PyPI - copyparty - Versions diffs - 1.18.6__tar.gz → 1.18.8__tar.gz - Mend

copyparty 1.18.6tar.gz → 1.18.8tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (126) hide show

{copyparty-1.18.6 → copyparty-1.18.8}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: copyparty
-Version: 1.18.6
+Version: 1.18.8
 Summary:   Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
 Author-email: ed <copyparty@ocv.me>
 License: MIT
@@ -138,6 +138,7 @@ made in Norway 🇳🇴
         * [periodic rescan](#periodic-rescan) - filesystem monitoring
     * [upload rules](#upload-rules) - set upload rules using volflags
     * [compress uploads](#compress-uploads) - files can be autocompressed on upload
+    * [chmod and chown](#chmod-and-chown) - per-volume filesystem-permissions and ownership
     * [other flags](#other-flags)
     * [database location](#database-location) - in-volume (`.hist/up2k.db`, default) or somewhere else
     * [metadata from audio files](#metadata-from-audio-files) - set `-e2t` to index tags on upload
@@ -1707,6 +1708,26 @@ some examples,
   allows (but does not force) gz compression if client uploads to `/inc?pk` or `/inc?gz` or `/inc?gz=4`
+## chmod and chown
+per-volume filesystem-permissions and ownership
+by default:
+* all folders are chmod 755
+* files are usually chmod 644 (umask-defined)
+* user/group is whatever copyparty is running as
+this can be configured per-volume:
+* volflag `chmod_f` sets file permissions; default=`644` (usually)
+* volflag `chmod_d` sets directory permissions; default=`755`
+* volflag `uid` sets the owner user-id
+* volflag `gid` sets the owner group-id
+notes:
+* `gid` can only be set to one of the groups which the copyparty process is a member of
+* `uid` can only be set if copyparty is running as root (i appreciate your faith)
 ## other flags
 * `:c,magic` enables filetype detection for nameless uploads, same as `--magic`
@@ -2284,6 +2305,7 @@ force-enable features with known issues on your OS/env  by setting any of the fo
 | env-var                  | what it does |
 | ------------------------ | ------------ |
 | `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
+| `PRTY_FORCE_MAGIC`       | use [magic](https://pypi.org/project/python-magic/) on Windows (you will segfault) |
 # packages

{copyparty-1.18.6 → copyparty-1.18.8}/README.md RENAMED Viewed

@@ -80,6 +80,7 @@ made in Norway 🇳🇴
         * [periodic rescan](#periodic-rescan) - filesystem monitoring
     * [upload rules](#upload-rules) - set upload rules using volflags
     * [compress uploads](#compress-uploads) - files can be autocompressed on upload
+    * [chmod and chown](#chmod-and-chown) - per-volume filesystem-permissions and ownership
     * [other flags](#other-flags)
     * [database location](#database-location) - in-volume (`.hist/up2k.db`, default) or somewhere else
     * [metadata from audio files](#metadata-from-audio-files) - set `-e2t` to index tags on upload
@@ -1649,6 +1650,26 @@ some examples,
   allows (but does not force) gz compression if client uploads to `/inc?pk` or `/inc?gz` or `/inc?gz=4`
+## chmod and chown
+per-volume filesystem-permissions and ownership
+by default:
+* all folders are chmod 755
+* files are usually chmod 644 (umask-defined)
+* user/group is whatever copyparty is running as
+this can be configured per-volume:
+* volflag `chmod_f` sets file permissions; default=`644` (usually)
+* volflag `chmod_d` sets directory permissions; default=`755`
+* volflag `uid` sets the owner user-id
+* volflag `gid` sets the owner group-id
+notes:
+* `gid` can only be set to one of the groups which the copyparty process is a member of
+* `uid` can only be set if copyparty is running as root (i appreciate your faith)
 ## other flags
 * `:c,magic` enables filetype detection for nameless uploads, same as `--magic`
@@ -2226,6 +2247,7 @@ force-enable features with known issues on your OS/env  by setting any of the fo
 | env-var                  | what it does |
 | ------------------------ | ------------ |
 | `PRTY_FORCE_MP`          | force-enable multiprocessing (real multithreading) on MacOS and other broken platforms |
+| `PRTY_FORCE_MAGIC`       | use [magic](https://pypi.org/project/python-magic/) on Windows (you will segfault) |
 # packages

