v1.9.2

by running dompurify after marked.parse if plugins are not enabled;
adds no protection against the more practical approach of just
putting a malicious <script> in an html file and uploading that,
but one footgun less is one less footgun

README.md

@@ -1599,6 +1599,7 @@ some notes on hardening
 * set `--rproxy 0` if your copyparty is directly facing the internet (not through a reverse-proxy)
   * cors doesn't work right otherwise
 * if you allow anonymous uploads or otherwise don't trust the contents of a volume, you can prevent XSS with volflag `nohtml`
+  * this returns html documents as plaintext, and also disables markdown rendering
 
 safety profiles:
 
@@ -1612,9 +1613,9 @@ safety profiles:
   * `--unpost 0`, `--no-del`, `--no-mv` disables all move/delete support
   * `--hardlink` creates hardlinks instead of symlinks when deduplicating uploads, which is less maintenance
     * however note if you edit one file it will also affect the other copies
-  * `--vague-401` returns a "404 not found" instead of "401 unauthorized" which is a common enterprise meme
+  * `--vague-403` returns a "404 not found" instead of "401 unauthorized" which is a common enterprise meme
   * `--ban-404=50,60,1440` ban client for 1440min (24h) if they hit 50 404's in 60min
-    * **NB:** will ban anyone who enables up2k turbo
+    * `--turbo=-1` to force-disable turbo-mode in the uploader which could otherwise hit the 404-ban
   * `--nih` removes the server hostname from directory listings
 
 * option `-sss` is a shortcut for the above plus:
@@ -1636,10 +1637,12 @@ other misc notes:
 behavior that might be unexpected
 
 * users without read-access to a folder can still see the `.prologue.html` / `.epilogue.html` / `README.md` contents, for the purpose of showing a description on how to use the uploader for example
-* users can submit `<script>`s which autorun for other visitors in a few ways;
+* users can submit `<script>`s which autorun (in a sandbox) for other visitors in a few ways;
   * uploading a `README.md` -- avoid with `--no-readme`
   * renaming `some.html` to `.epilogue.html` -- avoid with either `--no-logues` or `--no-dot-ren`
-  * the directory-listing embed is sandboxed (so any malicious scripts can't do any damage) but the markdown editor is not
+  * the directory-listing embed is sandboxed (so any malicious scripts can't do any damage) but the markdown editor is not 100% safe, see below
+* markdown documents can contain html and `<script>`s; attempts are made to prevent scripts from executing (unless `-emp` is specified) but this is not 100% bulletproof, so setting the `nohtml` volflag is still the safest choice
+  * or eliminate the problem entirely by only giving write-access to trustworthy people :^)
 
 
 ## cors

bin/u2c.py

@@ -40,7 +40,7 @@ except:
 
 try:
     import requests
-except ImportError:
+except ImportError as ex:
     if EXE:
         raise
     elif sys.version_info > (2, 7):
@@ -51,7 +51,7 @@ except ImportError:
         m = "\n  ERROR: need these:\n" + "\n".join(m) + "\n"
         m += "\n  for f in *.whl; do unzip $f; done; rm -r *.dist-info\n"
 
-    print(m.format(sys.executable))
+    print(m.format(sys.executable), "\nspecifically,", ex)
     sys.exit(1)
 
 

contrib/nginx/copyparty.conf

@@ -34,6 +34,8 @@ server {
 		proxy_set_header   Host              $host;
 		proxy_set_header   X-Real-IP         $remote_addr;
 		proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+		# NOTE: with cloudflare you want this instead:
+		#proxy_set_header   X-Forwarded-For   $http_cf_connecting_ip;
 		proxy_set_header   X-Forwarded-Proto $scheme;
 		proxy_set_header   Connection        "Keep-Alive";
 	}

contrib/package/arch/PKGBUILD

@@ -1,6 +1,6 @@
 # Maintainer: icxes <dev.null@need.moe>
 pkgname=copyparty
-pkgver="1.9.0"
+pkgver="1.9.1"
 pkgrel=1
 pkgdesc="Portable file sharing hub"
 arch=("any")
@@ -20,7 +20,7 @@ optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tag
 )
 source=("https://github.com/9001/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.gz")
 backup=("etc/${pkgname}.d/init" )
-sha256sums=("3fdeef995e2dd24d255122a7308f468d5caf04db13c0e14435ce5a52e1d4f3b2")
+sha256sums=("95466e2fdc172ce4bc98cbbaec44ce32a9851d15b4eb0f32ad6bf98ed89fbf14")
 
 build() {
     cd "${srcdir}/${pkgname}-${pkgver}"

contrib/package/nix/copyparty/pin.json

@@ -1,5 +1,5 @@
 {
-    "url": "https://github.com/9001/copyparty/releases/download/v1.9.0/copyparty-sfx.py",
-    "version": "1.9.0",
-    "hash": "sha256-rbOw+i6rh0263YkvmZq5ASvCvM57JpaztHVRndaC9W4="
+    "url": "https://github.com/9001/copyparty/releases/download/v1.9.1/copyparty-sfx.py",
+    "version": "1.9.1",
+    "hash": "sha256-dhFc3sjRIF0ZEmQO09OEvLpDyb5ugwaaIvVKJYHfQFQ="
 }

