also closes#1053, a PR which inspired this commit heavily
(slightly different approach for flexibility and performance)
Co-authored-by: Dawson Jeane <dawsonmjeane@gmail.com>
uploading a folder named COMPLE:X into exfat on linux would fail
because exfat behaves like windows, rejecting <>:|?*"\/
this would also fail on windows, but then due to
sanitize_fn being overly aggressive
fix this by detecting filesystem traits on startup and
also translating vpath early on windows
turns out reverseproxies keeping the initial Host value is the
far more common case; requiring X-Forwarded-Host is a bad idea
partially reverts ad45de9441
if x-forwarded-for is present, then also require
x-forwarded-host and x-forwarded-proto
avoids displaying subtly-incorrect values on the connect-page
and instead shows blatantly-incorrect values ("example.com")
the headernames x-forwarded-host and x-forwarded-proto can
be configured with global-options xf-host and xf-proto
until now, shares could be created with permissions read/write/delete
(any combination thereof), however the delete option was never fully
implemented and dysfunctional, hence now removed
using vn0/rem0 throughout _handle_rm would almost be sufficient
however the primary concern is ensuring integrity of metadata tables,
and _forget_file expects a dbv rather than the share's vn
responses sent early during request processing (primarily for
invalid requests) would display the username " " rater than "*"
in the controlpanel, in one case leading to user confusion
hooks returning exitcode 0 will:
* run the next hook, if any
* allow the original action, unless successive hook opposes
hooks returning exitcode 100 will:
* abort running successive hooks
* allow the original action
hooks returning anything other than 0 or 100 will:
* abort running successive hooks
* REJECT the original action
zmq can now respond with json; a dict with "rc", "rejectmsg",
"reloc" and so on, just like other hooks replying with json
in case a snakeoil salesman managed to convince your workplace into
purchasing their "internet security solution" which blocks downloads
of certain files according to file extensions -- or, in other words,
smoke and mirrors, with a comforting false sense of security
previously, `xm` hooks would be called with the `txt` property
containing the url-decoded message
now, a new property `body` contains the original unmodified message,
to avoid any ambiguity caused by url-decoding
if any files are selected, the list of files is appended to
the `txt` field as lines, and as `sel` url-parameters in `body`
Co-authored-by: Carson Coder <carson@carsoncoder.com>
adds functionality to allow browsing .cbz directly in the browser, without downloading them and using a separate program. meant for quickly inspecting the contents, less so for reading.
adds two new api calls, ?zls and ?zget, which return a file listing of a zip file and a specific file in the archive, respectively.
uses the zipfile module, so no support for .cbr etc
move copyparty-original code to qrkode.py
stolen/qrcodegen.py can be deleted and replaced with system lib
this is safe and has minimal affect on functionality;
performance will be a tiny bit slower without the vendored copy
Turns the server name into a hyperlink to a spefified URL
Can link back to homepage with `--name-url=/`, controlpanel with
`name-url="/?h"`, or external sites with `name-url="https://foo.bar/"`
possibly fixes an issue someone has been runnning into:
an upload could get stuck on "that chunk is already being written to"
when the server was overloaded enough that connections kept dropping
on Windows and Macos, most filesystems are case-insensitive,
which can lead to dangerous situations
one example is when another program (not copyparty or its UI) wants to
rename a file from `Foo` to `foo`; the program will probably start by
checking if `foo` exists and then delete it, however this would match
`Foo` and confuse the program into deleting the wrong file
fix this by adding a VERY EXPENSIVE detector to prevent this,
by listing the parent folder and checking if the case matches
this check will auto-enable when a case-insensitive FS is detected on
startup, but option `casechk` (global or volflag) can override this
previously, the first selected file became the name of the zip
now, the name will be "sel-foldername", similar to when the whole
folder is downloaded, but with a prefix to indicate it's a subset