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/__main__.py RENAMED Viewed

@@ -53,13 +53,13 @@ from .util import (
     PYFTPD_VER,
     RAM_AVAIL,
     RAM_TOTAL,
+    RE_ANSI,
     SQLITE_VER,
     UNPLICATIONS,
     URL_BUG,
     URL_PRJ,
     Daemon,
     align_tab,
-    ansi_re,
     b64enc,
     dedent,
     has_resource,
@@ -161,7 +161,7 @@ def lprint(*a , **ka )  :
     txt  = " ".join(unicode(x) for x in a) + eol
     printed.append(txt)
     if not VT100:
-        txt = ansi_re.sub("", txt)
+        txt = RE_ANSI.sub("", txt)
     print(txt, end="", **ka)
@@ -1045,6 +1045,8 @@ def add_upload(ap):
     ap2.add_argument("--use-fpool", action="store_true", help="force file-handle pooling, even when it might be dangerous (multiprocessing, filesystems lacking sparse-files support, ...)")
     ap2.add_argument("--chmod-f", metavar="UGO", type=u, default="", help="unix file permissions to use when creating files; default is probably 644 (OS-decided), see --help-chmod. Examples: [\033[32m644\033[0m] = owner-RW + all-R, [\033[32m755\033[0m] = owner-RWX + all-RX, [\033[32m777\033[0m] = full-yolo (volflag=chmod_f)")
     ap2.add_argument("--chmod-d", metavar="UGO", type=u, default="755", help="unix file permissions to use when creating directories; see --help-chmod. Examples: [\033[32m755\033[0m] = owner-RW + all-R, [\033[32m777\033[0m] = full-yolo (volflag=chmod_d)")
+    ap2.add_argument("--uid", metavar="N", type=int, default=-1, help="unix user-id to chown new files/folders to; default = -1 = do-not-change (volflag=uid)")
+    ap2.add_argument("--gid", metavar="N", type=int, default=-1, help="unix group-id to chown new files/folders to; default = -1 = do-not-change (volflag=gid)")
     ap2.add_argument("--dedup", action="store_true", help="enable symlink-based upload deduplication (volflag=dedup)")
     ap2.add_argument("--safe-dedup", metavar="N", type=int, default=50, help="how careful to be when deduplicating files; [\033[32m1\033[0m] = just verify the filesize, [\033[32m50\033[0m] = verify file contents have not been altered (volflag=safededup)")
     ap2.add_argument("--hardlink", action="store_true", help="enable hardlink-based dedup; will fallback on symlinks when that is impossible (across filesystems) (volflag=hardlink)")
@@ -1547,7 +1549,7 @@ def add_ui(ap, retry):
     ap2.add_argument("--hsortn", metavar="N", type=int, default=2, help="number of sorting rules to include in media URLs by default (volflag=hsortn)")
     ap2.add_argument("--see-dots", action="store_true", help="default-enable seeing dotfiles; only takes effect if user has the necessary permissions")
     ap2.add_argument("--qdel", metavar="LVL", type=int, default=2, help="number of confirmations to show when deleting files (2/1/0)")
-    ap2.add_argument("--unlist", metavar="REGEX", type=u, default="", help="don't show files matching \033[33mREGEX\033[0m in file list. Purely cosmetic! Does not affect API calls, just the browser. Example: [\033[32m\\.(js|css)$\033[0m] (volflag=unlist)")
+    ap2.add_argument("--unlist", metavar="REGEX", type=u, default="", help="don't show files/folders matching \033[33mREGEX\033[0m in file list. WARNING: Purely cosmetic! Does not affect API calls, just the browser. Example: [\033[32m\\.(js|css)$\033[0m] (volflag=unlist)")
     ap2.add_argument("--favico", metavar="TXT", type=u, default="c 000 none" if retry else "🎉 000 none", help="\033[33mfavicon-text\033[0m [ \033[33mforeground\033[0m [ \033[33mbackground\033[0m ] ], set blank to disable")
     ap2.add_argument("--ext-th", metavar="E=VP", type=u, action="append", help="use thumbnail-image \033[33mVP\033[0m for file-extension \033[33mE\033[0m, example: [\033[32mexe=/.res/exe.png\033[0m] (volflag=ext_th)")
     ap2.add_argument("--mpmc", metavar="URL", type=u, default="", help="change the mediaplayer-toggle mouse cursor; URL to a folder with {2..5}.png inside (or disable with [\033[32m.\033[0m])")

