copyparty 1.14.1__tar.gz → 1.14.3__tar.gz

{copyparty-1.14.1 → copyparty-1.14.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: copyparty
-Version: 1.14.1
+Version: 1.14.3
 Summary:   Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -52,7 +52,9 @@ Requires-Dist: partftpy>=0.4.0; extra == "tftpd"
 Provides-Extra: pwhash
 Requires-Dist: argon2-cffi; extra == "pwhash"
 
-# 💾🎉 copyparty
+<img src="docs/logo.svg" width="250" align="right"/>
+
+### 💾🎉 copyparty
 
 turn almost any device into a file server with resumable uploads/downloads using [*any*](#browser-support) web browser
 
@@ -804,14 +806,16 @@ you can move files across browser tabs (cut in one tab, paste in another)
 
 share a file or folder by creating a temporary link
 
-when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or select a file first to share only that file
+when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or alternatively:
+* select a folder first to share that folder instead
+* select one or more files to share only those files
 
 this feature was made with [identity providers](#identity-providers) in mind -- configure your reverseproxy to skip the IdP's access-control for a given URL prefix and use that to safely share specific files/folders sans the usual auth checks
 
 when creating a share, the creator can choose any of the following options:
 
 * password-protection
-* expire after a certain time
+* expire after a certain time; `0` or blank means infinite
 * allow visitors to upload (if the user who creates the share has write-access)
 
 semi-intentional limitations:
@@ -822,10 +826,17 @@ semi-intentional limitations:
   * when linking something to discord (for example) it'll get accessed by their scraper and that would count as a hit
   * browsers wouldn't be able to resume a broken download unless the requester's IP gets allowlisted for X minutes (ref. tricky)
 
-the links are created inside a specific toplevel folder which must be specified with server-config `--shr`, for example `--shr /share/` (this also enables the feature)
+specify `--shr /foobar` to enable this feature; a toplevel virtual folder named `foobar` is then created, and that's where all the shares will be served from
+
+* you can name it whatever, `foobar` is just an example
+* if you're using config files, put `shr: /foobar` inside the `[global]` section instead
 
 users can delete their own shares in the controlpanel, and a list of privileged users (`--shr-adm`) are allowed to see and/or delet any share on the server
 
+after a share has expired, it remains visible in the controlpanel for `--shr-rt` minutes (default is 1 day), and the owner can revive it by extending the expiration time there
+
+**security note:** using this feature does not mean that you can skip the [accounts and volumes](#accounts-and-volumes) section -- you still need to restrict access to volumes that you do not intend to share with unauthenticated users! it is not sufficient to use rules in the reverseproxy to restrict access to just the `/share` folder.
+
 
 ## batch rename
 

{copyparty-1.14.1 → copyparty-1.14.3}/README.md

@@ -1,4 +1,6 @@
-# 💾🎉 copyparty
+<img src="docs/logo.svg" width="250" align="right"/>
+
+### 💾🎉 copyparty
 
 turn almost any device into a file server with resumable uploads/downloads using [*any*](#browser-support) web browser
 
@@ -750,14 +752,16 @@ you can move files across browser tabs (cut in one tab, paste in another)
 
 share a file or folder by creating a temporary link
 
-when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or select a file first to share only that file
+when enabled in the server settings (`--shr`), click the bottom-right `share` button to share the folder you're currently in, or alternatively:
+* select a folder first to share that folder instead
+* select one or more files to share only those files
 
 this feature was made with [identity providers](#identity-providers) in mind -- configure your reverseproxy to skip the IdP's access-control for a given URL prefix and use that to safely share specific files/folders sans the usual auth checks
 
 when creating a share, the creator can choose any of the following options:
 
 * password-protection
-* expire after a certain time
+* expire after a certain time; `0` or blank means infinite
 * allow visitors to upload (if the user who creates the share has write-access)
 
 semi-intentional limitations:
@@ -768,10 +772,17 @@ semi-intentional limitations:
   * when linking something to discord (for example) it'll get accessed by their scraper and that would count as a hit
   * browsers wouldn't be able to resume a broken download unless the requester's IP gets allowlisted for X minutes (ref. tricky)
 