copyparty/__main__.py

@@ -815,7 +815,7 @@ def add_upload(ap):
     ap2.add_argument("--magic", action="store_true", help="enable filetype detection on nameless uploads (volflag=magic)")
     ap2.add_argument("--df", metavar="GiB", type=float, default=0, help="ensure GiB free disk space by rejecting upload requests")
     ap2.add_argument("--sparse", metavar="MiB", type=int, default=4, help="windows-only: minimum size of incoming uploads through up2k before they are made into sparse files")
-    ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; [\033[32m0\033[0m] = off and warn if enabled, [\033[32m1\033[0m] = off, [\033[32m2\033[0m] = on, [\033[32m3\033[0m] = on and disable datecheck")
+    ap2.add_argument("--turbo", metavar="LVL", type=int, default=0, help="configure turbo-mode in up2k client; [\033[32m-1\033[0m] = forbidden/always-off, [\033[32m0\033[0m] = default-off and warn if enabled, [\033[32m1\033[0m] = default-off, [\033[32m2\033[0m] = on, [\033[32m3\033[0m] = on and disable datecheck")
     ap2.add_argument("--u2sort", metavar="TXT", type=u, default="s", help="upload order; [\033[32ms\033[0m]=smallest-first, [\033[32mn\033[0m]=alphabetical, [\033[32mfs\033[0m]=force-s, [\033[32mfn\033[0m]=force-n -- alphabetical is a bit slower on fiber/LAN but makes it easier to eyeball if everything went fine")
     ap2.add_argument("--write-uplog", action="store_true", help="write POST reports to textfiles in working-directory")
 
@@ -959,7 +959,7 @@ def add_hooks(ap):
     ap2.add_argument("--xbd", metavar="CMD", type=u, action="append", help="execute CMD before a file delete")
     ap2.add_argument("--xad", metavar="CMD", type=u, action="append", help="execute CMD after  a file delete")
     ap2.add_argument("--xm", metavar="CMD", type=u, action="append", help="execute CMD on message")
-    ap2.add_argument("--xban", metavar="CMD", type=u, action="append", help="execute CMD if someone gets banned (pw/404)")
+    ap2.add_argument("--xban", metavar="CMD", type=u, action="append", help="execute CMD if someone gets banned (pw/404/403/url)")
 
 
 def add_stats(ap):
@@ -995,7 +995,7 @@ def add_optouts(ap):
 def add_safety(ap):
     ap2 = ap.add_argument_group('safety options')
     ap2.add_argument("-s", action="count", default=0, help="increase safety: Disable thumbnails / potentially dangerous software (ffmpeg/pillow/vips), hide partial uploads, avoid crawlers.\n └─Alias of\033[32m --dotpart --no-thumb --no-mtag-ff --no-robots --force-js")
-    ap2.add_argument("-ss", action="store_true", help="further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s.\n └─Alias of\033[32m -s --unpost=0 --no-del --no-mv --hardlink --vague-403 --ban-404=50,60,1440 -nih")
+    ap2.add_argument("-ss", action="store_true", help="further increase safety: Prevent js-injection, accidental move/delete, broken symlinks, webdav, 404 on 403, ban on excessive 404s.\n └─Alias of\033[32m -s --unpost=0 --no-del --no-mv --hardlink --vague-403 --ban-404=50,60,1440 --turbo=-1 -nih")
     ap2.add_argument("-sss", action="store_true", help="further increase safety: Enable logging to disk, scan for dangerous symlinks.\n └─Alias of\033[32m -ss --no-dav --no-logues --no-readme -lo=cpp-%%Y-%%m%%d-%%H%%M%%S.txt.xz --ls=**,*,ln,p,r")
     ap2.add_argument("--ls", metavar="U[,V[,F]]", type=u, help="do a sanity/safety check of all volumes on startup; arguments \033[33mUSER\033[0m,\033[33mVOL\033[0m,\033[33mFLAGS\033[0m; example [\033[32m**,*,ln,p,r\033[0m]")
     ap2.add_argument("--xvol", action="store_true", help="never follow symlinks leaving the volume root, unless the link is into another volume where the user has similar access (volflag=xvol)")
@@ -1010,6 +1010,11 @@ def add_safety(ap):
     ap2.add_argument("--logout", metavar="H", type=float, default="8086", help="logout clients after H hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
     ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
     ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="no", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (disabled by default since turbo-up2k counts as 404s)")
+    ap2.add_argument("--ban-403", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m 403's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week, [\033[32m43200\033[0m]=month")
+    ap2.add_argument("--ban-422", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m 422's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (422 is server fuzzing, invalid POSTs and so)")
+    ap2.add_argument("--ban-url", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m sus URL's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (decent replacement for --ban-404 if that can't be used)")
+    ap2.add_argument("--sus-urls", metavar="REGEX", type=u, default=r"\.php$|(^|/)wp-(admin|content|includes)/", help="URLs which are considered sus / eligible for banning; disable with blank or [\033[32mno\033[0m]")
+    ap2.add_argument("--nonsus-urls", metavar="REGEX", type=u, default=r"^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known", help="harmless URLs ignored from 404-bans; disable with blank or [\033[32mno\033[0m]")
     ap2.add_argument("--aclose", metavar="MIN", type=int, default=10, help="if a client maxes out the server connection limit, downgrade it from connection:keep-alive to connection:close for MIN minutes (and also kill its active connections) -- disable with 0")
     ap2.add_argument("--loris", metavar="B", type=int, default=60, help="if a client maxes out the server connection limit without sending headers, ban it for B minutes; disable with [\033[32m0\033[0m]")
     ap2.add_argument("--acao", metavar="V[,V]", type=u, default="*", help="Access-Control-Allow-Origin; list of origins (domains/IPs without port) to accept requests from; [\033[32mhttps://1.2.3.4\033[0m]. Default [\033[32m*\033[0m] allows requests from all sites but removes cookies and http-auth; only ?pw=hunter2 survives")
@@ -1150,7 +1155,7 @@ def add_ui(ap, retry):
     ap2.add_argument("--doctitle", metavar="TXT", type=u, default="copyparty @ --name", help="title / service-name to show in html documents")
     ap2.add_argument("--bname", metavar="TXT", type=u, default="--name", help="server name (displayed in filebrowser document title)")
     ap2.add_argument("--pb-url", metavar="URL", type=u, default="https://github.com/9001/copyparty", help="powered-by link; disable with -np")
-    ap2.add_argument("--ver", action="store_true", help="show version on the control panel (incompatible by -np)")
+    ap2.add_argument("--ver", action="store_true", help="show version on the control panel (incompatible with -nb)")
     ap2.add_argument("--md-sbf", metavar="FLAGS", type=u, default="downloads forms popups scripts top-navigation-by-user-activation", help="list of capabilities to ALLOW for README.md docs (volflag=md_sbf); see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-sandbox")
     ap2.add_argument("--lg-sbf", metavar="FLAGS", type=u, default="downloads forms popups scripts top-navigation-by-user-activation", help="list of capabilities to ALLOW for prologue/epilogue docs  (volflag=lg_sbf)")
     ap2.add_argument("--no-sb-md", action="store_true", help="don't sandbox README.md documents (volflags: no_sb_md | sb_md)")

