
with PHP 7.0. Fortunately the PHP 7.0 is mostly compatible with
properly maintained softwar...9. We expect to ship next Debian release (stretch) only with PHP
7.0, that means that all packages needs to be made compatible
with PHP 7.0. Fortunately the PHP 7.0 is mostly compatible with
properly maintained software. However some extensions has been
deprecated (f.e. mysql) and thus old unmaintained software will
stop working and it will have to be either patched or removed
from stable Debian.https://projects.sucs.org/sucssite/sucs-site/-/issues/25Broken links on the 'projects' page2017-10-10T17:22:08ZLaurence Sebastian Boweselbows@sucs.orgBroken links on the 'projects' pageon this page https://sucs.org/Community/Projects
pybackpack, pymail and sucs-cd are all broken links
consider removing them if the projects are dead (which is my guess)on this page https://sucs.org/Community/Projects
pybackpack, pymail and sucs-cd are all broken links
consider removing them if the projects are dead (which is my guess)https://projects.sucs.org/sucssite/sucs-site/-/issues/24Loss of WYSIWYG editor on content pages2017-10-10T17:22:08ZTim ClarkLoss of WYSIWYG editor on content pagesFeature regression:
Increases the barrier to entry for editing the site content.Feature regression:
Increases the barrier to entry for editing the site content.https://projects.sucs.org/sucssite/sucs-site/-/issues/23Make the in site editor actually save your changes2017-10-10T17:22:08ZTim ClarkMake the in site editor actually save your changesIt doesn't save, just gives the error "Write failed"It doesn't save, just gives the error "Write failed"