Task

After completing Issue #1, you should be ready to update this project.

Regarding the website in this project, we require a feature to allow the users to see the number of views
a photo has along with the total number of likes and views a user has acquired throughout the community

The number of likes on a given photo is already implemented to help you

You will have to work on both backend and frontend parts of this project.
So giddy up and start your contribution 😄

Steps

• Clone the repository after forking it
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Rules

We follow FCFS, First Come First Serve

The first three users to claim this Issue gets the chance to work on it
They will each get 2 days to solve the Issue

If a user doesn't respond or solve the Issue
the mentor may unassign them from the Issue and allow another user to work on it.

At the end, we will select the best of three
So keep your modifications clean and meaningful.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only

Task

Similar to how likes feature is implemented, add an option to allow users to comment on a photo
Try to keep your frontend visuals similar to the who-liked container available in an image container.

Layout

On the left side of an image container, we can show who-commented container

You may want to shift the views and likes boxes and add another comments box
Such that you have the following layout for the image-overlay-container

Username                             Time
-----------------------------------------
#Comments |       #Views       |   #Likes
-----------------------------------------
          |                    |
Comments  |                    |    Likes
          |                    |
-----------------------------------------

Format of a comment

Try to use the following format

Username                             Time
Comment...

Steps

• Fork this repository
• Clone the forked repository
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Rules

We follow FCFS, First Come First Serve

The first user to claim this Issue gets the chance to work on it
The assignee gets 2 days to solve the Issue

If a user doesn't respond or solve the Issue the mentor may unassign them from the Issue
and allow another user to work on it.

At the end, we will only select the appropriate PR.
So keep your modifications clean and meaningful.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only

We successfully ran a phishing campaign. Now we have gotten jwt keys for all your users. We demand a gazillion bitcoins, or else we'll leak all your private catpics

POC:

Get any svg image and add the following line in the xml file

<script type="text/javascript">alert("Gotcha")</script>

Now upload the image and go to /api/image/get/[id]

Solution

This can be solved using a CSP header. It has good support over a wide range of browsers.

(Source: MDN Web Docs)

Task

Currently, there isn't any way for a user to reset their password once they have created their account.
Similar to /signup and /login pages, add /resetpassword page to allow the user to reset their password

Use the following input fields

• current password
• new password
• new password (again)

Make sure to include CAPTCHA (currently it is disabled) and all other checks that are being performed in /login
You may add a Reset password link within the profile container on /profile, the one holding username and their avatar

You are requested to not add any additional CSS styles for things that are already available in the current project.
Don't just complete the Issue by polluting code.

Steps

• Fork this repository
• Clone the forked repository
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Rules

We follow FCFS, First Come First Serve

The first user to claim this Issue gets the chance to work on it
The assignee gets 2 days to solve the Issue

If a user doesn't respond or solve the Issue the mentor may unassign them from the Issue
and allow another user to work on it.

At the end, we will only select the appropriate PR.
So keep your modifications clean and meaningful.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only

Task

Looks like there is some issue with the way server handles user data.

Last month, an attacker was able to inject their code into our server and steal our secrets (from secret.py)
Yesterday, they got our server down somehow. We are eagerly waiting for your patch.

Steps

• Fork this repository
• Clone the forked repository
• Find the bug and patch it
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Proof of Concept

It is stated in README.md that you have to provide a POC as well to show that you can exploit the above mentioned Issue
You may ask us where you would like to showcase it, either it be Discord or your PR using proper images

Do not disclose it unless asked or else other contributors can make use of your solution

Rules

We follow FCFS, First Come First Serve for the Pull request
The first user to come up with a valid patch will get their PR merged and thus the points

Needn't to claim

NOTE: this Issue is restricted to the main branch
You are requested to create a Pull request for that branch (main) only

Task

We require an option on the pages that show images - /, /profile, /community
to allow the user to sort images in ascending, descending order of likes, views, time at which the given image was uploaded

Show a dropdown menu to select the field to sort with along with the order to follow - ASC or DESC
You may select any suitable method to present it to the user whether it be a dropdown menu or icons

Steps

• Fork this repository
• Clone the forked repository
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Rules

We follow FCFS, First Come First Serve

The first user to claim this Issue gets the chance to work on it
The assignee gets 2 days to solve the Issue

If a user doesn't respond or solve the Issue
the mentor may unassign them from the Issue
and allow another user to work on it.

