this fixes a DOM-Based XSS in the recent-uploads page:
it was possible to execute arbitrary javascript by
tricking someone into visiting `/?ru&filter=</script>`
huge thanks to @Ju0x for finding and reporting this!
* nix: allow passing extra packages in PATH
* nix: allow passing extra python packages
I wanted to use
https://github.com/9001/copyparty/blob/hovudstraum/bin/hooks/notify.py
but that wasn't really possible without this under the nix package.
* nix: format all nix files with nixfmt
* nix: reduce redundancy in the package
For readability
* nix: remove unused pyftpdlib import
* nix: put makeWrapper into the correct inputs
* nix: fill out all of meta
* nix: set formatter in flake for nix files
This allows contributors to format their nix changes with the `nix fmt`
command.
* nix: add u2c
* nix: add partyfuse
One downside of the way the nix ecosystem works is that MacFUSE needs to
be installed manually. Luckily the script tells you that already!
* nix: add missing cfssl import
* nix: add flake check that makes sure it builds with all flags
Because sometimes an import might be missing, and if it is an optional
then you'll only figure out that it's broken if you set the flag.
* nix: use correct overlay argument names
Or `nix flake check` will refuse to run the copyparty-full check
* add feature showcase video
Signed-off-by: Adam <134429563+RustoMCSpit@users.noreply.github.com>
* add youtube link too
Signed-off-by: ed <s@ocv.me>
---------
Signed-off-by: Adam <134429563+RustoMCSpit@users.noreply.github.com>
Signed-off-by: ed <s@ocv.me>
Co-authored-by: ed <s@ocv.me>
The version attribute is deprecated, resolves error "the attribute `version` is obsolete, it will be ignored, please remove it to avoid potential confusion" when building with Docker
Signed-off-by: ptweezy <parkerbrayden@gmail.com>
this fixes a DOM-Based XSS when rendering multimedia metadata
assuming the media-indexing option is enabled, a malicious media file
could be uploaded to the server by a privileged user, executing
arbitrary javascript on anyone visiting and viewing the directory
the same vulnerability could also be triggered through an
externally-hosted m3u file, by tricking a user into
clicking a link to load and play this m3u file
huge thanks to @altperfect for finding and reporting this!
Added logic to detect if the user provided an IP address or hostname using the ipaddress module. This ensures correct resolution and mapping behavior based on the input type, improving reliability and correctness in network operations.
togglebutton in the ui switches between 2 (off/default) and
1 (on/quick) confirmations; global-option `--qdel` sets the default
setting `--qdel=0` changes the togglebutton to switch
between 1 (off/default) confirmations and 0 (on)
in other words, when the ui-button is enabled, it
always reduces the number of confirmations by one