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/__version__.py RENAMED Viewed

@@ -1,8 +1,8 @@
 # coding: utf-8
-VERSION = (1, 18, 6)
+VERSION = (1, 18, 8)
 CODENAME = "logtail"
-BUILD_DT = (2025, 7, 28)
+BUILD_DT = (2025, 7, 31)
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/authsrv.py RENAMED Viewed

@@ -33,6 +33,7 @@ from .util import (
     afsenc,
     get_df,
     humansize,
+    json_hesc,
     min_ex,
     odfusion,
     read_utf8,
@@ -63,6 +64,25 @@ if PY2:
 LEELOO_DALLAS = "leeloo_dallas"
+##
+## you might be curious what Leeloo Dallas is doing here, so let me explain:
+##
+## certain daemonic tasks, namely:
+##  * deletion of expired files, running on a timer
+##  * deletion of sidecar files, initiated by plugins
+## need to skip the usual permission-checks to do their thing,
+## so we let Leeloo handle these
+##
+## and also, the smb-server has really shitty support for user-accounts
+## so one popular way to avoid issues is by running copyparty without users;
+## this makes all smb-clients identify as LD to gain unrestricted access
+##
+## Leeloo, being a fictional character from The Fifth Element,
+## obviously does not exist and will never be able to access any copyparty
+## instances from the outside (the username is rejected at every entrypoint)
+##
+## thanks for coming to my ted talk
 SEE_LOG = "see log for details"
 SEESLOG = " (see serverlog for details)"
@@ -114,6 +134,8 @@ class Lim(object):
         self.reg    = None  # up2k registry
         self.chmod_d = 0o755
+        self.uid = self.gid = -1
+        self.chown = False
         self.nups   = {}  # num tracker
         self.bups    = {}  # byte tracker list
@@ -276,6 +298,8 @@ class Lim(object):
             # no branches yet; make one
             sub = os.path.join(path, "0")
             bos.mkdir(sub, self.chmod_d)
+            if self.chown:
+                os.chown(sub, self.uid, self.gid)
         else:
             # try newest branch only
             sub = os.path.join(path, str(dirs[-1]))
@@ -291,6 +315,8 @@ class Lim(object):
         # make a branch
         sub = os.path.join(path, str(dirs[-1] + 1))
         bos.mkdir(sub, self.chmod_d)
+        if self.chown:
+            os.chown(sub, self.uid, self.gid)
         ret = self.dive(sub, lvs - 1)
         if ret is None:
             raise Pebkac(500, "rotation bug")
@@ -2153,7 +2179,7 @@ class AuthSrv(object):
                 if vf not in vol.flags:
                     vol.flags[vf] = getattr(self.args, ga)
-            zs = "forget_ip nrand tail_who u2abort u2ow ups_who zip_who"
+            zs = "forget_ip gid nrand tail_who u2abort u2ow uid ups_who zip_who"
             for k in zs.split():
                 if k in vol.flags:
                     vol.flags[k] = int(vol.flags[k])
@@ -2190,8 +2216,17 @@ class AuthSrv(object):
                 if (is_d and zi != 0o755) or not is_d:
                     free_umask = True
+            vol.flags.pop("chown", None)
+            if vol.flags["uid"] != -1 or vol.flags["gid"] != -1:
+                vol.flags["chown"] = True
+            vol.flags.pop("fperms", None)
+            if "chown" in vol.flags or vol.flags.get("chmod_f"):
+                vol.flags["fperms"] = True
             if vol.lim:
                 vol.lim.chmod_d = vol.flags["chmod_d"]
+                vol.lim.chown = "chown" in vol.flags
+                vol.lim.uid = vol.flags["uid"]
+                vol.lim.gid = vol.flags["gid"]
             if vol.flags.get("og"):
                 self.args.uqe = True
@@ -2742,7 +2777,7 @@ class AuthSrv(object):
                 "lifetime": vn.js_ls["lifetime"],
                 "u2sort": self.args.u2sort,
             }
-            vn.js_htm = json.dumps(js_htm)
+            vn.js_htm = json_hesc(json.dumps(js_htm))
         vols = list(vfs.all_nodes.values())
         if enshare:

