website issueshttps://code.greenhost.net/totem/website/-/issues2023-08-29T13:52:21Zhttps://code.greenhost.net/totem/website/-/issues/96Grant Demid Avramenko from OpenCraft access2023-08-29T13:52:21ZRemie StronksGrant Demid Avramenko from OpenCraft accessHi Geoffrey,
Is there any way you grant Demid access to the open edx source code? They want to start to look at the code coming Thursday.
Email address is: demid@opencraft.com
Thank you
Cheers,
RemieHi Geoffrey,
Is there any way you grant Demid access to the open edx source code? They want to start to look at the code coming Thursday.
Email address is: demid@opencraft.com
Thank you
Cheers,
RemieGeoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/95Show BN in Bangla2023-08-11T12:43:08ZGeoffrey Preud'hommeShow BN in Banglahttps://code.greenhost.net/totem/website/-/issues/94Bangla language not available on https://learn.totem-project.org/courses2023-08-11T16:32:39ZRemie StronksBangla language not available on https://learn.totem-project.org/coursesHi Geoffrey,
On the landing page the Bangla language is available in the drop down menu but not on https://learn.totem-project.org/courses
Can you please add the Bangla language too? If you don't have a translation then you can find it...Hi Geoffrey,
On the landing page the Bangla language is available in the drop down menu but not on https://learn.totem-project.org/courses
Can you please add the Bangla language too? If you don't have a translation then you can find it in transifex.
Also, we would like to see the "BN" shown in Bangla if possible. Same as with Arabic for example.
Thanks!
From the 4th of August until the 14th of August I am on a holiday so you might need to contact Paco via email. If you have extra questions that is.Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/93Connect the version Bangla of "Explore our courses" button to all the courses...2023-08-02T13:19:19ZRemie StronksConnect the version Bangla of "Explore our courses" button to all the courses in Bangla.The button does work in all languages except for Bangla.
It's the buttons below I am talking about.
![Screenshot_from_2023-08-02_14-10-39](/uploads/212523383a7480b78620c1943039a980/Screenshot_from_2023-08-02_14-10-39.png)
![Screensho...The button does work in all languages except for Bangla.
It's the buttons below I am talking about.
![Screenshot_from_2023-08-02_14-10-39](/uploads/212523383a7480b78620c1943039a980/Screenshot_from_2023-08-02_14-10-39.png)
![Screenshot_from_2023-08-02_14-13-23](/uploads/4a164daa70dbc789175a4566df6fee00/Screenshot_from_2023-08-02_14-13-23.png)Remie StronksRemie Stronks2023-08-03https://code.greenhost.net/totem/website/-/issues/92English of web page is in Bangla, please change it back to English2023-07-18T09:46:16ZRemie StronksEnglish of web page is in Bangla, please change it back to EnglishThe Bangla version of the web page needs to be in Bangla. The main page need to remain English. Please change as soon as possible.The Bangla version of the web page needs to be in Bangla. The main page need to remain English. Please change as soon as possible.Geoffrey Preud'hommeGeoffrey Preud'homme2023-07-17https://code.greenhost.net/totem/website/-/issues/90Add Bangla translation we totem webpage2023-07-14T08:33:16ZRemie StronksAdd Bangla translation we totem webpageHi Geoffry,
We have some Bangla translations sitting on transifex. Can you add them to Totem so we have a Bangla version of Totem?
https://app.transifex.com/totem-project/totem-project-website/language/bn/Hi Geoffry,
We have some Bangla translations sitting on transifex. Can you add them to Totem so we have a Bangla version of Totem?
https://app.transifex.com/totem-project/totem-project-website/language/bn/Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/89Update Icon set on website2021-12-09T14:07:12ZSylvain MignotUpdate Icon set on websitehttps://code.greenhost.net/totem/website/-/issues/88GHT2-015 --- Outdated and Vulnerable Nginx Web server2022-02-11T11:40:51ZMaarten de WaardGHT2-015 --- Outdated and Vulnerable Nginx Web server### 4.15 GHT2-015 --- Outdated and Vulnerable Nginx Web server
Vulnerability ID: GHT2-015
Retest status:
Vulnerability type: Outdated Software
Threat level: Low
##### Description: {#description-14 .title-findingsection}
An outdated...### 4.15 GHT2-015 --- Outdated and Vulnerable Nginx Web server
Vulnerability ID: GHT2-015
Retest status:
Vulnerability type: Outdated Software
Threat level: Low
##### Description: {#description-14 .title-findingsection}
An outdated Nginx web server was found that revealed its version number in the banner.
