hubzero / hubzero-cms Goto Github PK
View Code? Open in Web Editor NEWPlatform for Scientific Collaboration
Home Page: https://hubzero.org
License: GNU General Public License v2.0
Platform for Scientific Collaboration
Home Page: https://hubzero.org
License: GNU General Public License v2.0
As the distributions drop support for PHP5, it may become necessary for the application to support PHP7.
Issue
Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information.
Effected Vulnerable
/hubzero/framework/blob/283d21ec5963e613e455db737cccc5503f7d3ac1/src/Config/Tests/Files/Legacy/configuration.php/
Responsive
<?php
// @codeCoverageIgnoreStart
class JConfig
{
var $access = '1';
var $api_server = '1';
var $application_env = 'production';
var $debug_lang = '0';
var $editor = 'ckeditor';
var $error_reporting = 'simple';
var $feed_email = 'author';
var $feed_limit = '10';
var $force_ssl = '1';
var $gzip = '0';
var $helpurl = 'English (GB) - HUBzero help';
var $list_limit = '20';
var $log_path = '/var/www/hub/logs';
var $log_post_data = '0';
var $offset = 'America/Indiana/Indianapolis';
var $sitecode = 'hz';
var $sitename = 'hubzero.org';
var $tmp_path = '/var/www/hub/tmp';
var $dbprefix = 'jos_';
var $dbtype = 'pdo';
var $host = 'localhost';
var $password = 'drowssap';
var $user = 'hubadmin';
var $fromname = 'HUBzero';
var $mailer = 'mail';
var $mailfrom = '[email protected]';
var $sendmail = '/usr/sbin/sendmail';
var $smtphost = 'localhost';
var $long = array('period' => '1440', 'limit' => '10000');
var $session_handler = 'database';
var $solr_client_id = '12b910947122dfab5238b9e728774486';
var $solr_client_secret = '6e291d7c6a9c8859104dd04332f5f07cbb30d6c0';
var $solr_host = 'localhost';
var $solr_password = 'drowssaprlos';
var $solr_port = '2093';
var $solr_username = 'hubzerosolrworker';
Best Regards
@duckoverflow
On a fresh standup (via vagrant, https://github.com/axfelix/hubzero-vagrant), trying to see what API endpoints I can access based on the documentation available from https://localhost/developer/api/endpoint/projects:
Some of the listed endpoints return 404s, e.g.:
https://localhost/projects/list
Is this documentation up to date or is something broken in my standup?
https://hubzero.org/support/ticket/5416
David Lomas (dsl101) 7:57 am 20 Jun 2014
1.2.2 Thu, 19 Jun 2014
Recently updated this hub to fix the email HTML and Newsletter timezone issues - they're all gone, but we're still seeing problems in Group Calendar I'm afraid. I'll try to explain carefully, but it's pretty intricate...
I created 3 test events in a group calendar - here are the names, and you should be able to see what I put in the date / time / timezone fields:
Test1 01:00 UTC
Test2 05:00 UTC+1
Test3 09:00 UTC-5
The first snag here is that the timezone field here is a little confusing for people on daylight saving - in the UK we're normally on UTC, but in the summer we move to UTC+1. So, should I enter UTC or UTC+1?
Having entered them as above, this is what I see in the month view of the calendar:
2a Test1 01:00 UTC
6a Test2 05:00 UTC+1
10a Test3 09:00 UTC-5
I'm presuming those '2a, 6a, 10a' are intended to be the start times (e.g. 2am, 6am, 10am) in my local timezone? In which case, only the first entry is accurate - a 1am UTC event would be 2am for me. The others are wrong - 5am UTC+1 would be 5a for me, and 9am UTC-5 would also be 3p for me. It looks like it is assuming all events are in UTC, and just adding on the 1 hour for my current timezone, which is effectively UTC+1.
When I open up those events, this is the detail view I see:
Test1 01:00 UTC: 1:00 am BST
Test2 05:00 UTC+1: 5:00 am CEST
Test3 09:00 UTC-5: 9:00 am EDT
I don't think any of those are correct:
It's also strange that in the month view I get something approaching my local timezone, but in the detail view I get an (incorrect) version of the timezone for the event.
