1btcxe / wlox-frontend Goto Github PK
View Code? Open in Web Editor NEWThis project forked from wlox/wlox-frontend
Front end repository for WLOX.
This project forked from wlox/wlox-frontend
Front end repository for WLOX.
From FreshDesk:
Hello there team
This is Shahmeer and i found out about an issue in the Password reset link and the session validation.
To reproduce
Request a password reset link to a sample account
Login after requesting the link
The password reset link that was generated will not be invalidated and you can still use it.
Attack Scenario:
After POST of the victim's email. the attacker requests a password reset link
The victim logs in to change the email but the attacker can still use the link to change the original password
I think this should be timely fixed
The 新闻 link on the footer of the chinese translation links to 新闻新闻.php, triggering a 404 error, but should link to 新闻.php (I think).
When a user places a market order which he is also the best price, the confirmation page shows his best price, but executes the order with the next best price.
From Freshdesk:
[+]Bug : X-Powered-By-Header
The webserver sends the used PHP version in the X-Powered-By header. This leads to some basic info leaks regarding to the system software,You should remove this specific response header.
Just like a wallet let the user choose the fee he is willing to give for the transaction
Replaces 1btcxe/wlox#7
My trading bot, after running for just a few minutes, causes the entire system to go non-responsive.. There are obviously some performance issues that need to be fixed.
From FD-759:
Suppose someone used the forget password options of 1btcxe to change his password.Then he will get a token in his email address.Let it call token
1.Now think that he didn't use the token1 and then again used the forget password option.Now he will get another token.Let it call token 2.Now he uses token2.The industry standard procedure is,when someone issues a new token,the old one automatically become expire.But in case of 1btcxe its not happening.Even after the issuance and using of token 2 ,the previous token remains valid for use. I can demonstrate an attack scenario if you want.
Thanks & Regards
Ashish Pathak
When buying or selling trying to place multiple limit orders it will be convenient to go straight to the buy and sell page after confirming the order ticket.
This is a sub-issue from 1btcxe/wlox#1.
On withdrawal give an option drop down menu - No fee (Default), 0.0001, 0.0005 (F.E).
FD-352
The forgot form should return an error message if the user does not enter an email (i.e. if he enters his username) so that they don't accidentaly enter their username and get confused.
How to add more cryptocurrency?
When filtering on the open orders page by a currency don’t go to default after editing or canceling an order.(F.E)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.