-the links are created inside a specific toplevel folder which must be specified with server-config `--shr`, for example `--shr /share/` (this also enables the feature)
+specify `--shr /foobar` to enable this feature; a toplevel virtual folder named `foobar` is then created, and that's where all the shares will be served from
+
+* you can name it whatever, `foobar` is just an example
+* if you're using config files, put `shr: /foobar` inside the `[global]` section instead
 
 users can delete their own shares in the controlpanel, and a list of privileged users (`--shr-adm`) are allowed to see and/or delet any share on the server
 
+after a share has expired, it remains visible in the controlpanel for `--shr-rt` minutes (default is 1 day), and the owner can revive it by extending the expiration time there
+
+**security note:** using this feature does not mean that you can skip the [accounts and volumes](#accounts-and-volumes) section -- you still need to restrict access to volumes that you do not intend to share with unauthenticated users! it is not sufficient to use rules in the reverseproxy to restrict access to just the `/share` folder.
+
 
 ## batch rename
 

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/__main__.py

@@ -969,9 +969,10 @@ def add_fs(ap):
 def add_share(ap):
     db_path = os.path.join(E.cfg, "shares.db")
     ap2 = ap.add_argument_group('share-url options')
-    ap2.add_argument("--shr", metavar="URL", default="", help="base url for shared files, for example [\033[32m/share\033[0m] (must be a toplevel subfolder)")
-    ap2.add_argument("--shr-db", metavar="PATH", default=db_path, help="database to store shares in")
-    ap2.add_argument("--shr-adm", metavar="U,U", default="", help="comma-separated list of users allowed to view/delete any share")
+    ap2.add_argument("--shr", metavar="DIR", type=u, default="", help="toplevel virtual folder for shared files/folders, for example [\033[32m/share\033[0m]")
+    ap2.add_argument("--shr-db", metavar="FILE", type=u, default=db_path, help="database to store shares in")
+    ap2.add_argument("--shr-adm", metavar="U,U", type=u, default="", help="comma-separated list of users allowed to view/delete any share")
+    ap2.add_argument("--shr-rt", metavar="MIN", type=int, default=1440, help="shares can be revived by their owner if they expired less than MIN minutes ago; [\033[32m60\033[0m]=hour, [\033[32m1440\033[0m]=day, [\033[32m10080\033[0m]=week")
     ap2.add_argument("--shr-v", action="store_true", help="debug")
 
 
@@ -1406,7 +1407,7 @@ def add_ui(ap, retry):
     ap2 = ap.add_argument_group('ui options')
     ap2.add_argument("--grid", action="store_true", help="show grid/thumbnails by default (volflag=grid)")
     ap2.add_argument("--gsel", action="store_true", help="select files in grid by ctrl-click (volflag=gsel)")
-    ap2.add_argument("--lang", metavar="LANG", type=u, default="eng", help="language; one of the following: \033[32meng nor\033[0m")
+    ap2.add_argument("--lang", metavar="LANG", type=u, default="eng", help="language; one of the following: \033[32meng nor chi\033[0m")
     ap2.add_argument("--theme", metavar="NUM", type=int, default=0, help="default theme to use (0..7)")
     ap2.add_argument("--themes", metavar="NUM", type=int, default=8, help="number of themes installed")
     ap2.add_argument("--au-vol", metavar="0-100", type=int, default=50, choices=range(0, 101), help="default audio/video volume percent")

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 14, 1)
+VERSION = (1, 14, 3)
 CODENAME = "one step forward"
-BUILD_DT = (2024, 8, 19)
+BUILD_DT = (2024, 8, 30)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/authsrv.py

@@ -35,6 +35,7 @@ from .util import (
     odfusion,
     relchk,
     statdir,
+    ub64enc,
     uncyg,
     undot,
     unhumanize,
@@ -337,6 +338,7 @@ class VFS(object):
         self.dbv  = None  # closest full/non-jump parent
         self.lim  = None  # upload limits; only set for dbv
         self.shr_src   = None  # source vfs+rem of a share
+        self.shr_files  = set()  # filenames to include from shr_src
         self.aread   = {}
         self.awrite   = {}
         self.amove   = {}
@@ -362,6 +364,7 @@ class VFS(object):
             self.all_vps = []
 
         self.get_dbv = self._get_dbv
+        self.ls = self._ls
 
     def __repr__(self)  :
         return "VFS(%s)" % (
@@ -558,7 +561,26 @@ class VFS(object):
         ad, fn = os.path.split(ap)
         return os.path.join(absreal(ad), fn)
 