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 9, 1)
+VERSION = (1, 9, 2)
 CODENAME = "prometheable"
-BUILD_DT = (2023, 8, 20)
+BUILD_DT = (2023, 8, 26)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/httpcli.py

@@ -625,9 +625,27 @@ class HttpCli(object):
         headers: Optional[dict[str, str]] = None,
         volsan: bool = False,
     ) -> bytes:
-        if status == 404:
-            g = self.conn.hsrv.g404
-            if g.lim:
+        if status > 400 and status in (403, 404, 422):
+            if status == 404:
+                g = self.conn.hsrv.g404
+            elif status == 403:
+                g = self.conn.hsrv.g403
+            else:
+                g = self.conn.hsrv.g422
+
+            gurl = self.conn.hsrv.gurl
+            if (
+                gurl.lim
+                and (not g.lim or gurl.lim < g.lim)
+                and self.args.sus_urls.search(self.vpath)
+            ):
+                g = self.conn.hsrv.gurl
+
+            if g.lim and (
+                g == self.conn.hsrv.g422
+                or not self.args.nonsus_urls
+                or not self.args.nonsus_urls.search(self.vpath)
+            ):
                 bonk, ip = g.bonk(self.ip, self.vpath)
                 if bonk:
                     xban = self.vn.flags.get("xban")
@@ -642,9 +660,9 @@ class HttpCli(object):
                         0,
                         self.ip,
                         time.time(),
-                        "404",
+                        str(status),
                     ):
-                        self.log("client banned: 404s", 1)
+                        self.log("client banned: %ss" % (status,), 1)
                         self.conn.hsrv.bans[ip] = bonk
 
         if volsan:
@@ -843,14 +861,17 @@ class HttpCli(object):
 
         if not self.can_read and not self.can_write and not self.can_get:
             t = "@{} has no access to [{}]"
-            self.log(t.format(self.uname, self.vpath))
 
             if "on403" in self.vn.flags:
+                t += " (on403)"
+                self.log(t.format(self.uname, self.vpath))
                 ret = self.on40x(self.vn.flags["on403"], self.vn, self.rem)
                 if ret == "true":
                     return True
                 elif ret == "false":
                     return False
+                elif ret == "home":
+                    self.uparam["h"] = ""
                 elif ret == "allow":
                     self.log("plugin override; access permitted")
                     self.can_read = self.can_write = self.can_move = True
@@ -860,6 +881,10 @@ class HttpCli(object):
                     return self.tx_404(True)
             else:
                 if self.vpath:
+                    ptn = self.args.nonsus_urls
+                    if not ptn or not ptn.search(self.vpath):
+                        self.log(t.format(self.uname, self.vpath))
+
                     return self.tx_404(True)
 
                 self.uparam["h"] = ""
@@ -3256,7 +3281,7 @@ class HttpCli(object):
             dst = ""
         elif top:
             if not dst.startswith(top + "/"):
-                raise Pebkac(400, "arg funk")
+                raise Pebkac(422, "arg funk")
 
             dst = dst[len(top) + 1 :]
 
@@ -3278,8 +3303,9 @@ class HttpCli(object):
             sub = self.gen_tree("/".join([top, excl]).strip("/"), target)
             ret["k" + quotep(excl)] = sub
 
+        vfs = self.asrv.vfs
         try:
-            vn, rem = self.asrv.vfs.get(top, self.uname, True, False)
+            vn, rem = vfs.get(top, self.uname, True, False)
             fsroot, vfs_ls, vfs_virt = vn.ls(
                 rem,
                 self.uname,
@@ -3292,7 +3318,7 @@ class HttpCli(object):
             for v in self.rvol:
                 d1, d2 = v.rsplit("/", 1) if "/" in v else ["", v]
                 if d1 == top:
-                    vfs_virt[d2] = self.asrv.vfs  # typechk, value never read
+                    vfs_virt[d2] = vfs  # typechk, value never read
 
         dirs = []
 
