diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py
index 92c98922..dd6ba832 100644
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@@ -1206,11 +1206,6 @@ class HttpCli(object):
else:
return self.tx_res(res_path)
- if res_path != undot(res_path):
- t = "malicious user; attempted path traversal; req(%r) vp(%r) => %r"
- self.log(t % (self.req, "/" + self.vpath, res_path), 1)
- self.cbonk(self.conn.hsrv.gmal, self.req, "trav", "path traversal")
-
self.tx_404()
return False
diff --git a/copyparty/web/browser.js b/copyparty/web/browser.js
index e9510474..5f9f082e 100644
--- a/copyparty/web/browser.js
+++ b/copyparty/web/browser.js
@@ -2555,7 +2555,7 @@ var mpl = (function () {
ebi('np_artist').textContent = np.artist || (fns.length > 1 ? fns[0] : '');
ebi('np_title').textContent = np.title || '';
ebi('np_dur').textContent = np['.dur'] || '';
- ebi('np_url').textContent = get_vpath() + np.file.split('?')[0];
+ ebi('np_url').textContent = uricom_dec(get_evpath()) + np.file.split('?')[0];
if (!MOBILE && cover)
ebi('np_img').setAttribute('src', cover);
else
@@ -5972,7 +5972,8 @@ var showfile = (function () {
};
r.mktree = function () {
- var html = ['' + L.tv_lst + '
' + linksplit(get_vpath()).join('/') + ''];
+ var crumbs = linksplit(get_evpath()).join('/'),
+ html = ['' + L.tv_lst + '
' + crumbs + ''];
for (var a = 0; a < r.files.length; a++) {
var file = r.files[a];
html.push('');
+ msg.push(L.u_asku.format(good_files.length, esc(uricom_dec(get_evpath()))) + '');
for (var a = 0, aa = Math.min(20, good_files.length); a < aa; a++)
msg.push('- ' + esc(good_files[a][1]) + '
');
diff --git a/copyparty/web/util.js b/copyparty/web/util.js
index 81f972c3..389593b4 100644
--- a/copyparty/web/util.js
+++ b/copyparty/web/util.js
@@ -857,11 +857,6 @@ function get_evpath() {
}
-function get_vpath() {
- return uricom_dec(get_evpath());
-}
-
-
function noq_href(el) {
return el.getAttribute('href').split('?')[0];
}