v1.14.0

2025-08-17 09:02:15 -06:00 · 2024-08-18 23:11:36 +00:00 · 2024-08-18 23:11:36 +00:00 · c4b0cccefd
parent 7c2beba555
commit c4b0cccefd
9 changed files with 63 additions and 16 deletions
--- a/copyparty/version.py
+++ b/copyparty/version.py
@ -1,8 +1,8 @@
 # coding: utf-8
-VERSION = (1, 13, 8)
+VERSION = (1, 14, 0)
-CODENAME = "race the beam"
+CODENAME = "one step forward"
-BUILD_DT = (2024, 8, 13)
+BUILD_DT = (2024, 8, 18)
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -464,6 +464,9 @@ class HttpCli(object):
        zso = self.headers.get("cookie")
        if zso:
            if len(zso) > 8192:
                self.loud_reply("cookie header too big", status=400)
                return False
            zsll = [x.split("=", 1) for x in zso.split(";") if "=" in x]
            cookies = {k.strip(): unescape_cookie(zs) for k, zs in zsll}
            cookie_pw = cookies.get("cppws") or cookies.get("cppwd") or ""
--- a/copyparty/util.py
+++ b/copyparty/util.py
@ -1760,7 +1760,7 @@ def read_header(sr: Unrecv, t_idle: int, t_tot: int) -> list[str]:
        ofs = ret.find(b"\r\n\r\n")
        if ofs < 0:
-            if len(ret) > 1024 * 64:
+            if len(ret) > 1024 * 32:
                raise Pebkac(400, "header 2big")
            else:
                continue
--- a/copyparty/web/splash.html
+++ b/copyparty/web/splash.html
@ -21,7 +21,7 @@
 			<p id="b">howdy stranger &nbsp; <small>(you're not logged in)</small></p>
 		{%- else %}
 			<a id="c" href="{{ r }}/?pw=x" class="logout">logout</a>
-			<p><span id="m">welcome back,</span> <strong>{{ this.uname }}</strong></p>
+			<p><span id="m">welcome back,</span> <strong>{{ this.uname|e }}</strong></p>
 		{%- endif %}
 		{%- if msg %}
--- a/docs/changelog.md
+++ b/docs/changelog.md
@ -1,3 +1,47 @@
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2024-0813-0008  `v1.13.8`  hook into place
 ## new features
 * #86 intentional side-effects from hooks 6c94a63f
  * use hooks (plugins) to conditionally move uploads into another folder depending on filename, extension, uploader ip/name, file contents, ...
  * hooks can create additional files and tell copyparty to index them immediately, or delete an existing file based on some condition
  * only one example so far though, [reloc-by-ext](https://github.com/9001/copyparty/tree/hovudstraum/bin/hooks#before-upload) which was a feature-request to dodge [sharex#3992](https://github.com/ShareX/ShareX/issues/3992)
 * listen on unix-sockets ee9aad82
  * `-i unix:/tmp/party.sock` stops listening on TCP ports entirely, and only listens on that unix-socket
  * can be combined with regular sockets, `-i 127.0.0.1,unix:/tmp/a.sock`
  * kinda buggy for now (need to `--xff-src=any` and doesn't let you set socket-perms yet), will be fixed in next ver
  * makes it 10% faster, but more importantly offers tighter access control behind reverse-proxies
    * inspired by https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
 * up2k stitching:
  * more optimal stitch sizes for max throughput across connections c862ec1b
  * improve fat32 compatibility 373194c3
 * new option `--js-other` to load custom javascript dbd42bc6
  * `--js-browser` affects the filebrowser page, `--js-other` does all the others
  * endless possibilities, such as [adding a login-banner](https://github.com/9001/copyparty/blob/hovudstraum/contrib/plugins/banner.js) which [looks like this](https://github.com/user-attachments/assets/8ae8e087-b209-449c-b08d-74e040f0284b)
 * list detected optional dependencies on startup 3db117d8
  * hopefully reduces the guesswork / jank factor by a tiny bit
 ## bugfixes
 * up2k stitching:
  * put the request headers on a diet so they fit through more reverse-proxies 0da719f4
 * fix deadlock on s390x (IBM mainframes) 250c8c56
 ## other changes
 * add flags to disengage [features](https://github.com/9001/copyparty/tree/hovudstraum#feature-chickenbits) and [dependencies](https://github.com/9001/copyparty/tree/hovudstraum#dependency-chickenbits) in case they cause trouble 72361c99
 * optimizations
  * 6% faster on average d5c9c8eb
  * docker: reduce ram usage 98ffaadf
  * python2: reduce ram usage ebb19818
 * docker: add [portainer howto](https://github.com/9001/copyparty/blob/hovudstraum/docs/examples/docker/portainer.md) e136231c
 * update deps ca001c85
  * pyftpdlib 1.5.10
  * copyparty.exe: python 3.12.5
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2024-0729-2028  `v1.13.6`  not that big
--- a/docs/devnotes.md
+++ b/docs/devnotes.md
@ -1,7 +1,7 @@
 ## devnotes toc
 * top
-* [future plans](#future-plans) - some improvement ideas
+* [future ideas](#future-ideas) - list of dreams which will probably never happen
 * [design](#design)
    * [up2k](#up2k) - quick outline of the up2k protocol
        * [why not tus](#why-not-tus) - I didn't know about [tus](https://tus.io/)
@ -27,9 +27,9 @@
    * [discarded ideas](#discarded-ideas)
-# future plans
+# future ideas
-some improvement ideas
+list of dreams which will probably never happen
 * the JS is a mess -- a ~~preact~~ rewrite would be nice
  * preferably without build dependencies like webpack/babel/node.js, maybe a python thing to assemble js files into main.js