@@ -3306,6 +3332,11 @@ class HttpCli(object):
 
         for x in vfs_virt:
             if x != excl:
+                try:
+                    dvn, drem = vfs.get(vjoin(top, x), self.uname, True, False)
+                    bos.stat(dvn.canonical(drem, False))
+                except:
+                    x += "\n"
                 dirs.append(x)
 
         ret["a"] = dirs
@@ -3800,7 +3831,9 @@ class HttpCli(object):
             pass
 
         # show dotfiles if permitted and requested
-        if not self.args.ed or "dots" not in self.uparam:
+        if not self.args.ed or (
+            "dots" not in self.uparam and (is_ls or "dots" not in self.cookies)
+        ):
             ls_names = exclude_dotfiles(ls_names)
 
         add_fk = vn.flags.get("fk")

copyparty/httpsrv.py

@@ -107,6 +107,9 @@ class HttpSrv(object):
         self.ssdp: Optional["SSDPr"] = None
         self.gpwd = Garda(self.args.ban_pw)
         self.g404 = Garda(self.args.ban_404)
+        self.g403 = Garda(self.args.ban_403)
+        self.g422 = Garda(self.args.ban_422, False)
+        self.gurl = Garda(self.args.ban_url)
         self.bans: dict[str, int] = {}
         self.aclose: dict[str, int] = {}
 

copyparty/svchub.py

@@ -100,11 +100,6 @@ class SvcHub(object):
 
         self.iphash = HMaccas(os.path.join(self.E.cfg, "iphash"), 8)
 
-        # for non-http clients (ftp)
-        self.bans: dict[str, int] = {}
-        self.gpwd = Garda(self.args.ban_pw)
-        self.g404 = Garda(self.args.ban_404)
-
         if args.sss or args.s >= 3:
             args.ss = True
             args.no_dav = True
@@ -121,6 +116,7 @@ class SvcHub(object):
             args.hardlink = True
             args.vague_403 = True
             args.ban_404 = "50,60,1440"
+            args.turbo = -1
             args.nih = True
 
         if args.s:
@@ -133,6 +129,14 @@ class SvcHub(object):
         if not self._process_config():
             raise Exception(BAD_CFG)
 
+        # for non-http clients (ftp)
+        self.bans: dict[str, int] = {}
+        self.gpwd = Garda(self.args.ban_pw)
+        self.g404 = Garda(self.args.ban_404)
+        self.g403 = Garda(self.args.ban_403)
+        self.g422 = Garda(self.args.ban_422)
+        self.gurl = Garda(self.args.ban_url)
+
         self.log_div = 10 ** (6 - args.log_tdec)
         self.log_efmt = "%02d:%02d:%02d.%0{}d".format(args.log_tdec)
         self.log_dfmt = "%04d-%04d-%06d.%0{}d".format(args.log_tdec)
@@ -399,6 +403,18 @@ class SvcHub(object):
             if vs and vs.startswith("~"):
                 setattr(al, k, os.path.expanduser(vs))
 
+        for k in "sus_urls nonsus_urls".split(" "):
+            vs = getattr(al, k)
+            if not vs or vs == "no":
+                setattr(al, k, None)
+            else:
+                setattr(al, k, re.compile(vs))
+
+        if not al.sus_urls:
+            al.ban_url = "no"
+        elif al.ban_url == "no":
+            al.sus_urls = None
+
         return True
 
     def _setlimits(self) -> None:

copyparty/up2k.py

@@ -867,8 +867,11 @@ class Up2k(object):
         if not HAVE_SQLITE3 or "e2d" not in flags or "d2d" in flags:
             return None
 
-        if bos.makedirs(histpath):
-            hidedir(histpath)
+        try:
+            if bos.makedirs(histpath):
+                hidedir(histpath)
+        except:
+            return None
 
         try:
             cur = self._open_db(db_path)

copyparty/util.py

@@ -926,7 +926,8 @@ class Magician(object):
 class Garda(object):
     """ban clients for repeated offenses"""
 
-    def __init__(self, cfg: str) -> None:
+    def __init__(self, cfg: str, uniq: bool = True) -> None:
+        self.uniq = uniq
         try:
             a, b, c = cfg.strip().split(",")
             self.lim = int(a)
@@ -972,7 +973,7 @@ class Garda(object):
             # assume /64 clients; drop 4 groups
             ip = IPv6Address(ip).exploded[:-20]
 
-        if prev:
+        if prev and self.uniq:
             if self.prev.get(ip) == prev:
                 return 0, ip
 
@@ -1447,7 +1448,7 @@ class MultipartParser(object):
         for buf in iterable:
             ret += buf
             if len(ret) > max_len:
-                raise Pebkac(400, "field length is too long")
+                raise Pebkac(422, "field length is too long")
 
         return ret
 

copyparty/web/browser.css

@@ -1620,6 +1620,12 @@ html.cz .tgl.btn.on {
 	list-style: none;
 	border-top: 1px solid var(--bg-u5);
 }
+#tree li.offline>a:first-child:before {
+	content: '❌';
+	position: absolute;
+	margin-left: -.25em;
+	z-index: 3;
+}
 #tree ul a.sel {
 	background: #000;
 	background: var(--bg-d3);

copyparty/web/browser.js

@@ -4623,7 +4623,11 @@ function tree_neigh(n) {
 	if (act >= links.length)
 		act = 0;
 
-	treectl.treego.call(links[act]);
+	if (showfile.active())
+		links[act].click();
+	else
+		treectl.treego.call(links[act]);
+
 	links[act].focus();
 }
 