-    def ls(
+    def _ls_nope(
+        self, *a, **ka
+    )      :
+        raise Pebkac(500, "nope.avi")
+
+    def _ls_shr(
+        self,
+        rem ,
+        uname ,
+        scandir ,
+        permsets ,
+        lstat  = False,
+    )      :
+        """replaces _ls for certain shares (single-file, or file selection)"""
+        vn, rem = self.shr_src  # type: ignore
+        abspath, real, _ = vn.ls(rem, "\n", scandir, permsets, lstat)
+        real = [x for x in real if os.path.basename(x[0]) in self.shr_files]
+        return abspath, real, {}
+
+    def _ls(
         self,
         rem ,
         uname ,
@@ -1501,14 +1523,14 @@ class AuthSrv(object):
             import sqlite3
 
             shv = VFS(self.log_func, "", shr, AXS(), {"d2d": True})
-            par = vfs.all_vols[""]
 
             db_path = self.args.shr_db
             db = sqlite3.connect(db_path)
             cur = db.cursor()
+            cur2 = db.cursor()
             now = time.time()
             for row in cur.execute("select * from sh"):
-                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                s_k, s_pw, s_vp, s_pr, s_nf, s_un, s_t0, s_t1 = row
                 if s_t1 and s_t1 < now:
                     continue
 
@@ -1517,7 +1539,10 @@ class AuthSrv(object):
                     self.log(t % (s_pr, s_k, s_un, s_vp))
 
                 if s_pw:
-                    sun = "s_%s" % (s_k,)
+                    # gotta reuse the "account" for all shares with this pw,
+                    # so do a light scramble as this appears in the web-ui
+                    zs = ub64enc(hashlib.sha512(s_pw.encode("utf-8")).digest())[4:16]
+                    sun = "s_%s" % (zs.decode("utf-8"),)
                     acct[sun] = s_pw
                 else:
                     sun = "*"
@@ -1532,13 +1557,14 @@ class AuthSrv(object):
                 # don't know the abspath yet + wanna ensure the user
                 # still has the privs they granted, so nullmap it
                 shv.nodes[s_k] = VFS(
-                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, par.flags.copy()
+                    self.log_func, "", "%s/%s" % (shr, s_k), s_axs, shv.flags.copy()
                 )
 
             vfs.nodes[shr] = vfs.all_vols[shr] = shv
             for vol in shv.nodes.values():
                 vfs.all_vols[vol.vpath] = vol
                 vol.get_dbv = vol._get_share_src
+                vol.ls = vol._ls_nope
 
         zss = set(acct)
         zss.update(self.idp_accs)
@@ -2048,6 +2074,9 @@ class AuthSrv(object):
             if not self.warn_anonwrite or verbosity < 5:
                 break
 
+            if enshare and (zv.vpath == shr or zv.vpath.startswith(shrs)):
+                continue
+
             t += '\n\033[36m"/{}"  \033[33m{}\033[0m'.format(zv.vpath, zv.realpath)
             for txt, attr in [
                 ["  read", "uread"],
@@ -2154,10 +2183,9 @@ class AuthSrv(object):
                 if x != shr and not x.startswith(shrs)
             }
 
-            assert cur  # type: ignore
-            assert shv  # type: ignore
+            assert db and cur and cur2 and shv  # type: ignore
             for row in cur.execute("select * from sh"):
-                s_k, s_pw, s_vp, s_pr, s_st, s_un, s_t0, s_t1 = row
+                s_k, s_pw, s_vp, s_pr, s_nf, s_un, s_t0, s_t1 = row
                 shn = shv.nodes.get(s_k, None)
                 if not shn:
                     continue
@@ -2172,6 +2200,17 @@ class AuthSrv(object):
                     shv.nodes.pop(s_k)
                     continue
 
