ba02c9cc12readme fix + make hacker theme more hacker
ed
2023-09-08 19:35:12 +0000
11eefaf968create / edit non-markdown textfiles (if user has delete-access)
ed
2023-09-08 18:47:31 +0000
5a968f9e47add permission 'h': folders redirect to index.html; safest way to make copyparty like a general-purpose webserver where index.html is returned as expected yet directory listing is entirely disabled / unavailable
ed
2023-09-07 23:30:01 +0000
6420c4bd03up to 2.6x faster download-as-zip when there's lots of files, and especially small ones and also reduces cpu load by at least 15%
ed
2023-09-05 22:57:03 +0000
0f9877201bsupport cache directives in --css-browser, --js-browser; for example --css-browser=/the.css?cache=600 (seconds) or --js-browser=/.res/the.js?cache=i (7 days)
ed
2023-09-03 19:50:31 +0000
9ba2dec9b2lightbox: fix ccw rotation hotkey
ed
2023-09-03 19:23:29 +0000
ae9cfea939update pkgs to 1.9.4
ed
2023-09-02 00:45:57 +0000
b8adeb824amisc http correctness; some of this looks shady af but appears to have been harmless (decent amount of testing came out ok)
ed
2023-08-31 21:51:58 +0000
30cc9defcbcosmetics: * in case someone gets a confusing access-related error message, include more context in serverlogs (exact path) * fix js console spam in search results * same markdown line-height in viewer and browser
ed
2023-08-31 21:27:14 +0000
61875bd773slightly reduce flickering during page load on chrome
ed
2023-08-31 20:02:33 +0000
30905c6f5dadd convenient debugs in case the fight is not over
ed
2023-08-31 20:00:14 +0000
9986136dfbapple/ios/iphone: maybe fix background album playback
ed
2023-08-31 19:57:05 +0000
1c0d978979ios/iphone: autoreplace smart-quotes with sane quotes, as the iphone keyboard is not able to produce ' or "
ed
2023-08-31 19:29:37 +0000
0a0364e9f8FTPd: fix py3.12 support; workaround until next release: run sfx twice with PYTHONPATH=/tmp/pe-copyparty.$(id -u)/copyparty/vend
ed
2023-08-28 00:25:33 +0000
3376fbde1aupdate pkgs to 1.9.2
ed
2023-08-26 22:09:43 +0000
c1c8dc5e82ok lets try that again
ed
2023-08-26 19:07:23 +0000
5a38311481mark offline volumes in directory tree sidebar
ed
2023-08-26 19:00:46 +0000
9f8edb7f32make markdown slightly safer without the nohtml volflag by running dompurify after marked.parse if plugins are not enabled; adds no protection against the more practical approach of just putting a malicious <script> in an html file and uploading that, but one footgun less is one less footgun
ed
2023-08-26 17:37:02 +0000
c5a6ac8417persist dotfile preference as cookie for initial listing
ed
2023-08-26 15:50:57 +0000
50e01d6904add more autoban triggers: * --ban-url: URLs which 404 and also match --sus-urls (bot-scan) * --ban-403: trying to access volumes that dont exist or require auth * --ban-422: invalid POST messages, fuzzing and such * --nonsus-urls: regex of 404s which shouldn't trigger --ban-404
ed
2023-08-26 13:52:24 +0000
9b46291a20add option to force-disable turbo, making it safer to enable --ban-404 (u2c can still get banned inadvertently)
ed
2023-08-26 13:19:38 +0000
14497b2425docs: * mention cloudflare-specific nginx config
ed
2023-08-25 21:57:26 +0000
f7ceae5a5fadd filetable range-select with shift-pgup/pgdn, and retain file selection cursor when lazyloading more files
ed
2023-08-25 19:34:37 +0000
c9492d16bafix textfile navigation hotkeys (broke in 5d13ebb4)
ed
2023-08-25 18:41:45 +0000
9fb9ada3aadont whine about inaccessible root on rootless configs, and make it easier for on403 to invoke the homepage-redirect
ed
2023-08-25 18:33:15 +0000
7673beef72actually impl --mc-hop (and improve --zm-spam)
ed
2023-08-20 21:27:28 +0000
b28bfe64c0explain apple bullshit
ed
2023-08-20 22:09:00 +0200
135ece3fbdimmediately allow uploading an interrupted and deleted incomplete upload to another location
ed
2023-08-20 19:16:35 +0000
bd3640d256change to openmetrics
ed
2023-08-20 18:50:14 +0000
fc0405c8f3add prometheus metrics; closes#49
ed
2023-08-20 17:58:06 +0000
7df890d964wget: only allow http/https/ftp/ftps (#50): these are all the protocols that are currently supported by wget, so this has no practical effect aside from making sure we won't suddenly get file:// support or something (which would be bad)
ed
2023-08-20 09:47:50 +0000
8341041857mdns: option to ignore spec to avoid issues on networks where clients have multiple IPs of which some are subnets that the copyparty server is not
ed
2023-08-19 21:45:26 +0000
1b7634932dtar/zip-download: add opus transcoding filter
ed
2023-08-19 19:40:46 +0000
48a3898aa6suggest enabling the database on startup
ed
2023-08-16 19:57:19 +0000
5d13ebb4acavoid firefox-android quirk(?): when repeatedly tapping the next-folder button, occasionally it will reload the entire page instead of ajax'ing the directory contents.
