On the "Match Contributions" page, if a record is already attached to another LittleSis entry, you shouldn't be able to select it.

Right now a Littlesis entry looks like this on Google:

Deval Patrick - network - LittleSis
littlesis.org/person/34131/Deval_Patrick
Information about Deval Patrick's social, political, and business networks -- from board memberships to campaign contributions, old school ties to government ...

It shouldn't have the boilerplate but look something like this ...

Deval Patrick (Jul 31 '56 - ) - LittleSis
littlesis.org/person/34131/Deval_Patrick
Governor of Massachusetts. After graduating from Milton, Patrick went on to Harvard, the first in his family to attend college ...

In the same way that people can be matched to their contributions, PACs should be as well.

Just noticed I don't have a Help tab on my LS interface, possibly due to having advanced permissions? I think it should still be available even for users with advanced permissions.

Email template: https://github.com/littlesis-org/littlesis/blob/master/apps/frontend/modules/home/templates/_accountcreatereceipt.php

I get access denied when running ~/create-indexes.sh
Mysql2::Error: Access denied for user 'littlesis'@'localhost' (using password: NO)

In the database FEC links currently start with http://images.nictusa.com/
but have changed to: http://docquery.fec.gov/

When signing up to create a new analyst, if the submitted password contains "invalid" characters (such as a dot [.]), the unhelpful message Invalid. Invalid. (sic.) is printed. It should print, "Invalid password." or something equally meaningful, instead.

Also, as a side note, why are there invalid characters or a character limit for a password field in the first place? My understanding is that a secure implementation should salt and hash the submitted password, which would result in a fixed size no matter the input length, and that this operation is orthogonal to the characters submitted, thus making all characters safe to use.

I made a file from a list of form 990 recipients; when I try to use the bulk one-screen add, it fails if I select any of the "create new organization" options. It successfully added entries when I only selected the existing organizations.

It would be awesome if whenever a new source link is submitted to LittleSis, it was automatically submitted to archive.org to be archived in the WayBack Machine at that moment

go to https://littlesis.org/org/2/ExxonMobil/recipients
then click on 'next' and it ties to send you to
https://littlesis.org/littlesis.org:80/org/2/ExxonMobil/recipients/page/2

In the bulk uploader, it would be great to be able to automatically fill all of a certain field with the same information.

For example, if I am adding a 20-member board of directors, if I could just type in "Board member" in the title field once and then check a box to automatically fill "Board member" into ALL the title fields for all the people I am adding.

It would also be nice to be able to automatically check every box in the "Board member?" or "Executive?" fields.

pages linked here:
http://littlesis.org/search?q=dccce
e.g.
http://littlesis.org/org/42842/Dccce_Non-Federal_Account_#6

When reviewing NYS campaign contributions, there is no way to unmatch ones that were incorrectly matched.

Organizations should have an EIN field

Is there a way to do a "backwards" match donations function where you could click a button on a political candidate's page and use OpenSecrets data to make connections to all the people who donated to them?

e.g. http://littlesis.org/org/205537/TC4_Trust
wanted: display
Donation/Grant Recipients
Generation Opportunity

• 3 contributions ⋅ $2.8 million ('10->'12)

the same way that political contributions are combined
e.g. http://littlesis.org/person/28776/George_W_Bush
Donation/Grant Recipients
Mitch McConnell US Senator from Kentucky

• 2 contributions ⋅ $5000 ('12)

edit: fixed login issue. see below.

also possible to provide the Dockerfile for this? I'd like to update it, there's a sphinx index bug on load and I'm trying to track it down.

it says something about creating a file in /log/devlopment.sphinx.log but it doesn't exist.

A tool that would help contributors scrape a LinkedIn profile (possibly including positions, photo, education) would be very helpful.

List name search should be powered by sphinx -- right now it can be hard to find lists if you have the search terms out of order or something.

http://littlesis.org/relationship/view/id/989627
to reproduce: set a position's end date in the future
"had" should be "has"

Product: LittleSis
Download: https://github.com/littlesis-org/littlesis
Vunlerable Version: latest version
Tested Version: latest version
Author: ADLab of Venustech

Advisory Details:
A Cross-Site Scripting (XSS) was discovered in“LittleSis latest version”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in the “log” HTTP GET parameter passed to the “littlesis-master/web/yshout/history/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
http://localhost/.../littlesis-master/web/yshout/history/index.php?log=%27test%27})%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%3E

The search functionality on the list page delivers an error.
From
http://littlesis.org/lists

http://littlesis.org/lists?utf8=%E2%9C%93&q=koch

It was reported that after some users registered, they couldn't log in with their password and had to request a password reset in order to log in.

Some entities contain invalid XML characters that don't get properly escaped or handled causing errors. The .json routes return 500 and the .xml routes return invalid XML.