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/bos/bos.py RENAMED Viewed

@@ -6,8 +6,11 @@ import os
 from ..util import SYMTIME, fsdec, fsenc
 from . import path as path
-_ = (path,)
-__all__ = ["path"]
+MKD_755 = {"chmod_d": 0o755}
+MKD_700 = {"chmod_d": 0o700}
+_ = (path, MKD_755, MKD_700)
+__all__ = ["path", "MKD_755", "MKD_700"]
 # grep -hRiE '(^|[^a-zA-Z_\.-])os\.' . | gsed -r 's/ /\n/g;s/\(/(\n/g' | grep -hRiE '(^|[^a-zA-Z_\.-])os\.' | sort | uniq -c
 # printf 'os\.(%s)' "$(grep ^def bos/__init__.py | gsed -r 's/^def //;s/\(.*//' | tr '\n' '|' | gsed -r 's/.$//')"
@@ -17,11 +20,15 @@ def chmod(p , mode )  :
     return os.chmod(fsenc(p), mode)
+def chown(p , uid , gid )  :
+    return os.chown(fsenc(p), uid, gid)
 def listdir(p  = ".")  :
     return [fsdec(x) for x in os.listdir(fsenc(p))]
-def makedirs(name , mode  = 0o755, exist_ok  = True)  :
+def makedirs(name , vf   = MKD_755, exist_ok  = True)  :
     # os.makedirs does 777 for all but leaf; this does mode on all
     todo = []
     bname = fsenc(name)
@@ -34,9 +41,13 @@ def makedirs(name , mode  = 0o755, exist_ok  = True)  :
         if not exist_ok:
             os.mkdir(bname)  # to throw
         return False
+    mode = vf["chmod_d"]
+    chown = "chown" in vf
     for zb in todo[::-1]:
         try:
             os.mkdir(zb, mode)
+            if chown:
+                os.chown(zb, vf["uid"], vf["gid"])
         except:
             if os.path.isdir(zb):
                 continue

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/cfg.py RENAMED Viewed

@@ -114,6 +114,8 @@ def vf_vmap()   :
         "unlist",
         "u2abort",
         "u2ts",
+        "uid",
+        "gid",
         "ups_who",
         "zip_who",
         "zipmaxn",
@@ -175,6 +177,8 @@ flagcats = {
         "nodupe": "rejects existing files (instead of linking/cloning them)",
         "chmod_d=755": "unix-permission for new dirs/folders",
         "chmod_f=644": "unix-permission for new files",
+        "uid=573": "change owner of new files/folders to unix-user 573",
+        "gid=999": "change owner of new files/folders to unix-group 999",
         "sparse": "force use of sparse files, mainly for s3-backed storage",
         "nosparse": "deny use of sparse files, mainly for slow storage",
         "daw": "enable full WebDAV write support (dangerous);\nPUT-operations will now \033[1;31mOVERWRITE\033[0;35m existing files",

