blog issueshttps://gitlab.torproject.org/tpo/web/blog/-/issues2020-06-27T14:30:12Zhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10022We need a new blogging system2020-06-27T14:30:12ZAndrew LewmanWe need a new blogging systemThe current blogging system is based on Drupal 5 and heavily hacked up to remove lots of surface area for classes of attacks. However, it doesn't work so much years later. The search functionality is broken. Lots of the admin functionali...The current blogging system is based on Drupal 5 and heavily hacked up to remove lots of surface area for classes of attacks. However, it doesn't work so much years later. The search functionality is broken. Lots of the admin functionality is broken as well. I've resorted to using raw SQL queries to manage the system. This is less than optimal.
Options I see are:
1. Do nothing and let the blog further degrade.
2. Migrate to a static blog generator like jekyll.
3. Migrate to modern drupal in the debian repos.
4. Use RedTeam's WordPress system for a more secure wordpress installation.
5. Host it somewhere else and let them worry about it, so long as we can get our data out daily.https://gitlab.torproject.org/tpo/web/blog/-/issues/10440Cross Site Scripting at TorProject Blog2020-06-27T14:30:12ZTracCross Site Scripting at TorProject BlogGET parameter incorrectly filter GET query which allows attackers to execute JavaScript code which is called Cross Site Scripting.
https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,
**Trac**:
**Username...GET parameter incorrectly filter GET query which allows attackers to execute JavaScript code which is called Cross Site Scripting.
https://blog.torproject.org/archive/1%3Cbody%20onload=alert%28666%29%3E/2013/11/,
**Trac**:
**Username**: patryk.bogdan@pentesters.plhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10479Export blog posts from current blog2020-06-27T14:30:12ZAndrew LewmanExport blog posts from current blogExport everything in some sane format for future imports (html vs. markdown?)Export everything in some sane format for future imports (html vs. markdown?)2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/10480Export comments from current blog2020-06-27T14:30:11ZAndrew LewmanExport comments from current blogExport comments from current blog in some sane format and some ability to import the threads, etc. into a new system.Export comments from current blog in some sane format and some ability to import the threads, etc. into a new system.2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13118Design an updated look and feel for the comment system2020-06-27T14:30:11ZAndrew LewmanDesign an updated look and feel for the comment systemDesign an updated look and feel for the comment systemDesign an updated look and feel for the comment system2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13262test blog migration2020-06-27T14:30:11ZAndrew Lewmantest blog migrationTest a migration of the blog to the new jekyll systemTest a migration of the blog to the new jekyll system2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13263test migration of comments to juvia2020-06-27T14:30:11ZAndrew Lewmantest migration of comments to juviaTest a migration of blog comments to juviaTest a migration of blog comments to juvia2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/13264integrate the new jekyll blog into the tor website homepage2020-06-27T14:30:11ZAndrew Lewmanintegrate the new jekyll blog into the tor website homepageintegrate the new jekyll blog into the tor website homepage.
With the new jekyll blog platform, we can integrate the latest posts into the index.wml which creates the home page on the main www.torproject.org site.integrate the new jekyll blog into the tor website homepage.
With the new jekyll blog platform, we can integrate the latest posts into the index.wml which creates the home page on the main www.torproject.org site.2014 Tor Blog Replacementhttps://gitlab.torproject.org/tpo/web/blog/-/issues/15032Make blog.torproject.org mirrorable2021-11-18T03:02:01ZTracMake blog.torproject.org mirrorableThe blog at blog.torproject.org is an essential part of the torproject website that many users may want to visit. Though currently, mirror operators do not (cannot) mirror it due to its dynamic content (commenting capability). I suggest ...The blog at blog.torproject.org is an essential part of the torproject website that many users may want to visit. Though currently, mirror operators do not (cannot) mirror it due to its dynamic content (commenting capability). I suggest that we implement a method of exporting a static copy of the blog that can be mirrored.