##### Technical description: {#technical-description-14 .title-findingsection}
According to the banner, the server is running Nginx version 1.19.2: ![image](/uploads/756fc9e5fefc73c3fcff1b79e5959995/image.png)
This version is vulnerable to [CVE-2021-23017](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017){.link} which is a security issue in the Nginx resolver.
##### Impact: {#impact-14 .title-findingsection}
* This might allow an attacker who is able to forge UDP packets from the DNS server to cause a 1-byte memory overwrite, resulting in a worker process crash or other problem. Other issues could lead to Denial of Service.
##### Recommendation: {#recommendation-14 .title-findingsection}
* Upgrade to the latest version.
* Have a good update policy implemented.
* Do not display the server name and especially the version number in the banner.https://code.greenhost.net/totem/website/-/issues/87GHT2-009 --- Middleman improper input validation results in XSS2021-12-24T13:15:30ZMaarten de WaardGHT2-009 --- Middleman improper input validation results in XSS### 4.9 GHT2-009 --- Middleman improper input validation results in XSS
Vulnerability ID: GHT2-009
Retest status:
Vulnerability type: XSS
Threat level: Moderate
##### Description: {#description-8 .title-findingsection}
Middleman is...### 4.9 GHT2-009 --- Middleman improper input validation results in XSS
Vulnerability ID: GHT2-009
Retest status:
Vulnerability type: XSS
Threat level: Moderate
##### Description: {#description-8 .title-findingsection}
Middleman is used to generate the totem-project.org website and does not properly validate input, resulting in XSS.
##### Technical description: {#technical-description-8 .title-findingsection}
Adding the payload to the course description:
![image](/uploads/106d2b456ff38dab70aab5977186170e/image.png)
The payload is added: ![image](/uploads/24529631c16b019c70c2891354b9af67/image.png)
When running the rake script (this is a manual process initiated by a highly privileged SSH user) Middleman will be used to generate the new website, which will contain our payload that will redirect everyone that visits totem-project.org to the URL set in the payload (in this case radicallyopensecurity.com):
![image](/uploads/6b0c320daf2e35522e63b7a420a0117c/image.png)
![image](/uploads/384333df26be797b3eda7db787909187/image.png)
Note that the title field allowed dangerous input as well, but the Middleman conversion rejected the payload: ![image](/uploads/f38dfdd5dac4abe8061148db7a31297a/image.png)
##### Impact: {#impact-8 .title-findingsection}
* Users' browsers can be attacked just by running the application. A successful attack could lead to session hijacking, credential theft, or infecting the client's system with malware. Note that the threat level would have been higher if lower privileged users were able to create or modify the course descriptions; at the moment this is however only allowed by staff and admin users.
##### Recommendation: {#recommendation-8 .title-findingsection}
* All user input as well as output to users must be strictly filtered. Within these checks it is necessary to implement filter mechanisms that operate on a white list basis instead of a black list basis. It is recommended that parameters or input fields that can only consist of numerical values are only accepted by the server if they are in fact numeric. All checks have to be performed on the server and not on the client-side. To avoid cross-site scripting it is necessary to substitute special characters like `` [;()”´`,<>/] `` for their HTML equivalents. It is not sufficient to only filter special HTML tags like "script" because cross-site scripting vulnerabilities can be exploited through countless alternatives.
* More information can be found at: https://www.owasp.org/index.php/Cross_Site_Scriptinghttps://code.greenhost.net/totem/website/-/issues/86Update Russian translations from Transifex2021-10-18T13:45:58ZGeoffrey Preud'hommeUpdate Russian translations from TransifexAt @paco's request on https://code.greenhost.net/totem/meta/-/issues/411At @paco's request on https://code.greenhost.net/totem/meta/-/issues/411Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/85Language switcher doesn't work if you came from the website2021-10-12T10:45:24ZMaarten de WaardLanguage switcher doesn't work if you came from the websiteBecause the website sets a cookie on `totem-project.org` level, and the language switcher only sets the cookie on `learn.totem-project.org`, but doesn't remove the one from `totem-project.org`...
Solution:
The language switcher seems ...Because the website sets a cookie on `totem-project.org` level, and the language switcher only sets the cookie on `learn.totem-project.org`, but doesn't remove the one from `totem-project.org`...