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/ftpd.py RENAMED Viewed

@@ -31,6 +31,7 @@ from .util import (
     relchk,
     runhook,
     sanitize_fn,
+    set_fperms,
     vjoin,
     wunlink,
 )
@@ -258,8 +259,8 @@ class FtpFs(AbstractedFS):
             wunlink(self.log, ap, VF_CAREFUL)
         ret = open(fsenc(ap), mode, self.args.iobuf)
-        if w and "chmod_f" in vfs.flags:
-            os.fchmod(ret.fileno(), vfs.flags["chmod_f"])
+        if w and "fperms" in vfs.flags:
+            set_fperms(ret, vfs.flags)
         return ret
@@ -293,8 +294,7 @@ class FtpFs(AbstractedFS):
     def mkdir(self, path )  :
         ap, vfs, _ = self.rv2a(path, w=True)
-        chmod = vfs.flags["chmod_d"]
-        bos.makedirs(ap, chmod)  # filezilla expects this
+        bos.makedirs(ap, vf=vfs.flags)  # filezilla expects this
     def listdir(self, path )  :
         vpath = join(self.cwd, path)

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/httpcli.py RENAMED Viewed

@@ -33,7 +33,7 @@ except:
 from .__init__ import ANYWIN, PY2, RES, TYPE_CHECKING, EnvParams, unicode
 from .__version__ import S_VERSION
-from .authsrv import VFS  # typechk
+from .authsrv import LEELOO_DALLAS, VFS  # typechk
 from .bos import bos
 from .star import StreamTar
 from .stolen.qrcodegen import QrCode, qr2svg
@@ -79,8 +79,10 @@ from .util import (
     hidedir,
     html_bescape,
     html_escape,
+    html_sh_esc,
     humansize,
     ipnorm,
+    json_hesc,
     justcopy,
     load_resource,
     loadpy,
@@ -103,6 +105,7 @@ from .util import (
     sanitize_vpath,
     sendfile_kern,
     sendfile_py,
+    set_fperms,
     stat_resource,
     ub64dec,
     ub64enc,
@@ -617,6 +620,9 @@ class HttpCli(object):
                 ) or self.args.idp_h_key in self.headers
                 if trusted_key and trusted_xff:
+                    if idp_usr.lower() == LEELOO_DALLAS:
+                        self.loud_reply("send her back", status=403)
+                        return False
                     self.asrv.idp_checkin(self.conn.hsrv.broker, idp_usr, idp_grp)
                 else:
                     if not trusted_key:
@@ -1105,15 +1111,18 @@ class HttpCli(object):
             else:
                 return True
+        host = self.host.lower()
+        if host.startswith("["):
+            if "]:" in host:
+                host = host.split("]:")[0] + "]"
+        else:
+            host = host.split(":")[0]
         oh = self.out_headers
         origin = origin.lower()
-        good_origins = self.args.acao + [
-            "%s://%s"
-            % (
-                "https" if self.is_https else "http",
-                self.host.lower().split(":")[0],
-            )
-        ]
+        proto = "https" if self.is_https else "http"
+        good_origins = self.args.acao + ["%s://%s" % (proto, host)]
         if "pw" in ih or re.sub(r"(:[0-9]{1,5})?/?$", "", origin) in good_origins:
             good_origin = True
             bad_hdrs = ("",)
@@ -1570,6 +1579,18 @@ class HttpCli(object):
             self.log("inaccessible: %r" % ("/" + self.vpath,))
             raise Pebkac(401, "authenticate")
+        if "quota-available-bytes" in props and not self.args.nid:
+            bfree, btot, _ = get_df(vn.realpath, False)
+            if btot:
+                df = {
+                    "quota-available-bytes": str(bfree),
+                    "quota-used-bytes": str(btot - bfree),
+                }
+            else:
+                df = {}
+        else:
+            df = {}
         fgen = itertools.chain([topdir], fgen)
         vtop = vjoin(self.args.R, vjoin(vn.vpath, rem))
@@ -1612,6 +1633,9 @@ class HttpCli(object):
                     ap = os.path.join(tap, x["vp"])
