1btcxe / wlox-frontend Goto Github PK

See the attached screenshot. Is this a bug in the code?

The forgot form should return an error message if the user does not enter an email (i.e. if he enters his username) so that they don't accidentaly enter their username and get confused.

FD-352

This is a sub-issue from 1btcxe/wlox#1.

From Freshdesk:

[+]Bug : X-Powered-By-Header

The webserver sends the used PHP version in the X-Powered-By header. This leads to some basic info leaks regarding to the system software,You should remove this specific response header.

From FD-759:

Suppose someone used the forget password options of 1btcxe to change his password.Then he will get a token in his email address.Let it call token
1.Now think that he didn't use the token1 and then again used the forget password option.Now he will get another token.Let it call token 2.Now he uses token2.The industry standard procedure is,when someone issues a new token,the old one automatically become expire.But in case of 1btcxe its not happening.Even after the issuance and using of token 2 ,the previous token remains valid for use. I can demonstrate an attack scenario if you want.

Thanks & Regards

Ashish Pathak

Replaces 1btcxe/wlox#7

The + symbol on the Add Crypto Capital account is slightly mis-alligned vertically.

How to add more cryptocurrency?

When buying or selling trying to place multiple limit orders it will be convenient to go straight to the buy and sell page after confirming the order ticket.

When a user places a market order which he is also the best price, the confirmation page shows his best price, but executes the order with the next best price.

My trading bot, after running for just a few minutes, causes the entire system to go non-responsive.. There are obviously some performance issues that need to be fixed.

When filtering on the open orders page by a currency don’t go to default after editing or canceling an order.(F.E)

Why not create a new Bitcoin add

ress ?

Just like a wallet let the user choose the fee he is willing to give for the transaction

The 新闻 link on the footer of the chinese translation links to 新闻新闻.php, triggering a 404 error, but should link to 新闻.php (I think).

From FreshDesk:

Hello there team
This is Shahmeer and i found out about an issue in the Password reset link and the session validation.
To reproduce
Request a password reset link to a sample account
Login after requesting the link
The password reset link that was generated will not be invalidated and you can still use it.
Attack Scenario:
After POST of the victim's email. the attacker requests a password reset link
The victim logs in to change the email but the attacker can still use the link to change the original password
I think this should be timely fixed

On withdrawal give an option drop down menu - No fee (Default), 0.0001, 0.0005 (F.E).