**Trac**:
**Username**: martingaleJérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.orghttps://gitlab.torproject.org/tpo/web/blog/-/issues/18773JS errors in Blog2020-12-11T12:58:41ZbugzillaJS errors in BlogWhen loading a blog post:
```
Error: call to eval() blocked by CSP jquery.js:2:0
ReferenceError: $ is not defined drupal.js:205:2
ReferenceError: $ is not defined textarea.js:35:2
```
and
```
Content Security Policy: The page's settings ...When loading a blog post:
```
Error: call to eval() blocked by CSP jquery.js:2:0
ReferenceError: $ is not defined drupal.js:205:2
ReferenceError: $ is not defined textarea.js:35:2
```
and
```
Content Security Policy: The page's settings blocked the loading of a resource at self ("script-src https://blog.torproject.org 'sha256-dOEkAci/oPxf5KnvZSDGW6/1gs5qvj7uG++2KYd+qd4='"). jquery.js:2:0
```https://gitlab.torproject.org/tpo/web/blog/-/issues/20156log.torproject.org is DOWN2020-06-27T14:30:11Zcypherpunkslog.torproject.org is DOWNhttps://gitlab.torproject.org/tpo/web/blog/-/issues/20158Comments on blog posts disappeared2020-06-27T14:30:10ZboklmComments on blog posts disappearedWe can still see them in the admin interface, under the list of published comments, so they are not completely lost, but they don't appear anymore under the blog posts.
Posting new comments is still working.
It could be related to the ...We can still see them in the admin interface, under the list of published comments, so they are not completely lost, but they don't appear anymore under the blog posts.
Posting new comments is still working.
It could be related to the reboot of the server hosting the blog today.https://gitlab.torproject.org/tpo/web/blog/-/issues/22013Migrate blog.tpo2020-06-30T09:19:09ZHiroMigrate blog.tpoThis ticket will be used to track blog.tpo migration to a newer drupal installation.
Here is a list of still open tickets:
[[TicketQuery(status=accepted|assigned|needs_information|needs_review|needs_revision|new|reopened,parent=legacy/t...This ticket will be used to track blog.tpo migration to a newer drupal installation.
Here is a list of still open tickets:
[[TicketQuery(status=accepted|assigned|needs_information|needs_review|needs_revision|new|reopened,parent=legacy/trac#22013,order=priority,format=table,col=status|summary|reporter|priority)]]HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22014Migrate urls so we won't have dead links2020-06-27T14:30:10ZHiroMigrate urls so we won't have dead linksThis task takes care of ensuring that permalinks for migrated posts are maintained.This task takes care of ensuring that permalinks for migrated posts are maintained.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22016Create a calendar widget2020-06-27T14:30:10ZHiroCreate a calendar widgetCreate a calendar widget similar to the existing one (but utilizing more modern Drupal modules). Existing calendar data does not need to be imported.Create a calendar widget similar to the existing one (but utilizing more modern Drupal modules). Existing calendar data does not need to be imported.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22017Provide per-tag comment moderation queues2020-06-27T14:30:10ZHiroProvide per-tag comment moderation queuesProvide per-tag comment moderation queues for the Tor Blog (to be implemented as a Views module override of the default admin panel with exposed filters)Provide per-tag comment moderation queues for the Tor Blog (to be implemented as a Views module override of the default admin panel with exposed filters)HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22018Prevent users from being individually tracked in Drupal’s logs.2020-06-27T14:30:10ZHiroPrevent users from being individually tracked in Drupal’s logs.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22019Integrate a Captcha and Honeypot2020-06-27T14:30:10ZHiroIntegrate a Captcha and HoneypotIntegrate a Captcha and Honeypot for comment forms that does not involve third party services. This will not prevent all spam but will reduce the success of automated spam attacks.Integrate a Captcha and Honeypot for comment forms that does not involve third party services. This will not prevent all spam but will reduce the success of automated spam attacks.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22020Ensure the site renders properly on different devices and browsers versions2020-06-27T14:30:10ZHiroEnsure the site renders properly on different devices and browsers versionsEnsure the site renders properly on different devices, as well as in the latest versions of Safari, Chrome, Firefox, IE and both the alpha and stable releases of The Tor Browser.Ensure the site renders properly on different devices, as well as in the latest versions of Safari, Chrome, Firefox, IE and both the alpha and stable releases of The Tor Browser.HiroHirohttps://gitlab.torproject.org/tpo/web/blog/-/issues/22021Provide an RSS feed of blog posts that is accessible at its previous URL.2020-06-27T14:30:09ZHiroProvide an RSS feed of blog posts that is accessible at its previous URL.HiroHiro