mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity
2607 commits 4 branches 342 tags 55 MiB
Commit graph

2607 commits

This branch
This branch
All branches
Author SHA1 Message Date
ed 135ece3fbd immediately allow uploading an interrupted and 
deleted incomplete upload to another location
 2023-08-20 19:16:35 +00:00
ed bd3640d256 change to openmetrics 2023-08-20 18:50:14 +00:00
ed fc0405c8f3 add prometheus metrics; closes #49 2023-08-20 17:58:06 +00:00
ed 7df890d964 wget: only allow http/https/ftp/ftps (#50): 
these are all the protocols that are currently supported by wget,
so this has no practical effect aside from making sure we won't
suddenly get file:// support or something (which would be bad)
 2023-08-20 09:47:50 +00:00
ed 8341041857 mdns: option to ignore spec to avoid issues on 
networks where clients have multiple IPs of which some are subnets that
the copyparty server is not
 2023-08-19 21:45:26 +00:00
ed 1b7634932d tar/zip-download: add opus transcoding filter 2023-08-19 19:40:46 +00:00
ed 48a3898aa6 suggest enabling the database on startup 2023-08-16 19:57:19 +00:00
ed 5d13ebb4ac avoid firefox-android quirk(?): 
when repeatedly tapping the next-folder button, occasionally it will
reload the entire page instead of ajax'ing the directory contents.

Navigation happens by simulating a click in the directory sidebar,
so the incorrect behavior matches what would happen if the link to the
folder didn't have its onclick-handler attached, so should probably
double-check if there's some way for that to happen

Issue observed fairly easily in firefox on android, regardless if
copyparty is running locally or on a server in a different country.
Unable to reproduce with android-chrome or desktop-firefox

Could also be due to an addon (dark-reader, noscript, ublock-origin)

anyways, avoiding this by doing the navigation more explicitly
 2023-08-16 19:56:47 +00:00
ed 015b87ee99 performance / cosmetic: 
* js: use .call instead of .bind when possible
* when running without e2d, the message on startup regarding
  unfinished uploads didn't show the correct filesystem path
 2023-08-16 19:32:43 +00:00
ed 0a48acf6be limit each column of the files table to screen width 2023-08-16 03:55:53 +00:00
ed 2b6a3afd38 fix iOS randomly increasing fontsize of some things: 
* links which are wider than the display width
* probably input fields too
 2023-08-16 03:47:19 +00:00
ed 18aa82fb2f make browser resizing smoother / less expensive 2023-08-15 16:55:19 +00:00
ed f5407b2997 docker: persist autogenerated seeds, disable certgen, and 
mention how to run the containers with selinux enabled
* assumes that a /cfg docker volume is provided
 2023-08-15 15:07:33 +00:00
ed 474d5a155b android's got hella strict filename rules 2023-08-15 06:46:57 +02:00
ed afcd98b794 mention some gotchas (thx noktuas) 2023-08-15 03:38:51 +02:00
ed 4f80e44ff7 option to exactly specify browser title prefix 2023-08-15 03:17:01 +02:00
ed 406e413594 hint at additional context in exceptions 2023-08-15 01:42:13 +02:00
ed 033b50ae1b u2c: exclude files by regex 2023-08-15 00:45:12 +02:00
ed bee26e853b show server hostname in html titles: 
* --doctitle defines most titles, prefixed with "--name: " by default
* the file browser is only prefixed with the --name itself
* --nth ("no-title-hostname") removes it
* also removed by --nih ("no-info-hostname")
 2023-08-14 23:50:13 +02:00
ed 04a1f7040e adjustable timestamp resolution in log messages 2023-08-14 17:22:22 +02:00
ed f9d5bb3b29 support upload by dragdrop from other browser windows, 
hello from LO484 https://ocv.me/stuff/aircode.jpg
 2023-07-28 21:43:40 +02:00
ed ca0cd04085 update pkgs to 1.8.8 2023-07-25 16:25:27 +00:00
ed 999ee2e7bc v1.8.8 2023-07-25 15:50:48 +00:00
ed 1ff7f968e8 fix tls-cert regeneration on windows 2023-07-25 15:27:27 +00:00
ed 3966266207 remember ?edit and trailing-slash during login redirect 2023-07-25 15:14:47 +00:00
ed d03e96a392 html5 strips the first leading LF in textareas; stop it 2023-07-25 14:16:54 +00:00
ed 4c843c6df9 fix md-editor lastmod cmp when browsercache is belligerent 2023-07-25 14:06:53 +00:00
ed 0896c5295c range-select fixes: 
* dont crash when shiftclicking between folders
* remember origin when lazyloading more files
 2023-07-25 14:06:31 +02:00
ed cc0c9839eb update pkgs to 1.8.7 2023-07-23 16:16:49 +00:00
ed d0aa20e17c v1.8.7 2023-07-23 15:43:38 +00:00
ed 1a658dedb7 fix infinite playback spin on servers with one single file 2023-07-23 14:52:42 +00:00
ed 8d376b854c this is the wrong way around 2023-07-23 14:10:23 +00:00
ed 490c16b01d be even stricter with ?hc 2023-07-23 13:23:52 +00:00
ed 2437a4e864 the CVE-2023-37474 fix was overly strict; loosen 2023-07-23 11:31:11 +00:00
ed 007d948cb9 fix GHSA-f54q-j679-p9hh: reflected-XSS in cookie-setters; 
it was possible to set cookie values which contained newlines,
thus terminating the http header and bleeding into the body.