+                fns = []
+                if s_nf:
+                    q = "select vp from sf where k = ?"
+                    for (s_fn,) in cur2.execute(q, (s_k,)):
+                        fns.append(s_fn)
+
+                    shn.shr_files = set(fns)
+                    shn.ls = shn._ls_shr
+                else:
+                    shn.ls = shn._ls
+
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
@@ -2191,6 +2230,10 @@ class AuthSrv(object):
                     # hide subvolume
                     vn.nodes[zs] = VFS(self.log_func, "", "", AXS(), {})
 
+            cur2.close()
+            cur.close()
+            db.close()
+
     def chpw(self, broker , uname, pw)   :
         if not self.args.chpw:
             return False, "feature disabled in server config"

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/httpcli.py

@@ -1607,8 +1607,8 @@ class HttpCli(object):
         if "delete" in self.uparam:
             return self.handle_rm([])
 
-        if "unshare" in self.uparam:
-            return self.handle_unshare()
+        if "eshare" in self.uparam:
+            return self.handle_eshare()
 
         if "application/octet-stream" in ctype:
             return self.handle_post_binary()
@@ -3262,7 +3262,8 @@ class HttpCli(object):
                     raise Exception("not found in registry")
                 self.pipes.set(req_path, job)
             except Exception as ex:
-                self.log("will not pipe [%s]; %s" % (ap_data, ex), 6)
+                if getattr(ex, "errno", 0) != errno.ENOENT:
+                    self.log("will not pipe [%s]; %s" % (ap_data, ex), 6)
                 ptop = None
 
         #
@@ -3954,6 +3955,7 @@ class HttpCli(object):
             rvol=rvol,
             wvol=wvol,
             avol=avol,
+            in_shr=self.args.shr and self.vpath.startswith(self.args.shr[1:]),
             vstate=vstate,
             scanning=vs["scanning"],
             hashq=vs["hashq"],
@@ -4002,10 +4004,10 @@ class HttpCli(object):
     def tx_404(self, is_403  = False)  :
         rc = 404
         if self.args.vague_403:
-            t = '<h1 id="n">404 not found &nbsp;┐( ´ -`)┌</h1><p id="o">or maybe you don\'t have access -- try logging in or <a href="{}/?h">go home</a></p>'
-            pt = "404 not found  ┐( ´ -`)┌   (or maybe you don't have access -- try logging in)"
+            t = '<h1 id="n">404 not found &nbsp;┐( ´ -`)┌</h1><p id="o">or maybe you don\'t have access -- try a password or <a href="{}/?h">go home</a></p>'
+            pt = "404 not found  ┐( ´ -`)┌   (or maybe you don't have access -- try a password)"
         elif is_403:
-            t = '<h1 id="p">403 forbiddena &nbsp;~┻━┻</h1><p id="q">you\'ll have to log in or <a href="{}/?h">go home</a></p>'
+            t = '<h1 id="p">403 forbiddena &nbsp;~┻━┻</h1><p id="q">use a password or <a href="{}/?h">go home</a></p>'
             pt = "403 forbiddena ~┻━┻   (you'll have to log in)"
             rc = 403
         else:
@@ -4022,7 +4024,8 @@ class HttpCli(object):
 
         t = t.format(self.args.SR)
         qv = quotep(self.vpaths) + self.ourlq()
-        html = self.j2s("splash", this=self, qvpath=qv, msg=t)
+        in_shr = self.args.shr and self.vpath.startswith(self.args.shr[1:])
+        html = self.j2s("splash", this=self, qvpath=qv, in_shr=in_shr, msg=t)
         self.reply(html.encode("utf-8"), status=rc)
         return True
 
@@ -4297,7 +4300,7 @@ class HttpCli(object):
         self.reply(html.encode("utf-8"), status=200)
         return True
 
-    def handle_unshare(self)  :
+    def handle_eshare(self)  :
         idx = self.conn.get_u2idx()
         if not idx or not hasattr(idx, "p_end"):
             if not HAVE_SQLITE3:
@@ -4305,7 +4308,7 @@ class HttpCli(object):
             raise Pebkac(500, "server busy, cannot create share; please retry in a bit")
 
         if self.args.shr_v:
-            self.log("handle_unshare: " + self.req)
+            self.log("handle_eshare: " + self.req)
 
         cur = idx.get_shr()
         if not cur:
@@ -4313,18 +4316,36 @@ class HttpCli(object):
 
         skey = self.vpath.split("/")[-1]
 
