mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

make the 404/403 vagueness optional

Browse source
This commit is contained in:
ed 2021-10-01 19:51:51 +02:00
parent 42bc9115d2
commit 9e10af6885
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
copyparty/__main__.py
View file

@ -378,6 +378,7 @@ def run_argparse(argv, formatter):
ap2.add_argument("--no-dot-ren", action="store_true", help="disallow renaming dotfiles; makes it impossible to make something a dotfile") ap2.add_argument("--no-dot-ren", action="store_true", help="disallow renaming dotfiles; makes it impossible to make something a dotfile")
ap2.add_argument("--no-logues", action="store_true", help="disable rendering .prologue/.epilogue.html into directory listings") ap2.add_argument("--no-logues", action="store_true", help="disable rendering .prologue/.epilogue.html into directory listings")
ap2.add_argument("--no-readme", action="store_true", help="disable rendering readme.md into directory listings") ap2.add_argument("--no-readme", action="store_true", help="disable rendering readme.md into directory listings")
ap2.add_argument("--vague-403", action="store_true", help="send 404 instead of 403 (security through ambiguity, very enterprise)")
ap2 = ap.add_argument_group('logging options') ap2 = ap.add_argument_group('logging options')
ap2.add_argument("-q", action="store_true", help="quiet") ap2.add_argument("-q", action="store_true", help="quiet")

16
copyparty/httpcli.py
View file

@ -389,7 +389,7 @@ class HttpCli(object):
if not self.can_read and not self.can_write and not self.can_get: if not self.can_read and not self.can_write and not self.can_get:
if self.vpath: if self.vpath:
self.log("inaccessible: [{}]".format(self.vpath)) self.log("inaccessible: [{}]".format(self.vpath))
return self.tx_404() return self.tx_404(True)
self.uparam["h"] = False self.uparam["h"] = False
@ -1565,7 +1565,7 @@ class HttpCli(object):
if not self.can_write: if not self.can_write:
if "edit" in self.uparam or "edit2" in self.uparam: if "edit" in self.uparam or "edit2" in self.uparam:
return self.tx_404() return self.tx_404(True)
tpl = "mde" if "edit2" in self.uparam else "md" tpl = "mde" if "edit2" in self.uparam else "md"
html_path = os.path.join(E.mod, "web", "{}.html".format(tpl)) html_path = os.path.join(E.mod, "web", "{}.html".format(tpl))
@ -1667,8 +1667,14 @@ class HttpCli(object):
self.reply(html.encode("utf-8")) self.reply(html.encode("utf-8"))
return True return True
def tx_404(self): def tx_404(self, is_403=False):
if self.args.vague_403:
m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p>or maybe you don\'t have access -- try logging in or <a href="/?h">go home</a></p>' m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p>or maybe you don\'t have access -- try logging in or <a href="/?h">go home</a></p>'
elif is_403:
m = '<h1>403 forbiddena &nbsp;~┻━┻</h1><p>you\'ll have to log in or <a href="/?h">go home</a></p>'
else:
m = '<h1>404 not found &nbsp;┐( ´ -`)┌</h1><p><a href="/?h">go home</a></p>'
html = self.j2("splash", this=self, qvpath=quotep(self.vpath), msg=m) html = self.j2("splash", this=self, qvpath=quotep(self.vpath), msg=m)
self.reply(html.encode("utf-8"), status=404) self.reply(html.encode("utf-8"), status=404)
return True return True
@ -1895,7 +1901,7 @@ class HttpCli(object):
return self.tx_file(abspath) return self.tx_file(abspath)
elif is_dir and not self.can_read and not self.can_write: elif is_dir and not self.can_read and not self.can_write:
return self.tx_404() return self.tx_404(True)
srv_info = [] srv_info = []
@ -2000,7 +2006,7 @@ class HttpCli(object):
return True return True
if not stat.S_ISDIR(st.st_mode): if not stat.S_ISDIR(st.st_mode):
return self.tx_404() return self.tx_404(True)
if "zip" in self.uparam or "tar" in self.uparam: if "zip" in self.uparam or "tar" in self.uparam:
raise Pebkac(403) raise Pebkac(403)