Solution:
The language switcher seems to use a `PATCH` call to `/lang_pref/session_language`. Maybe we can do that from the website as well.Maarten de WaardMaarten de Waardhttps://code.greenhost.net/totem/website/-/issues/84Fix pipeline2021-10-06T08:25:34ZMaarten de WaardFix pipelinehttps://code.greenhost.net/totem/website/-/jobs/47139
Something seems to go wrong with certificates. Maybe to do with the recent Let's Encrypt problems. Probably fixed by using a more recent version of the docker container.https://code.greenhost.net/totem/website/-/jobs/47139
Something seems to go wrong with certificates. Maybe to do with the recent Let's Encrypt problems. Probably fixed by using a more recent version of the docker container.Maarten de WaardMaarten de Waardhttps://code.greenhost.net/totem/website/-/issues/83Add Russian translations from Transifex to the website2021-10-20T14:46:52ZPaco MensAdd Russian translations from Transifex to the websiteThey are here:
https://www.transifex.com/totem-project/totem-project-website/language/ru/They are here:
https://www.transifex.com/totem-project/totem-project-website/language/ru/Geoffrey Preud'hommeGeoffrey Preud'homme2021-09-23https://code.greenhost.net/totem/website/-/issues/82Let users opt out of tracking2022-07-13T11:53:57ZGeoffrey Preud'hommeLet users opt out of trackingRequired for GDPR compliance https://matomo.org/faq/general/faq_20000/Required for GDPR compliance https://matomo.org/faq/general/faq_20000/Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/81Update Transifex with changes for privacy policy2021-08-05T12:00:36ZGeoffrey Preud'hommeUpdate Transifex with changes for privacy policyI know I should have done that the other way but not being very fluent with Transifex nor the website yet I did the way I was most confortable with.
Those are the changes that needs to be applied back to Transifex: https://code.greenhos...I know I should have done that the other way but not being very fluent with Transifex nor the website yet I did the way I was most confortable with.
Those are the changes that needs to be applied back to Transifex: https://code.greenhost.net/totem/website/-/merge_requests/67?commit_id=b6d188122e57e85bf67bd790f4b02052f8cd7f34Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/80Upload translations to Transifex for Russian translators2021-06-29T08:45:27ZMaarten de WaardUpload translations to Transifex for Russian translatorsMaarten de WaardMaarten de Waardhttps://code.greenhost.net/totem/website/-/issues/79Add partners' tab/page2022-08-25T09:54:22ZSylvain MignotAdd partners' tab/pagePaco MensPaco Menshttps://code.greenhost.net/totem/website/-/issues/78Include Matomo2021-08-05T12:23:22ZMaarten de WaardInclude MatomoMatomo has a small code snippet that you need to include in the Layout so that it can track the pages.Matomo has a small code snippet that you need to include in the Layout so that it can track the pages.Geoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/77The Totem privacy policy should mention data collection2021-08-03T10:43:10ZMaarten de WaardThe Totem privacy policy should mention data collectionRight now the Totem privacy policy mentions Greenhost's *terms of service*, but it should point to Greenhost's Privacy Policy instead (or maybe both)
Relevant discussion: [1](https://code.greenhost.net/totem/meta/-/issues/380#note_10021...Right now the Totem privacy policy mentions Greenhost's *terms of service*, but it should point to Greenhost's Privacy Policy instead (or maybe both)
Relevant discussion: [1](https://code.greenhost.net/totem/meta/-/issues/380#note_100212) and [2](https://code.greenhost.net/totem/meta/-/issues/380#note_100257)
We need to at least do:
1. [x] Figure out what exactly is necessary
2. [x] Change the English text of the privacy policy
3. [x] Update all the translations.
- [x] fa
- [x] fr
- [x] ar
- [x] esGeoffrey Preud'hommeGeoffrey Preud'hommehttps://code.greenhost.net/totem/website/-/issues/76Forward logged user to their dashboard clicking on "Sign In" button2021-04-29T10:21:08ZGeoffrey Preud'hommeForward logged user to their dashboard clicking on "Sign In" buttonIf the user is already logged-in, the user is asked to log in again, and this never works as the user is already logged in.
It should probably redirect to the dashboard if it is already signed in.If the user is already logged-in, the user is asked to log in again, and this never works as the user is already logged in.
It should probably redirect to the dashboard if it is already signed in.Geoffrey Preud'hommeGeoffrey Preud'homme