-        uns = cur.execute("select un from sh where k = ?", (skey,)).fetchall()
-        un = uns[0][0] if uns and uns[0] else ""
+        rows = cur.execute("select un, t1 from sh where k = ?", (skey,)).fetchall()
+        un = rows[0][0] if rows and rows[0] else ""
 
         if not un:
             raise Pebkac(400, "that sharekey didn't match anything")
 
+        expiry = rows[0][1]
+
         if un != self.uname and self.uname != self.args.shr_adm:
             t = "your username (%r) does not match the sharekey's owner (%r) and you're not admin"
             raise Pebkac(400, t % (self.uname, un))
 
-        cur.execute("delete from sh where k = ?", (skey,))
+        reload = False
+        act = self.uparam["eshare"]
+        if act == "rm":
+            cur.execute("delete from sh where k = ?", (skey,))
+            if skey in self.asrv.vfs.nodes[self.args.shr.strip("/")].nodes:
+                reload = True
+        else:
+            now = time.time()
+            if expiry < now:
+                expiry = now
+                reload = True
+            expiry += int(act) * 60
+            cur.execute("update sh set t1 = ? where k = ?", (expiry, skey))
+
         cur.connection.commit()
+        if reload:
+            self.conn.hsrv.broker.ask("_reload_blocking", False, False).get()
+            self.conn.hsrv.broker.ask("up2k.wake_rescanner").get()
 
         self.redirect(self.args.SRS + "?shares")
         return True
@@ -4340,11 +4361,31 @@ class HttpCli(object):
             self.log("handle_share: " + json.dumps(req, indent=4))
 
         skey = req["k"]
-        vp = req["vp"].strip("/")
+        vps = req["vp"]
+        fns = []
+        if len(vps) == 1:
+            vp = vps[0]
+            if not vp.endswith("/"):
+                vp, zs = vp.rsplit("/", 1)
+                fns = [zs]
+        else:
+            for zs in vps:
+                if zs.endswith("/"):
+                    t = "you cannot select more than one folder, or mix flies and folders in one selection"
+                    raise Pebkac(400, t)
+            vp = vps[0].rsplit("/", 1)[0]
+            for zs in vps:
+                vp2, fn = zs.rsplit("/", 1)
+                fns.append(fn)
+                if vp != vp2:
+                    t = "mismatching base paths in selection:\n  [%s]\n  [%s]"
+                    raise Pebkac(400, t % (vp, vp2))
+
+        vp = vp.strip("/")
         if self.is_vproxied and (vp == self.args.R or vp.startswith(self.args.RS)):
             vp = vp[len(self.args.RS) :]
 
-        m = re.search(r"([^0-9a-zA-Z_\.-]|\.\.|^\.)", skey)
+        m = re.search(r"([^0-9a-zA-Z_-])", skey)
         if m:
             raise Pebkac(400, "sharekey has illegal character [%s]" % (m[1],))
 
@@ -4371,29 +4412,41 @@ class HttpCli(object):
         except:
             raise Pebkac(400, "you dont have all the perms you tried to grant")
 
-        ap = vfs.canonical(rem)
-        st = bos.stat(ap)
-        ist = 2 if stat.S_ISDIR(st.st_mode) else 1
+        ap, reals, _ = vfs.ls(
+            rem, self.uname, not self.args.no_scandir, [[s_rd, s_wr, s_mv, s_del]]
+        )
+        rfns = set([x[0] for x in reals])
+        for fn in fns:
+            if fn not in rfns:
+                raise Pebkac(400, "selected file not found on disk: [%s]" % (fn,))
 
         pw = req.get("pw") or ""
         now = int(time.time())
         sexp = req["exp"]
-        exp = now + int(sexp) * 60 if sexp else 0
+        exp = int(sexp) if sexp else 0
+        exp = now + exp * 60 if exp else 0
         pr = "".join(zc for zc, zb in zip("rwmd", (s_rd, s_wr, s_mv, s_del)) if zb)
 
         q = "insert into sh values (?,?,?,?,?,?,?,?)"
-        cur.execute(q, (skey, pw, vp, pr, ist, self.uname, now, exp))
-        cur.connection.commit()
+        cur.execute(q, (skey, pw, vp, pr, len(fns), self.uname, now, exp))
+
+        q = "insert into sf values (?,?)"
+        for fn in fns:
+            cur.execute(q, (skey, fn))
 