@@ -4675,6 +4679,7 @@ function hkhelp() {
 }
 
 
+var fselgen, fselctr;
 document.onkeydown = function (e) {
 	if (e.altKey || e.isComposing)
 		return;
@@ -4719,15 +4724,26 @@ document.onkeydown = function (e) {
 	}
 
 	if (aet == 'tr' && ae.closest('#files')) {
-		var d = '';
+		var d = '', rem = 0;
 		if (k == 'ArrowUp') d = 'previous';
 		if (k == 'ArrowDown') d = 'next';
+		if (k == 'PageUp') { d = 'previous'; rem = 0.6; }
+		if (k == 'PageDown') { d = 'next'; rem = 0.6; }
 		if (d) {
-			var el = ae[d + 'ElementSibling'];
-			if (el) {
+			fselctr = 0;
+			var gen = fselgen = Date.now();
+			if (rem)
+				rem *= window.innerHeight;
+
+			function selfun() {
+				var el = ae[d + 'ElementSibling'];
+				if (!el || gen != fselgen)
+					return;
+
 				el.focus();
+				var elh = el.offsetHeight;
 				if (ctrl(e))
-					document.documentElement.scrollTop += (d == 'next' ? 1 : -1) * el.offsetHeight;
+					document.documentElement.scrollTop += (d == 'next' ? 1 : -1) * elh;
 
 				if (e.shiftKey) {
 					clmod(el, 'sel', 't');
@@ -4735,8 +4751,17 @@ document.onkeydown = function (e) {
 					msel.selui();
 				}
 
-				return ev(e);
+				rem -= elh;
+				if (rem > 0) {
+					ae = document.activeElement;
+					if (++fselctr % 5 && rem > elh * (FIREFOX ? 5 : 2))
+						selfun();
+					else
+						setTimeout(selfun, 1);
+				}
 			}
+			selfun();
+			return ev(e);
 		}
 		if (k == 'Space') {
 			clmod(ae, 'sel', 't');
@@ -5248,6 +5273,9 @@ var treectl = (function () {
 	bcfg_bind(r, 'csel', 'csel', false);
 	bcfg_bind(r, 'dots', 'dotfiles', false, function (v) {
 		r.goto(get_evpath());
+		var xhr = new XHR();
+		xhr.open('GET', SR + '/?setck=dots=' + (v ? 'y' : ''), true);
+		xhr.send();
 	});
 	bcfg_bind(r, 'dir1st', 'dir1st', true, function (v) {
 		treectl.gentab(get_evpath(), treectl.lsc);
@@ -5772,9 +5800,15 @@ var treectl = (function () {
 		var nodes = res.dirs.concat(res.files),
 			html = mk_files_header(res.taglist),
 			sel = r.lsc === res ? msel.getsel() : [],
+			ae = document.activeElement,
+			cid = null,
 			plain = [],
 			seen = {};
 
+		if (ae && /^tr$/i.exec(ae.nodeName))
+			if (ae = ae.querySelector('a[id]'))
+				cid = ae.getAttribute('id');
+
 		r.lsc = res;
 		if (res.unlist) {
 			var ptn = new RegExp(res.unlist);
@@ -5874,6 +5908,10 @@ var treectl = (function () {
 			else
 				msel.origin_id(null);
 
+			if (cid) try {
+				ebi(cid).closest('tr').focus();
+			} catch (ex) { }
+
 			setTimeout(eval_hash, 1);
 		}
 
@@ -5990,7 +6028,8 @@ var treectl = (function () {
 		for (var a = 0; a < keys.length; a++) {
 			var kk = keys[a],
 				ks = kk.slice(1),
-				k = uricom_sdec(ks),
+				ded = ks.endsWith('\n'),
+				k = uricom_sdec(ded ? ks.replace(/\n$/, '') : ks),
 				hek = esc(k[0]),
 				uek = k[1] ? uricom_enc(k[0], true) : k[0],
 				url = '/' + (top ? top + uek : uek) + '/',
@@ -6003,7 +6042,7 @@ var treectl = (function () {
 				ret += '<li>' + link + '\n<ul>\n' + subtree + '</ul></li>\n';
 			}
 			else {
-				ret += '<li>' + link + '</li>\n';
+				ret += (ded ? '<li class="offline">' : '<li>') + link + '</li>\n';
 			}
 		}
 		return ret;
@@ -7085,7 +7124,12 @@ function show_md(md, name, div, url, depth) {
 
 	try {
 		clmod(div, 'mdo', 1);
-		if (sandbox(div, sb_md, 'mdo', marked.parse(md, marked_opts)))
+
+		var md_html = marked.parse(md, marked_opts);
+		if (!have_emp)
+			md_html = DOMPurify.sanitize(md_html);
+
+		if (sandbox(div, sb_md, 'mdo', md_html))
 			return;
 
 		ext = md_plug.post;

copyparty/web/md.js

@@ -212,6 +212,8 @@ function convert_markdown(md_text, dest_dom) {
 
     try {
         var md_html = marked.parse(md_text, marked_opts);
+        if (!have_emp)
+            md_html = DOMPurify.sanitize(md_html);
     }
     catch (ex) {
         if (ext)

copyparty/web/up2k.js

@@ -2698,6 +2698,11 @@ function up2k_init(subtle) {
     }
 
     function draw_turbo() {
+        if (turbolvl < 0 && uc.turbo) {
+            bcfg_set('u2turbo', uc.turbo = false);
+            toast.err(10, "turbo is disabled in server config");
+        }
+
         var msg = (turbolvl || !uc.turbo) ? null : uc.fsearch ? L.u_ts : L.u_tu,
             html = ebi('u2foot').innerHTML;
 

