This project forked from thisshri/unchained-torrent
A simple Fopnu link sharing website built using Django Framework (based on Unchained Torrent).
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
It would be nice if it supported the categorization of uploaded/posted files and offer a page that lists the categories. Clicking on one would then show the files that have been given the mentioned category.
It would be nice if that didn't happen. I noticed it happening in the latest version of Pale Moon.
They should be made wider in order to be able to fit the date and any long filenames in one line.
Please give me a list of wanted categories for me to add. Please when giving me this list separated them by newline,
I feel that the footer has gotten too big. It feels bloated on my laptop. Should we reduce some text??
Instead of sending request to server, do search on frontend.
Its not occurring unless I manually do it. When I refresh, the sorting is removed.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickable JavaScript link.
Publish Date: 2019-06-03
URL: CVE-2019-12308
CVSS 3 Score Details (6.1)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12308
Release Date: 2019-06-03
Fix Resolution: 1.11.21,2.1.9,2.2.2
Step up your Open Source Security Game with WhiteSource here
Needs Admin/Mod accounts for removing bad/illegal links such as CP.
I know someone is going to post some CP in here and I need a way to easily remove it.
I tried using a password consisting of all numbers and wasn't able to make an account when doing so, When I used letters and numbers, I was able to do so.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)
Publish Date: 2019-12-02
URL: CVE-2019-19118
CVSS 2 Score Details (6.5)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19118
Release Date: 2019-12-02
Fix Resolution: 2.1.15,2.2.8,3.0
Step up your Open Source Security Game with WhiteSource here
I just added a link and it is showing as the very last entry when sorting in descending order.
Use bootstrap to render HTML. Renders UI much better.
It would be nice if there was a drop down box next to the search box that contains the categories configured on it. Selecting one and entering in a word would then list the files/chat rooms containing the word that was inputted in the specified category.
It would be nice if it could alert the user to a link being already posted if it already is and also prevent external programs from also posting them.
It would be nice if hovering over a link would display images, etc. the user has added to it when posting it (via a Description text box).
subject
Its been a while since the last commit. I hope to see that change soon.
did git pull on server now it throws error
Request Method: | GET
-- | --
http://nulinks.pw/
1.11.20
OperationalError
no such column: files_torrentfile.created_at /usr/lib/python3.6/site-packages/django/db/backends/sqlite3/base.py in execute, line 328 /usr/bin/python3 3.6.8
['/home/kate/nulinks', '/usr/lib/python36.zip', '/usr/lib/python3.6', '/usr/lib/python3.6/lib-dynload', '/home/kate/.local/lib/python3.6/site-packages', '/usr/lib/python3.6/site-packages']
was their something I was suppose to do other then just a pull?
if so please explain with detail.
The main page of nulinks.pw is currently increasing in size when additional links are posted. Please fix it so it stays small.
It would be nice if it would show the filename/chat room name associated with the fopnu URL instead of the entire link.
Please do that so people can donate to the admin of the server if they feel like it.
It should be placed in the top header next to the Home, etc. links with the text used in it stating "Search...".
Please consider doing that so other users of it can report any issues, etc. It should link to https://github.com/Zero3K/nulinks/issues.
Update README to add actual site. Cant find it ^^
Why did you do that? How are people supposed to be able to find a link(s) listed in a separate page when there's a large amount of them?
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.
Publish Date: 2019-08-02
URL: CVE-2019-14232
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14232
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
fopnu:user: links aren't showing up as the name of the directory that is being linked (such as fopnu:user:sqbmnf7qi4imfpwygumq6dmqdqqwmtmzy4ocd5uonjzulruohptq/Zero3K/Downloads/Rudora%20no%20Hihou%20OSV not being named Rudora no Hihou OSV).
Ive added Category Table. Please run these commands when updating code -
python manage.py makemigrations
(When prompted for input, press 1 and enter to put input manually. Then choose default (timezone.now) by pressing enter.)
python manage.py migrate
It would be nice if they were sorted by date in order to make it find new releases of anime episodes, etc.
pip freeze > requirements.txt
So that ppl know which version of Django, other dependencies need to be installed.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.)
Publish Date: 2019-12-18
URL: CVE-2019-19844
CVSS 2 Score Details (5.0)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19844
Release Date: 2019-12-18
Fix Resolution: 1.11.27;2.2.9;3.0.1
Step up your Open Source Security Game with WhiteSource here
subject
I'm getting an error when doing so. The error log is attached.
I don't think there's a point in having it. Please consider getting rid of it.
It would be nice if it was implemented.
Please update the version of it that is mentioned since it has improved beyond that version.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to SQL injection. This could, for example, be exploited via crafted use of "OR 1=1" in a key or index name to return all records, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to the QuerySet.filter() function.
Publish Date: 2019-08-09
URL: CVE-2019-14234
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.djangoproject.com/weblog/2019/aug/01/security-releases/
Release Date: 2019-08-09
Fix Resolution: 2.2.4, 2.1.11, 1.11.23
Step up your Open Source Security Game with WhiteSource here
It would be nice if a user could do that.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.strip_tags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities.
Publish Date: 2019-08-02
URL: CVE-2019-14233
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14233
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
As the title says
The code that mentions unchainedTorrent should be made to mention Nulinks. Also, the folder with that name should be renamed to Nulinks.
Fopnu's site (which is https://www.fopnu.com) should be added to the footer so people can use the links on the site.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission (new in Django 2.1), resulting in display of the entire password hash to those users. This may result in a vulnerability for sites with legacy user accounts using insecure hashes.
Publish Date: 2018-10-02
URL: CVE-2018-16984
CVSS 3 Score Details (4.9)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2018-16984
Release Date: 2018-10-02
Fix Resolution: 2.1.2
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11 before 1.11.22, 2.1 before 2.1.10, and 2.2 before 2.2.3. An HTTP request is not redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings are used, and the proxy connects to Django via HTTPS. In other words, django.http.HttpRequest.scheme has incorrect behavior when a client uses HTTP.
Publish Date: 2019-07-01
URL: CVE-2019-12781
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Change files
Origin: django/django@54d0f5e
Release Date: 2019-07-01
Fix Resolution: Replace or update the following files: tests.py, request.py
Step up your Open Source Security Game with WhiteSource here
It would be nice if you did that since there is really no need for it.
It would be nice if one existed so a user could use a command line program to post a bunch of links at once or use a bot to do so.
Vulnerable Library - Django-1.11.20-py2.py3-none-any.whlA high-level Python Web framework that encourages rapid development and clean, pragmatic design.
Library home page: https://files.pythonhosted.org/packages/8e/1f/20bbc601c442d02cc8d9b25a399a18ef573077e3350acdf5da3743ff7da1/Django-1.11.20-py2.py3-none-any.whl
Path to dependency file: /tmp/ws-scm/nulinks/requirements.txt
Path to vulnerable library: /nulinks/requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 162dfa0790e12b4c6c1e39ef77402594251b2b6e
Vulnerability Details
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences.
Publish Date: 2019-08-02
URL: CVE-2019-14235
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14235
Release Date: 2019-08-02
Fix Resolution: 1.11.23,2.1.11,2.2.4
Step up your Open Source Security Game with WhiteSource here
It has the File: part included in its name when it shouldn't.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