+        cur.connection.commit()
         self.conn.hsrv.broker.ask("_reload_blocking", False, False).get()
         self.conn.hsrv.broker.ask("up2k.wake_rescanner").get()
 
-        surl = "%s://%s%s%s%s" % (
+        fn = quotep(fns[0]) if len(fns) == 1 else ""
+
+        surl = "created share: %s://%s%s%s%s/%s" % (
             "https" if self.is_https else "http",
             self.host,
             self.args.SR,
             self.args.shr,
             skey,
+            fn,
         )
         self.loud_reply(surl, status=201)
         return True

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/svchub.py

@@ -100,6 +100,7 @@ class SvcHub(object):
         self.no_ansi = args.no_ansi
         self.logf  = None
         self.logf_base_fn = ""
+        self.is_dut = False  # running in unittest; always False
         self.stop_req = False
         self.stopping = False
         self.stopped = False
@@ -370,11 +371,18 @@ class SvcHub(object):
 
         import sqlite3
 
-        al.shr = "/%s/" % (al.shr.strip("/"))
+        al.shr = al.shr.strip("/")
+        if "/" in al.shr or not al.shr:
+            t = "config error: --shr must be the name of a virtual toplevel directory to put shares inside"
+            self.log("root", t, 1)
+            raise Exception(t)
+
+        al.shr = "/%s/" % (al.shr,)
 
         create = True
+        modified = False
         db_path = self.args.shr_db
-        self.log("root", "initializing shares-db %s" % (db_path,))
+        self.log("root", "opening shares-db %s" % (db_path,))
         for n in range(2):
             try:
                 db = sqlite3.connect(db_path)
@@ -400,18 +408,43 @@ class SvcHub(object):
                     pass
                 os.unlink(db_path)
 
+        sch1 = [
+            r"create table kv (k text, v int)",
+            r"create table sh (k text, pw text, vp text, pr text, st int, un text, t0 int, t1 int)",
+            # sharekey, password, src, perms, numFiles, owner, created, expires
+        ]
+        sch2 = [
+            r"create table sf (k text, vp text)",
+            r"create index sf_k on sf(k)",
+            r"create index sh_k on sh(k)",
+            r"create index sh_t1 on sh(t1)",
+        ]
+
         assert db  # type: ignore
         assert cur  # type: ignore
         if create:
+            dver = 2
+            modified = True
+            for cmd in sch1 + sch2:
+                cur.execute(cmd)
+            self.log("root", "created new shares-db")
+        else:
+            (dver,) = cur.execute("select v from kv where k = 'sver'").fetchall()[0]
+
+        if dver == 1:
+            modified = True
+            for cmd in sch2:
+                cur.execute(cmd)
+            cur.execute("update sh set st = 0")
+            self.log("root", "shares-db schema upgrade ok")
+
+        if modified:
             for cmd in [
-                # sharekey, password, src, perms, type, owner, created, expires
-                r"create table sh (k text, pw text, vp text, pr text, st int, un text, t0 int, t1 int)",
-                r"create table kv (k text, v int)",
-                r"insert into kv values ('sver', {})".format(1),
+                r"delete from kv where k = 'sver'",
+                r"insert into kv values ('sver', %d)" % (2,),
             ]:
                 cur.execute(cmd)
             db.commit()
-            self.log("root", "created new shares-db")
 
         cur.close()
         db.close()

{copyparty-1.14.1 → copyparty-1.14.3}/copyparty/tftpd.py

@@ -400,7 +400,7 @@ class Tftpd(object):
             bos.stat(ap)
             return True
         except:
-            return False
+            return vpath == "/"
 
     def _p_isdir(self, vpath )  :
         try:
@@ -408,7 +408,7 @@ class Tftpd(object):
             ret = stat.S_ISDIR(st.st_mode)
             return ret
         except:
-            return False
+            return vpath == "/"
 
     def _hook(self, *a , **ka )  :
         src = inspect.currentframe().f_back.f_code.co_name