docs/changelog.md

@@ -1,3 +1,38 @@
+▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
+# 2023-0820-2338  `v1.9.1`  prometheable
+
+## new features
+* #49 prometheus / grafana / openmetrics integration ([see readme](https://github.com/9001/copyparty#prometheus))
+  * read metrics from http://127.0.0.1:3923/.cpr/metrics after enabling with `--stats`
+* download a folder with all music transcoded to opus by adding `?tar=opus` or `?zip&opus` to the URL
+  * can also be used to download thumbnails instead of full images; `?tar=w` for webp, `?tar=j` for jpg
+    * so i guess the long-time requested feature of pre-generating thumbnails kind of happened after all, if you schedule a `curl http://127.0.0.1:3923/?tar=w >/dev/null` after server startup
+* u2c (commandline uploader): argument `-x` to exclude files by regex (compares absolute filesystem paths)
+* `--zm-spam 30` can be used to improve zeroconf / mDNS reliability on crazy networks
+  * only necessary if there are clients with multiple IPs and some of the IPs are outside the subnets that copyparty are in -- not spec-compliant, not really recommended, but shouldn't cause any issues either
+  * and `--mc-hop` wasn't actually implemented until now
+* dragging an image from another browser window onto the upload button is now possible
+  * only works on chrome, and only on windows or linux (not macos)
+* server hostname is prefixed in all window titles
+  * can be adjusted with `--bname` (the file explorer) and `--doctitle` (all other documents)
+  * can be disabled with `--nth` (just window title) or `--nih` (title + header)
+
+## bugfixes
+* docker: the autogenerated seeds for filekeys and account passwords now get persisted to the config volume (thx noktuas)
+* uploading files with fancy filenames could fail if the copyparty server is running on android
+* improve workarounds for some apple/iphone/ios jank (thx noktuas and spiky)
+  * some ui elements had their font-size selected by fair dice roll
+  * the volume control does nothing because [apple disabled it](https://developer.apple.com/library/archive/documentation/AudioVideo/Conceptual/Using_HTML5_Audio_Video/Device-SpecificConsiderations/Device-SpecificConsiderations.html#//apple_ref/doc/uid/TP40009523-CH5-SW11), so add a warning
+  * the image gallery cannot be fullscreened [as apple intended](https://developer.mozilla.org/en-US/docs/Web/API/Element/requestFullscreen#browser_compatibility) so add a warning
+
+## other changes
+* file table columns are now limited to browser window width
+* readme: mention that nginx-QUIC is currently very slow (thx noktuas)
+* #50 add a safeguard to the wget plugin in case wget at some point adds support for `file://` or similar
+* show a suggestion on startup to enable the database
+
+
+
 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  
 # 2023-0725-1550  `v1.8.8`  just boring bugfixes
 

docs/versus.md

@@ -148,7 +148,7 @@ symbol legend,
 
 | feature / software      | a | b | c | d | e | f | g | h | i | j | k | l |
 | ----------------------- | - | - | - | - | - | - | - | - | - | - | - | - |
-| download folder as zip  | █ | █ | █ | █ | █ |   | █ |   | █ | █ | ╱ | █ |
+| download folder as zip  | █ | █ | █ | █ | ╱ |   | █ |   | █ | █ | ╱ | █ |
 | download folder as tar  | █ |   |   |   |   |   |   |   |   | █ |   |   |
 | upload                  | █ | █ | █ | █ | █ | █ | █ | █ | █ | █ | █ | █ |
 | parallel uploads        | █ |   |   | █ | █ |   | • |   | █ |   | █ |   |
@@ -183,6 +183,7 @@ symbol legend,
 * `cloud storage backend` = able to serve files from (and write to) s3 or similar cloud services; `╱` means the software can do this with some help from `rclone mount` as a bridge
 
 * `a`/copyparty can reject uploaded files (based on complex conditions), for example [by extension](https://github.com/9001/copyparty/blob/hovudstraum/bin/hooks/reject-extension.py) or [mimetype](https://github.com/9001/copyparty/blob/hovudstraum/bin/hooks/reject-mimetype.py)
+* `e`/seafile download-as-zip is not streaming; it creates the full zipfile before download can start, and fails on big folders
 * `j`/filebrowser remarks:
   * can provide checksums for single files on request
   * can probably do extension/mimetype rejection similar to copyparty
@@ -432,6 +433,7 @@ symbol legend,
   * not that bad, can probably be remedied with bindmounts or maybe symlinks
 * ⚠️ uploads not resumable / accelerated / integrity-checked
   * ⚠️ on cloudflare: max upload size 100 MiB
+* ⚠️ uploading small files is slow; `2.2` files per sec (copyparty does `87`/sec), tested locally with [linuxserver/nextcloud](https://hub.docker.com/r/linuxserver/nextcloud) (sqlite)
 * ⚠️ no write-only / upload-only folders
 * ⚠️ http/webdav only; no ftp, zeroconf
 * ⚠️ less awesome music player
@@ -451,7 +453,9 @@ symbol legend,
   * *much worse than nextcloud* in that regard
 * ⚠️ uploads not resumable / accelerated / integrity-checked
   * ⚠️ on cloudflare: max upload size 100 MiB
+* ⚠️ uploading small files is slow; `2.7` files per sec (copyparty does `87`/sec), tested locally with [official container](https://manual.seafile.com/docker/deploy_seafile_with_docker/)
 * ⚠️ no write-only / upload-only folders
+* ⚠️ big folders cannot be zip-downloaded
 * ⚠️ http/webdav only; no ftp, zeroconf
 * ⚠️ less awesome music player
 * ⚠️ doesn't run on android or ipads

