copyparty

mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00

Author	SHA1	Message	Date
ed	474d5a155b	android's got hella strict filename rules	2023-08-15 06:46:57 +02:00
ed	afcd98b794	mention some gotchas (thx noktuas)	2023-08-15 03:38:51 +02:00
ed	4f80e44ff7	option to exactly specify browser title prefix	2023-08-15 03:17:01 +02:00
ed	406e413594	hint at additional context in exceptions	2023-08-15 01:42:13 +02:00
ed	033b50ae1b	u2c: exclude files by regex	2023-08-15 00:45:12 +02:00
ed	bee26e853b	show server hostname in html titles: * --doctitle defines most titles, prefixed with "--name: " by default * the file browser is only prefixed with the --name itself * --nth ("no-title-hostname") removes it * also removed by --nih ("no-info-hostname")	2023-08-14 23:50:13 +02:00
ed	04a1f7040e	adjustable timestamp resolution in log messages	2023-08-14 17:22:22 +02:00
ed	f9d5bb3b29	support upload by dragdrop from other browser windows, hello from LO484 https://ocv.me/stuff/aircode.jpg	2023-07-28 21:43:40 +02:00
ed	ca0cd04085	update pkgs to 1.8.8	2023-07-25 16:25:27 +00:00
ed	999ee2e7bc	v1.8.8	2023-07-25 15:50:48 +00:00
ed	1ff7f968e8	fix tls-cert regeneration on windows	2023-07-25 15:27:27 +00:00
ed	3966266207	remember ?edit and trailing-slash during login redirect	2023-07-25 15:14:47 +00:00
ed	d03e96a392	html5 strips the first leading LF in textareas; stop it	2023-07-25 14:16:54 +00:00
ed	4c843c6df9	fix md-editor lastmod cmp when browsercache is belligerent	2023-07-25 14:06:53 +00:00
ed	0896c5295c	range-select fixes: * dont crash when shiftclicking between folders * remember origin when lazyloading more files	2023-07-25 14:06:31 +02:00
ed	cc0c9839eb	update pkgs to 1.8.7	2023-07-23 16:16:49 +00:00
ed	d0aa20e17c	v1.8.7	2023-07-23 15:43:38 +00:00
ed	1a658dedb7	fix infinite playback spin on servers with one single file	2023-07-23 14:52:42 +00:00
ed	8d376b854c	this is the wrong way around	2023-07-23 14:10:23 +00:00
ed	490c16b01d	be even stricter with ?hc	2023-07-23 13:23:52 +00:00
ed	2437a4e864	the CVE-2023-37474 fix was overly strict; loosen	2023-07-23 11:31:11 +00:00
ed	007d948cb9	fix GHSA-f54q-j679-p9hh: reflected-XSS in cookie-setters; it was possible to set cookie values which contained newlines, thus terminating the http header and bleeding into the body. We now disallow control-characters in queries, but still allow them in paths, as copyparty supports filenames containing newlines and other mojibake. The changes in `set_k304` are not necessary in fixing the vulnerability, but makes the behavior more correct.	2023-07-23 10:55:08 +00:00
ed	335fcc8535	update pkgs to 1.8.6	2023-07-21 01:12:55 +00:00
ed	9eaa9904e0	v1.8.6	2023-07-21 00:36:37 +00:00
ed	0778da6c4d	fix GHSA-cw7j-v52w-fp5r: reflected-XSS through /?hc	2023-07-21 00:35:43 +00:00
ed	a1bb10012d	update pkgs to 1.8.4	2023-07-18 08:26:39 +00:00
ed	1441ccee4f	v1.8.4	2023-07-18 07:46:22 +00:00
ed	491803d8b7	update pkgs to 1.8.3	2023-07-16 23:03:30 +00:00
ed	3dcc386b6f	v1.8.3	2023-07-16 22:00:04 +00:00
ed	5aa54d1217	shift/ctrl-click improvements: * always enable shift-click selection in list-view * shift-clicking thumbnails opens in new window by default as expected * enable shift-select in grid-view when multiselect is on * invert select when the same shift-select is made repeatedly	2023-07-16 18:15:56 +00:00
ed	88b876027c	option to range-select files with shift-click; closes #47 also restores the browser-default behavior of opening links in a new tab with CTRL / new window with SHIFT	2023-07-16 14:05:09 +00:00
ed	fcc3aa98fd	add path-traversal scanners	2023-07-16 13:09:31 +00:00
ed	f2f5e266b4	support listing uploader IPs in d2t volumes	2023-07-15 18:50:35 +00:00
ed	e17bf8f325	require the new admin permission for the admin-panel	2023-07-15 18:39:41 +00:00
ed	d19cb32bf3	update pkgs to 1.8.2	2023-07-14 16:05:57 +00:00
ed	85a637af09	v1.8.2	2023-07-14 15:58:39 +00:00
ed	043e3c7dd6	fix traversal vulnerability GHSA-pxfv-7rr3-2qjg: the /.cpr endpoint allowed full access to server filesystem, unless mitigated by prisonparty	2023-07-14 15:55:49 +00:00
ed	8f59afb159	fix another race (unpost): unposting could collide with most other database-related activities, causing one or the other to fail. luckily the unprotected query performed by the unpost API happens to be very cheap, so also the most likely to fail, and would succeed upon a manual reattempt from the UI. even in the worst case scenario, there would be no unrecoverable damage as the next rescan would auto-repair any resulting inconsistencies.	2023-07-14 15:21:14 +00:00
ed	77f1e51444	fix unlikely race (e2tsr): if someone with admin rights refreshes the homepage exactly as the directory indexer decides to `_drop_caches`, the indexer thread would die and the up2k instance would become inoperable... luckily the probability of hitting this by chance is absolutely minimal, and the worst case scenario is having to restart copyparty if this happens immediately after startup; there is no risk of database damage	2023-07-14 15:20:25 +00:00
ed	22fc4bb938	add event-hook for banning users	2023-07-13 22:29:32 +00:00
ed	50c7bba6ea	volflag "nohtml" to never return html or rendered markdown from potentially unsafe volumes	2023-07-13 21:57:52 +00:00
ed	551d99b71b	add permission "a" to show uploader IPs (#45 )	2023-07-12 21:36:55 +00:00
ed	b54b7213a7	more thumbnailer configs available as volflags: --th-convt = convt --th-no-crop = nocrop --th-size = thsize	2023-07-11 22:15:37 +00:00
ed	a14943c8de	update pkgs to 1.8.1	2023-07-07 23:58:16 +00:00
ed	a10cad54fc	v1.8.1	2023-07-07 22:20:01 +00:00
ed	8568b7702a	add pillow10 support + improve text rendering	2023-07-07 22:13:04 +00:00
ed	5d8cb34885	404/403 can be handled with plugins	2023-07-07 21:33:40 +00:00
ed	8d248333e8	dont disable quickedit when hashing passwords interactively	2023-07-07 18:29:30 +00:00
ed	99e2ef7f33	ux: fix tabs clipping in fedora-ff, hackertheme up2k flags	2023-07-07 18:24:58 +00:00
ed	e767230383	very-bad-idea: prefer mpv / streamlink; closes #42	2023-06-28 21:25:40 +00:00

1 2 3 4 5 ...

2594 commits