From the user experience (UX) perspective, launching a tool (e.g., from Dashboard) in the same tab is IMO a bad idea. It breaks/interrupts the flow and does not provide easy and efficient mechanisms of returning to a starting point or hub’s home. Thus, I wanted to suggest implementing the following (small) feature: 1) default behavior for Run Tool should be open in a new tab (trivially implemented by adding relevant flag to corresponding links’ URL code); 2) to enable the ultimate flexibility, allow hub admins to change the default behavior on a tool-by-tool basis (by introducing an additional configuration element in Control Panel and/or via a separate configuration file; e.g., “/etc/hubzero/tools_start.cfg” with key-value pairs “<tool_name>.start_in_new_tab = False”). Part#2 is optional and can be implemented separately at a later time, if needed. But implementing part#1 is quite important from UX perspective and, considering that it’s extremely easy to do, I see no reason for not improving this aspect.
Please let me know what you think and whether you would agree to implement this soon in the upstream.
-Aleks
Allow the HUBzero CMS to interact with a Globus endpoint
https://purr.purdue.edu/support/ticket/1221
Megan Dale (mdale) 3:02 pm 01 Dec 2016
What was the user trying to do?
Show the dates of when files that are added or changed
What did they expect to happen?
The file directory in your project should automatically display the last modified date for each file, and should show you the full version history for that file if you click on the date.
What actually happened?
Sometimes a file directory shows N/A next to a file instead of the modified date. If I click the "Modified" heading at the top of the directory to sort by modified date, any N/A's in the list resolve to actual dates.
https://travis-ci.org/hubzero/hubzero-cms/builds/194885635 supposedly contained the same files as https://travis-ci.org/hubzero/hubzero-cms/builds/194928112
It would be way cool to have a standardized way to represent DOIs on throughout the hub. I've attached an example of a Github-style badge used to communicate the DOI and resolve it when clicked.
Suggested by Hubzero Foundation member, Jack Allen Smith
Would it be possible to label Collections prefixed/suffixed with the owner of the collection to distinguish collections with the same name when browsing/searching collections across the site? Collections named Books, Articles, Conferences, News,... are quite common across multiple users and groups.
https://hubzero.org/services/opensource advertises that
It is now possible to install HUBzero on RedHat Enterprise Linux 6.
but the link provided is to a blank page. Are there in fact yum
packages available, and if not, how can I go about testing HUBzero on a Centos machine? Thanks for any advice!
PlantingScience Request
There is no package listed in packagist.org for hubzero/standards
, found under require-dev
in the composer.json file. Consequently, this causes a composer install
command to fail.
Composer error:
The requested package hubzero/standards could not be found in any version, there may be a typo in the package name.
From ./core
run php bin/composer install
For bugs with fixers: How was the code fixed?
Up-to-date dev
branch
Hello,
Can you please suggest detailed steps for API integration in Hubzero. Also, if you could point me to an example of API integration with Hubzero.
Thanks
Apurv
Allow batch processing of LDAP sync initiated by the CMS in Export to LDAP functionality found on the back-end. This times out for large hubs, such as nanohub.org
Create an interface on the backend to adjust API rate limiting.
The link to development styles and conventions in the contribution guide leads to an empty page.
Make the title of super group pages visible as a horizontal menu - probably below the 'main' menu bar i.e. the one showing Collections, Forum, etc.
From https://hubzero.org/support/ticket/10316:
hzcms is meant for the Debian or Redhat package versions of the CMS.
The manner in which we are distributing the CMS moving forward is a discussion that is happening internally.
It would be my hope to have the Debian and Redhat packages created more frequently so we can rely on them for distributing the code. In that manner, updating would be simply a yum update
. There may be some downsides to that approach that I have not discovered yet, but this is an active conversation in the Hubzero development group.