scripts/deps-docker/Dockerfile

@@ -3,6 +3,7 @@ WORKDIR /z
 ENV     ver_asmcrypto=c72492f4a66e17a0e5dd8ad7874de354f3ccdaa5 \
         ver_hashwasm=4.9.0 \
         ver_marked=4.3.0 \
+        ver_dompf=3.0.5 \
         ver_mde=2.18.0 \
         ver_codemirror=5.65.12 \
         ver_fontawesome=5.13.0 \
@@ -13,6 +14,7 @@ ENV     ver_asmcrypto=c72492f4a66e17a0e5dd8ad7874de354f3ccdaa5 \
 # https://github.com/markedjs/marked/releases
 # https://github.com/Ionaru/easy-markdown-editor/tags
 # https://github.com/codemirror/codemirror5/releases
+# https://github.com/cure53/DOMPurify/releases
 # https://github.com/Daninet/hash-wasm/releases
 # https://github.com/openpgpjs/asmcrypto.js
 # https://github.com/google/zopfli/tags
@@ -27,6 +29,7 @@ RUN     mkdir -p /z/dist/no-pk \
         && wget https://github.com/markedjs/marked/archive/v$ver_marked.tar.gz -O marked.tgz \
         && wget https://github.com/Ionaru/easy-markdown-editor/archive/$ver_mde.tar.gz -O mde.tgz \
         && wget https://github.com/codemirror/codemirror5/archive/$ver_codemirror.tar.gz -O codemirror.tgz \
+        && wget https://github.com/cure53/DOMPurify/archive/refs/tags/$ver_dompf.tar.gz -O dompurify.tgz \
         && wget https://github.com/FortAwesome/Font-Awesome/releases/download/$ver_fontawesome/fontawesome-free-$ver_fontawesome-web.zip -O fontawesome.zip \
         && wget https://github.com/google/zopfli/archive/zopfli-$ver_zopfli.tar.gz -O zopfli.tgz \
         && wget https://github.com/Daninet/hash-wasm/releases/download/v$ver_hashwasm/hash-wasm@$ver_hashwasm.zip -O hash-wasm.zip \
@@ -48,6 +51,7 @@ RUN     mkdir -p /z/dist/no-pk \
             && cd easy-markdown-editor* \
             && npm install \
             && npm i gulp-cli -g ) \
+        && tar -xf dompurify.tgz \
         && tar -xf prism.tgz \
         && unzip fontawesome.zip \
         && tar -xf zopfli.tgz
@@ -120,6 +124,10 @@ RUN     cd easy-markdown-editor-$ver_mde \
         && cp -pv dist/easymde.min.js /z/dist/easymde.js
 
 
+# build dompurify
+RUN     (echo; cat DOMPurify-$ver_dompf/dist/purify.min.js) >> /z/dist/marked.js
+
+
 # build fontawesome and scp
 COPY    mini-fa.sh /z
 COPY    mini-fa.css /z

scripts/pyinstaller/depchk.sh

@@ -44,7 +44,7 @@ ckgh() {
 			curl -s https://api.github.com/repos/$dep/releases | tee h |
 			jq -r 'first|.assets|.[]|.name'
 		)
-		[ -z "$k" ] && echo "outdated: $dep" && cp h "ng-$dep" e=1
+		[ -z "$k" ] && echo "outdated: $dep" && cp h "ng-$dep" && e=1
 	done
 	true
 }