ed
2023-08-16 19:56:47 +0000
015b87ee99performance / cosmetic: * js: use .call instead of .bind when possible * when running without e2d, the message on startup regarding unfinished uploads didn't show the correct filesystem path
ed
2023-08-16 19:32:43 +0000
0a48acf6belimit each column of the files table to screen width
ed
2023-08-16 03:55:53 +0000
2b6a3afd38fix iOS randomly increasing fontsize of some things: * links which are wider than the display width * probably input fields too
ed
2023-08-16 03:47:19 +0000
18aa82fb2fmake browser resizing smoother / less expensive
ed
2023-08-15 16:55:19 +0000
f5407b2997docker: persist autogenerated seeds, disable certgen, and mention how to run the containers with selinux enabled * assumes that a /cfg docker volume is provided
ed
2023-08-15 15:07:33 +0000
474d5a155bandroid's got hella strict filename rules
ed
2023-08-15 06:46:57 +0200
afcd98b794mention some gotchas (thx noktuas)
ed
2023-08-15 03:38:51 +0200
4f80e44ff7option to exactly specify browser title prefix
ed
2023-08-15 03:17:01 +0200
406e413594hint at additional context in exceptions
ed
2023-08-15 01:42:13 +0200
033b50ae1bu2c: exclude files by regex
ed
2023-08-15 00:45:12 +0200
bee26e853bshow server hostname in html titles: * --doctitle defines most titles, prefixed with "--name: " by default * the file browser is only prefixed with the --name itself * --nth ("no-title-hostname") removes it * also removed by --nih ("no-info-hostname")
ed
2023-08-14 23:50:13 +0200
04a1f7040eadjustable timestamp resolution in log messages
ed
2023-08-14 17:22:22 +0200
1ff7f968e8fix tls-cert regeneration on windows
ed
2023-07-25 15:27:27 +0000
3966266207remember ?edit and trailing-slash during login redirect
ed
2023-07-25 15:14:47 +0000
d03e96a392html5 strips the first leading LF in textareas; stop it
ed
2023-07-25 14:16:54 +0000
4c843c6df9fix md-editor lastmod cmp when browsercache is belligerent
ed
2023-07-25 14:06:53 +0000
0896c5295crange-select fixes: * dont crash when shiftclicking between folders * remember origin when lazyloading more files
ed
2023-07-25 14:06:31 +0200
cc0c9839ebupdate pkgs to 1.8.7
ed
2023-07-23 16:16:49 +0000
1a658dedb7fix infinite playback spin on servers with one single file
ed
2023-07-23 14:52:42 +0000
8d376b854cthis is the wrong way around
ed
2023-07-23 14:10:23 +0000
490c16b01dbe even stricter with ?hc
ed
2023-07-23 13:23:52 +0000
2437a4e864the CVE-2023-37474 fix was overly strict; loosen
ed
2023-07-23 11:31:11 +0000
007d948cb9fix GHSA-f54q-j679-p9hh: reflected-XSS in cookie-setters; it was possible to set cookie values which contained newlines, thus terminating the http header and bleeding into the body.
ed
2023-07-23 10:55:08 +0000
335fcc8535update pkgs to 1.8.6
ed
2023-07-21 01:12:55 +0000
5aa54d1217shift/ctrl-click improvements: * always enable shift-click selection in list-view * shift-clicking thumbnails opens in new window by default as expected * enable shift-select in grid-view when multiselect is on * invert select when the same shift-select is made repeatedly
ed
2023-07-16 18:15:56 +0000
88b876027coption to range-select files with shift-click; closes#47 also restores the browser-default behavior of opening links in a new tab with CTRL / new window with SHIFT
ed
2023-07-16 14:05:09 +0000
fcc3aa98fdadd path-traversal scanners
ed
2023-07-16 13:09:31 +0000
f2f5e266b4support listing uploader IPs in d2t volumes
ed
2023-07-15 18:50:35 +0000
e17bf8f325require the new admin permission for the admin-panel
ed
2023-07-15 18:39:41 +0000
d19cb32bf3update pkgs to 1.8.2
ed
2023-07-14 16:05:57 +0000
043e3c7dd6fix traversal vulnerability GHSA-pxfv-7rr3-2qjg: the /.cpr endpoint allowed full access to server filesystem, unless mitigated by prisonparty
ed
2023-07-14 15:55:49 +0000
8f59afb159fix another race (unpost): unposting could collide with most other database-related activities, causing one or the other to fail. luckily the unprotected query performed by the unpost API happens to be very cheap, so also the most likely to fail, and would succeed upon a manual reattempt from the UI. even in the worst case scenario, there would be no unrecoverable damage as the next rescan would auto-repair any resulting inconsistencies.
ed
2023-07-14 15:21:14 +0000
77f1e51444fix unlikely race (e2tsr): if someone with admin rights refreshes the homepage exactly as the directory indexer decides to _drop_caches, the indexer thread would die and the up2k instance would become inoperable... luckily the probability of hitting this by chance is absolutely minimal, and the worst case scenario is having to restart copyparty if this happens immediately after startup; there is no risk of database damage
ed
2023-07-14 15:20:25 +0000
22fc4bb938add event-hook for banning users
ed
2023-07-13 22:29:32 +0000
50c7bba6eavolflag "nohtml" to never return html or rendered markdown from potentially unsafe volumes
ed
2023-07-13 21:57:52 +0000
551d99b71badd permission "a" to show uploader IPs (#45)
ed
2023-07-12 21:36:55 +0000
b54b7213a7more thumbnailer configs available as volflags: --th-convt = convt --th-no-crop = nocrop --th-size = thsize
ed
2023-07-11 22:15:37 +0000
a14943c8deupdate pkgs to 1.8.1
ed
2023-07-07 23:58:16 +0000
ed