Allow the default setting in a publication to "post draft" and not as "Publish draft"
Be able to control who can add comments to a wiki page. Do this via roles e.g. give someone the 'trusted editor' role. Ideally, this would work on a group level, rather than across the whole site.
A project TODO item does not get physically deleted upon user's confirmation in the "Permanently delete this item?" dialog box. A brief review of the relevant code ("core/plugins/projects/todo/todo.php") reveals that the call on line 718
if (!$objTD->deleteTodo($this->model->get('id'), $todoid))
does not actually process the user's input in the relevant dialog box (which is the 3rd argument in deleteTodo()
, where the default value of the 3rd parameter (0
) is to not physically delete an item).
Used by PlantingScience to manage students.
Better control over when/how often members are notified of changes/activity in a group.
https://hubzero.org/support/ticket/9267
Dear HUBzero team,
Following my message on Twitter, and your response, I open an issue concerning the fact that all Google HUBzero old links (hubzero.org) are not pointing the new URL (help.hubzero.org)... Maybe you can redirect this ?
Cheers,
Yvan
Storage indicator in a Tool window is expected to display value (bar size) that would match the actual size of the storage used by the tool. However, this does not happen (as can be seen in an image below).
To reproduce, start a tool (e.g., Workspace) and observe the area to the right of Storage (manage) text in the bottom left corner of the tool window. Notice that the bar size does not match the actual storage size displayed as X%.
Question | Answer |
---|---|
HUBzero version | 2.2.15 |
PHP version | 5.6.25 |
OS & version | RHEL 6 |
None
I created a new Debian 8 VM and followed the installation instructions for 2.2.0 at https://help.hubzero.org/documentation/220/installation/debian/install/ .
While it appears that the main CMS installs fine and works, some components do not. Notably, the configuration scripts error and dump a stack trace for Forge, VZ (container system), Maxwell, Workspace, Metrics, Rappture, and submit-server.
I'm guessing this is due to the 2.2.0 docs not reflecting the current state of 2.2.9... I noticed that #70 states that the packages are the official installation and update mechanism, is there a plan to update the installation docs?
Also, considering that Debian 8 only supports PHP 5.6 and that's no longer getting security updates as of Jan 1 2019, I'm guessing that the project will either be providing a backported PHP 7 package, or will be moving to Debian 9 as the supported platform. Is there any sort of timeframe on when that will happen? It's pretty old, but the latest info I've found on the topic is in #63: "We have not yet started work on determining whether Debian 9 will be able to host a complete hubzero environment and it will certainly not install or run on it until that work is begun."
Thanks!
Use-cases:
Currently uses old xprofiles table and other models. Convert to use Relational class / "ORM".
PlantingScience request.
Dear HUBzero team,
I encounter an issue.. Apparently a bug. When creating a new ticket on a fresh HUBzero installation (from 2.1.2.0 VMWare VM OR Dockerized HUBzero,) this ticket seems to be hidden... No opened ticket appears on the myhub/support/tickets URL even on the backend even if we can see on the backend control panel that there is one...
The link on https://github.com/hubzero/hubzero-cms to https://help.hubzero.org/documentation/current/installation is 404'ing as of 2018-07-11.
test issue
Transfer support tickets to GitHUB
If an account is linked to another login method like Facebook, Google, LinkedIn or an institution through Shibboleth, allow the user to disable the login method with a hub password; this should make the account never expire. The rationale is that it minimizes the attack surface of accounts and is less hassle for users (fewer passwords to keep changing). Also, if the other login methods support more secure logins like Google's 2-factor authentication, the hub password login method is a liability. Besides making sense on its own, this feature is needed before we can handle higher security requirements such as hubs with more than limited data sets (HIPAA).
From Pascal.
The landing page of the backend help articles (found in https://{hub}.aws.hubzero.org/administrator/index.php?option=com_help) has an incorrectly sized iframe. If debugging is on, it also has two debugging consoles: one at the bottom of the help-page iframe and one at the bottom of the whole page. The iframe needs to be expanded so users don't have to scroll to see all of the text.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.