scripts/pyinstaller/deps.sha512

@@ -1,12 +1,12 @@
 d5510a24cb5e15d6d30677335bbc7624c319b371c0513981843dc51d9b3a1e027661096dfcfc540634222bb2634be6db55bf95185b30133cb884f1e47652cf53  altgraph-0.17.3-py2.py3-none-any.whl
 eda6c38fc4d813fee897e969ff9ecc5acc613df755ae63df0392217bbd67408b5c1f6c676f2bf5497b772a3eb4e1a360e1245e1c16ee83f0af555f1ab82c3977  Git-2.39.1-32-bit.exe
 17ce52ba50692a9d964f57a23ac163fb74c77fdeb2ca988a6d439ae1fe91955ff43730c073af97a7b3223093ffea3479a996b9b50ee7fba0869247a56f74baa6  pefile-2023.2.7-py3-none-any.whl
-2410f79f25b55829169fdd45611c04f51932f7701c0601df64ade0eb545c96ba950b7be186eb082482506bc689fcde5fe09c1f6f7cd77c2107028959b7e0d06f  pyinstaller-5.12.0-py3-none-win32.whl
-62f4f3dda0526ea88cfc5af1806c7b53094672f4237d64c088626c226ad2fbc7549f6c9c6bbe5b228b1f87faf1e5c343ec468c485e4c17fe6d79c6b1f570153a  pyinstaller-5.12.0-py3-none-win_amd64.whl
-2612c263f73a02eab41404ba96e0c7cf8be4475104668b47dfbae50fadf977b3621dd4102682b301264d82b6e130d95ea84a28bf2106a626a1a2845dac16df47  pyinstaller_hooks_contrib-2023.3-py2.py3-none-any.whl
-132a5380f33a245f2e744413a0e1090bc42b7356376de5121397cec5976b04b79f7c9ebe28af222c9c7b01461f7d7920810d220e337694727e0d7cd9e91fa667  pywin32_ctypes-0.2.0-py2.py3-none-any.whl
+98ba6fa675d83264dbac5496ed8f2bdb0515928714b564e9d837ced95377e394f35d19c4f65a865ddbb053b940bce96c10ce8f6012ebce150a96e3cb7fc0cc60  pyinstaller-5.13.1-py3-none-win32.whl
+b8d4d1a80ef75e60cb2cae67331a6462ba7a05d4c68b526fe3299d99ff3d94c136c2d741f08f9d3cff457ffa188b1ebd91ba5af39abd7af416f833b2ea0e8a35  pyinstaller-5.13.1-py3-none-win_amd64.whl
+e6cd2a8e604f58b04c5694d82ac10460d39c643db89c3fd2643708dc6229f392e39fe423fbdea8921a89e75d7289238380e914dbf82049d87bb980fc6a36779f  pyinstaller_hooks_contrib-2023.7-py2.py3-none-any.whl
+749a473646c6d4c7939989649733d4c7699fd1c359c27046bf5bc9c070d1a4b8b986bbc65f60d7da725baf16dbfdd75a4c2f5bb8335f2cb5685073f5fee5c2d1  pywin32_ctypes-0.2.2-py3-none-any.whl
 3c5adf0a36516d284a2ede363051edc1bcc9df925c5a8a9fa2e03cab579dd8d847fdad42f7fd5ba35992e08234c97d2dbfec40a9d12eec61c8dc03758f2bd88e  typing_extensions-4.4.0-py3-none-any.whl
-4b6e9ae967a769fe32be8cf0bc0d5a213b138d1e0344e97656d08a3d15578d81c06c45b334c872009db2db8f39db0c77c94ff6c35168d5e13801917667c08678  upx-4.0.2-win32.zip
+8d16a967a0a7872a7575b1005cf66915deacda6ee8611fbb52f42fc3e3beb2f901a5140c942a5d146bd412b92bfa9cbadd82beeba83df6d70930c6dc26608a5b  upx-4.1.0-win32.zip
 # u2c (win7)
 a7d259277af4948bf960682bc9fb45a44b9ae9a19763c8a7c313cef4aa9ec2d447d843e4a7c409e9312c8c8f863a24487a8ee4ffa6891e9b1c4e111bb4723861  certifi-2022.12.7-py3-none-any.whl
 2822c0dae180b1c8cfb7a70c8c00bad62af9afdbb18b656236680def9d3f1fcdcb8ef5eb64fc3b4c934385cd175ad5992a2284bcba78a243130de75b2d1650db  charset_normalizer-3.1.0-cp37-cp37m-win32.whl
@@ -27,4 +27,4 @@ ba91ab0518c61eff13e5612d9e6b532940813f6b56e6ed81ea6c7c4d45acee4d98136a383a250675
 7f8f4daa4f4f2dbf24cdd534b2952ee3fba6334eb42b37465ccda3aa1cccc3d6204aa6bfffb8a83bf42ec59c702b5b5247d4c8ee0d4df906334ae53072ef8c4c  MarkupSafe-2.1.3-cp311-cp311-win_amd64.whl
 4a20aeb52d4fde6aabcba05ee261595eeb5482c72ee27332690f34dd6e7a49c0b3ba3813202ac15c9d21e29f1cd803f2e79ccc1c45ec314fcd0a937016bcbc56  mutagen-1.46.0-py3-none-any.whl
 926d408a886059a75cf12706fa061146f9f042b27fb6e65be7d49f398ed23fb0227639d84804586ac014c6bcf7d08cd86a09c1a20793d341aa0802d3d32a546b  Pillow-10.0.0-cp311-cp311-win_amd64.whl
-a48ee8992eee60a0d620dced71b9f96596f5dd510e3024015aca55884cdb3f9e2405734bfc13f3f40b79106a77bc442cce02ac4c8f5d16207448052b368fd52a  python-3.11.4-amd64.exe
+c86bbeacad3ae3c7bde747f5b4f09c11eced841add14e79ec4a064e5e29ebca35460e543ba735b11bfb882837d5ff4371ce64492d28d096b4686233c9a8cda6d  python-3.11.5-amd64.exe

scripts/pyinstaller/notes.txt

@@ -17,10 +17,10 @@ uname -s | grep NT-10 && w10=1 || {
 fns=(
   altgraph-0.17.3-py2.py3-none-any.whl
   pefile-2023.2.7-py3-none-any.whl
-  pyinstaller-5.10.1-py3-none-win_amd64.whl
-  pyinstaller_hooks_contrib-2023.2-py2.py3-none-any.whl
-  pywin32_ctypes-0.2.0-py2.py3-none-any.whl
-  upx-4.0.2-win32.zip
+  pyinstaller-5.13.1-py3-none-win_amd64.whl
+  pyinstaller_hooks_contrib-2023.7-py2.py3-none-any.whl
+  pywin32_ctypes-0.2.2-py3-none-any.whl
+  upx-4.1.0-win32.zip
 )
 [ $w10 ] && fns+=(
   mutagen-1.46.0-py3-none-any.whl
@@ -43,12 +43,11 @@ fns=(
 )
 [ $w7x64 ] && fns+=(
   windows6.1-kb2533623-x64.msu
-  pyinstaller-5.10.1-py3-none-win_amd64.whl
   python-3.7.9-amd64.exe
 )
 [ $w7x32 ] && fns+=(
   windows6.1-kb2533623-x86.msu
-  pyinstaller-5.10.1-py3-none-win32.whl
+  pyinstaller-5.13.1-py3-none-win32.whl
   python-3.7.9.exe
 )
 dl() { curl -fkLOC- "$1" && return 0; echo "$1"; return 1; }

scripts/test/smoketest.py

@@ -100,6 +100,7 @@ def tc1(vflags):
         "-p4321",
         "-e2dsa",
         "-e2tsr",
+        "--ban-403=no",
         "--dbd=yolo",
         "--no-mutagen",
         "--th-ff-jpg",

tests/util.py

@@ -189,6 +189,8 @@ class VHttpSrv(object):
 
         self.gpwd = Garda("")
         self.g404 = Garda("")
+        self.g403 = Garda("")
+        self.gurl = Garda("")
 
         self.ptn_cc = re.compile(r"[\x00-\x1f]")