remember url-hash during login from 403

2025-08-17 09:02:15 -06:00 · 2024-05-05 22:37:41 +00:00 · 2024-05-05 22:37:41 +00:00 · f8491970fd
parent da091aec85
commit f8491970fd
3 changed files with 17 additions and 2 deletions
--- a/copyparty/httpcli.py
+++ b/copyparty/httpcli.py
@ -2302,6 +2302,10 @@ class HttpCli(object):
    def handle_login(self) -> bool:
        assert self.parser
        pwd = self.parser.require("cppwd", 64)
+        try:
+            uhash = self.parser.require("uhash", 256)
+        except:
+            uhash = ""
        self.parser.drop()

        self.out_headerlist = [
@ -2314,6 +2318,11 @@ class HttpCli(object):

        dst += self.ourlq()

+        uhash = uhash.lstrip("#")
+        if uhash not in ("", "-"):
+            dst += "&" if "?" in dst else "?"
+            dst += "_=1#" + html_escape(uhash, True, True)
+
        msg = self.get_pwd_cookie(pwd)
        html = self.j2s("msg", h1=msg, h2='<a href="' + dst + '">ack</a>', redir=dst)
        self.reply(html.encode("utf-8"))
@ -4876,8 +4885,11 @@ class HttpCli(object):

                ogh["og:title"] = title

-                zs = '\t<meta property="%s" content="%s">'
-                oghs = [zs % (k, html_escape(str(v))) for k, v in ogh.items()]
+                oghs = [
+                    '\t<meta property="%s" content="%s">'
+                    % (k, html_escape(str(v), True, True))
+                    for k, v in ogh.items()
+                ]
                zs = self.html_head + "\n%s\n" % ("\n".join(oghs),)
                self.html_head = zs.replace("\n\n", "\n")

--- a/copyparty/web/splash.html
+++ b/copyparty/web/splash.html
@ -95,6 +95,7 @@
 			<form method="post" enctype="multipart/form-data" action="{{ r }}/{{ qvpath }}">
 				<input type="hidden" name="act" value="login" />
 				<input type="password" name="cppwd" placeholder=" password" />
+				<input type="hidden" name="uhash" id="uhash" value="x" />
 				<input type="submit" value="Login" />
 				{% if ahttps %}
 				<a id="w" href="{{ ahttps }}">switch to https</a>
--- a/copyparty/web/splash.js
+++ b/copyparty/web/splash.js
@ -66,3 +66,5 @@ if (!ebi('c') && o.offsetTop + o.offsetHeight < window.innerHeight)
 o = ebi('u');
 if (o && /[0-9]+$/.exec(o.innerHTML))
 	o.innerHTML = shumantime(o.innerHTML);
+
+ebi('uhash').value = '' + location.hash;