We now disallow control-characters in queries,
but still allow them in paths, as copyparty supports
filenames containing newlines and other mojibake.

The changes in `set_k304` are not necessary in fixing the vulnerability,
but makes the behavior more correct.
 2023-07-23 10:55:08 +00:00
ed 335fcc8535 update pkgs to 1.8.6 2023-07-21 01:12:55 +00:00
ed 9eaa9904e0 v1.8.6 2023-07-21 00:36:37 +00:00
ed 0778da6c4d fix GHSA-cw7j-v52w-fp5r: reflected-XSS through /?hc 2023-07-21 00:35:43 +00:00
ed a1bb10012d update pkgs to 1.8.4 2023-07-18 08:26:39 +00:00
ed 1441ccee4f v1.8.4 2023-07-18 07:46:22 +00:00
ed 491803d8b7 update pkgs to 1.8.3 2023-07-16 23:03:30 +00:00
ed 3dcc386b6f v1.8.3 2023-07-16 22:00:04 +00:00
ed 5aa54d1217 shift/ctrl-click improvements: 
* always enable shift-click selection in list-view
* shift-clicking thumbnails opens in new window by default as expected
* enable shift-select in grid-view when multiselect is on
* invert select when the same shift-select is made repeatedly
 2023-07-16 18:15:56 +00:00
ed 88b876027c option to range-select files with shift-click; closes #47 
also restores the browser-default behavior of
opening links in a new tab with CTRL / new window with SHIFT
 2023-07-16 14:05:09 +00:00
ed fcc3aa98fd add path-traversal scanners 2023-07-16 13:09:31 +00:00
ed f2f5e266b4 support listing uploader IPs in d2t volumes 2023-07-15 18:50:35 +00:00
ed e17bf8f325 require the new admin permission for the admin-panel 2023-07-15 18:39:41 +00:00
ed d19cb32bf3 update pkgs to 1.8.2 2023-07-14 16:05:57 +00:00
ed 85a637af09 v1.8.2 2023-07-14 15:58:39 +00:00
ed 043e3c7dd6 fix traversal vulnerability GHSA-pxfv-7rr3-2qjg: 
the /.cpr endpoint allowed full access to server filesystem,
unless mitigated by prisonparty
 2023-07-14 15:55:49 +00:00