mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 17:12:13 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

avoid deadlocks on windows

Browse source
This commit is contained in:
ed 2022-04-27 22:27:49 +02:00
parent 1bd7e31466
commit 2a1cda42e7
4 changed files with 31 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
copyparty/authsrv.py
View file

@ -11,12 +11,13 @@ import hashlib
import threading import threading
from datetime import datetime from datetime import datetime
from .__init__ import WINDOWS from .__init__ import ANYWIN, WINDOWS
from .util import ( from .util import (
IMPLICATIONS, IMPLICATIONS,
META_NOBOTS, META_NOBOTS,
uncyg, uncyg,
undot, undot,
relchk,
unhumanize, unhumanize,
absreal, absreal,
Pebkac, Pebkac,
@ -335,6 +336,12 @@ class VFS(object):
): ):
# type: (str, str, bool, bool, bool, bool, bool) -> tuple[VFS, str] # type: (str, str, bool, bool, bool, bool, bool) -> tuple[VFS, str]
"""returns [vfsnode,fs_remainder] if user has the requested permissions""" """returns [vfsnode,fs_remainder] if user has the requested permissions"""
if ANYWIN:
mod = relchk(vpath)
if mod:
self.log("vfs", "invalid relpath [{}]".format(vpath))
raise Pebkac(404)
vn, rem = self._find(vpath) vn, rem = self._find(vpath)
c = vn.axs c = vn.axs

6
copyparty/httpcli.py
View file

@ -210,6 +210,11 @@ class HttpCli(object):
self.uparam = uparam self.uparam = uparam
self.cookies = cookies self.cookies = cookies
self.vpath = unquotep(vpath) # not query, so + means + self.vpath = unquotep(vpath) # not query, so + means +
if ANYWIN:
mod = relchk(self.vpath)
if mod:
self.log("invalid relpath [{}]".format(self.vpath))
return self.tx_404() and self.keepalive
pwd = None pwd = None
ba = self.headers.get("authorization") ba = self.headers.get("authorization")
@ -1046,6 +1051,7 @@ class HttpCli(object):
raise Pebkac(500, min_ex()) raise Pebkac(500, min_ex())
vpath = "{}/{}".format(self.vpath, sanitized).lstrip("/") vpath = "{}/{}".format(self.vpath, sanitized).lstrip("/")
self.out_headers["X-New-Dir"] = quotep(sanitized)
self.redirect(vpath) self.redirect(vpath)
return True return True

16
copyparty/util.py
View file

@ -912,6 +912,9 @@ def sanitize_fn(fn, ok, bad):
if "/" not in ok: if "/" not in ok:
fn = fn.replace("\\", "/").split("/")[-1] fn = fn.replace("\\", "/").split("/")[-1]
if fn.lower() in bad:
fn = "_" + fn
if ANYWIN: if ANYWIN:
remap = [ remap = [
["<", ""], ["<", ""],
@ -927,16 +930,23 @@ def sanitize_fn(fn, ok, bad):
for a, b in [x for x in remap if x[0] not in ok]: for a, b in [x for x in remap if x[0] not in ok]:
fn = fn.replace(a, b) fn = fn.replace(a, b)
bad.extend(["con", "prn", "aux", "nul"]) bad = ["con", "prn", "aux", "nul"]
for n in range(1, 10): for n in range(1, 10):
bad += "com{0} lpt{0}".format(n).split(" ") bad += "com{0} lpt{0}".format(n).split(" ")
if fn.lower() in bad: if fn.lower().split(".")[0] in bad:
fn = "_" + fn fn = "_" + fn
return fn.strip() return fn.strip()
def relchk(rp):
if ANYWIN:
p = re.sub(r'[\\:*?"<>|]', "", rp)
if p != rp:
return p
def absreal(fpath): def absreal(fpath):
try: try:
return fsdec(os.path.abspath(os.path.realpath(fsenc(fpath)))) return fsdec(os.path.abspath(os.path.realpath(fsenc(fpath))))

5
copyparty/web/browser.js
View file

@ -4903,7 +4903,10 @@ var msel = (function () {
tb.value = ''; tb.value = '';
clmod(sf, 'vis'); clmod(sf, 'vis');
sf.textContent = ''; sf.textContent = '';
treectl.goto(this.vp + uricom_enc(this.dn) + '/', true);
var dn = this.getResponseHeader('X-New-Dir');
dn = dn || uricom_enc(this.dn);
treectl.goto(this.vp + dn + '/', true);
} }
})(); })();