At the end, we will only select the appropriate PR.
So keep your modifications clean and meaningful.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only

Task

Hey contributors, the first cybersec issue is here.
The web application doesn't seem safe for private images. We need you to find the bug and patch it.

Steps

• Clone the repository after forking it
• Find the bug and patch it
• Create a PR to the 'main' branch

Rules

This is an open to all issue. So no need to claim it, just making a proper PR would be enough.

We follow FCFS, First Come First Serve

We will give points to the contributor who makes the first valid PR
However, if we aren't satisfied with it we may reject it and consider other PRs.

So keep your modifications clean and meaningful.

Follow README.md to get started.

NOTE: this Issue is restricted to the main branch
You are requested to create a Pull request for that branch (main) only

Certain photo actions (like changing privacy state of a photo) aren't working on non-Chromium browsers. The code tries to read event.path, which doesn't exist.

add a progress bar at the header when the images are loading

did you really think we were amateurs, huh. in any case, you must know that we have got access to your jwt keys, and as supporters of the dog kind, well replace all your cat pics with pics of the best friends known to man
starts laughing maniacally

POC

Nothing much, just change your useragent to {{ config }}, and upload a file > 1MB to trigger the error.

Culprit

This can also be used to access other system info, or upload arbitrary files etc.

Resolves #84

Task

Regarding the website in this project, we would like to show users who liked their photos.
Each photo should have a separate container or a modal to show the users who liked their photo.

Make use of scrollable elements and allow a vertical scrollbar for the same.

Steps

• Clone the repository after forking it
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally.

Rules

We follow FCFS, First Come First Serve
The first user to claim this Issue gets the chance to work on it for a total of 2 days

If they don't respond or solve the Issue within 2 days
the mentor may unassign them from the Issue and allow another user to work on it.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only

Even when the same user sees the image the views increases this can be fixed by changing code so that it only increases when different uses sees it @Mitul16 pls review it.

Task

Another cybersec task is here!

We are taking input from users on our website, is it safe?
Looks as if there is some issue with one of them, recently one of our users got their account hijacked

NOTE: keep your patch private to yourself and only submit the PR if you think it is valid
We won't be responsible if someone else uses your solution to make their own patch out of it

Steps

• Fork this repository
• Clone the forked repository
• Find the bug and patch it
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Proof of Concept

It is stated in README.md that you have to provide a POC as well to show that you can exploit the above mentioned Issue
You may ask us where you would like to showcase it, either it be Discord or your PR using proper images
Do not disclose it as well or else others can make use of it

Rules

We follow FCFS, First Come First Serve for the Pull request
The first user to come up with a valid patch will get their PR merged and thus the points

Needn't to claim

NOTE: this Issue is restricted to the main branch
You are requested to create a Pull request for that branch (main) only

Welcome Contributors!!
This is a warm-up exercise for this project!

Clone this repository and setup the project
You need to attach a screenshot of your profile after you sign up on the website in this project.
Follow README.md to setup this project

EDIT: Contributors are requested to add their GitHub username to CONTRIBUTORS.md
You can then create a Pull Request along with your screenshot as discussed above.
The deadline for this issue will be a week from today.
Since this is an Open for all issue you don't need to claim, just making a PR would suffice.

When a user dislikes a photo and reloads the page the total likes are not reduced.
Also in this case the user is not able to relike again.
Detailed video is attached below.
https://user-images.githubusercontent.com/76401429/136687795-2844bd0d-6e42-4025-8a61-561d2314a1ab.mp4

Task

Regarding the website in this project, we require a feature to allow the users to see Trending photos
throughout the community on Main page.

Steps

• Clone the repository after forking it
• Switch to dev branch
• Implement the feature
• Create a Pull request

For new users, go through README.md for instructions on how to set up this project locally

Rules

We follow FCFS, First Come First Serve

The first user to claim this Issue gets the chance to work on it
The assignee gets 2 days to solve the Issue

If a user doesn't respond or solve the Issue
the mentor may unassign them from the Issue and allow another user to work on it.

At the end, we will select an appropriate PR.
So keep your modifications clean and meaningful.

To claim, simply comment with any of the following terms

• I would like to work on this feature
• May I claim this Issue?
• Claim

NOTE: this Issue is restricted to the dev branch
You are requested to create a Pull request for that branch (dev) only