                 pvs["getcontenttype"] = html_escape(guess_mime(rp, ap))
                 pvs["getcontentlength"] = str(st.st_size)
+            elif df:
+                pvs.update(df)
+                df = {}
             for k, v in pvs.items():
                 if k not in props:
@@ -2060,7 +2084,7 @@ class HttpCli(object):
             fdir, fn = os.path.split(fdir)
             rem, _ = vsplit(rem)
-        bos.makedirs(fdir, vfs.flags["chmod_d"])
+        bos.makedirs(fdir, vf=vfs.flags)
         open_ka   = {"fun": open}
         open_a = ["wb", self.args.iobuf]
@@ -2117,9 +2141,7 @@ class HttpCli(object):
         if nameless:
             fn = vfs.flags["put_name2"].format(now=time.time(), cip=self.dip())
-        params = {"suffix": suffix, "fdir": fdir}
-        if "chmod_f" in vfs.flags:
-            params["chmod"] = vfs.flags["chmod_f"]
+        params = {"suffix": suffix, "fdir": fdir, "vf": vfs.flags}
         if self.args.nw:
             params = {}
             fn = os.devnull
@@ -2167,7 +2189,7 @@ class HttpCli(object):
                     if self.args.nw:
                         fn = os.devnull
                     else:
-                        bos.makedirs(fdir, vfs.flags["chmod_d"])
+                        bos.makedirs(fdir, vf=vfs.flags)
                         path = os.path.join(fdir, fn)
                         if not nameless:
                             self.vpath = vjoin(self.vpath, fn)
@@ -2299,7 +2321,7 @@ class HttpCli(object):
                     if self.args.hook_v:
                         log_reloc(self.log, hr["reloc"], x, path, vp, fn, vfs, rem)
                     fdir, self.vpath, fn, (vfs, rem) = x
-                    bos.makedirs(fdir, vfs.flags["chmod_d"])
+                    bos.makedirs(fdir, vf=vfs.flags)
                     path2 = os.path.join(fdir, fn)
                     atomic_move(self.log, path, path2, vfs.flags)
                     path = path2
@@ -2584,7 +2606,7 @@ class HttpCli(object):
             dst = vfs.canonical(rem)
             try:
                 if not bos.path.isdir(dst):
-                    bos.makedirs(dst, vfs.flags["chmod_d"])
+                    bos.makedirs(dst, vf=vfs.flags)
             except OSError as ex:
                 self.log("makedirs failed %r" % (dst,))
                 if not bos.path.isdir(dst):
@@ -3027,7 +3049,7 @@ class HttpCli(object):
                 raise Pebkac(405, 'folder "/%s" already exists' % (vpath,))
             try:
-                bos.makedirs(fn, vfs.flags["chmod_d"])
+                bos.makedirs(fn, vf=vfs.flags)
             except OSError as ex:
                 if ex.errno == errno.EACCES:
                     raise Pebkac(500, "the server OS denied write-access")
@@ -3068,8 +3090,8 @@ class HttpCli(object):
             with open(fsenc(fn), "wb") as f:
                 f.write(b"`GRUNNUR`\n")
-                if "chmod_f" in vfs.flags:
-                    os.fchmod(f.fileno(), vfs.flags["chmod_f"])
+                if "fperms" in vfs.flags:
+                    set_fperms(f, vfs.flags)
         vpath = "{}/{}".format(self.vpath, sanitized).lstrip("/")
         self.redirect(vpath, "?edit")
@@ -3143,7 +3165,7 @@ class HttpCli(object):
             )
             upload_vpath = "{}/{}".format(vfs.vpath, rem).strip("/")
             if not nullwrite:
-                bos.makedirs(fdir_base, vfs.flags["chmod_d"])
+                bos.makedirs(fdir_base, vf=vfs.flags)
         rnd, lifetime, xbu, xau = self.upload_flags(vfs)
         zs = self.uparam.get("want") or self.headers.get("accept") or ""
@@ -3176,7 +3198,7 @@ class HttpCli(object):
                     if rnd:
                         fname = rand_name(fdir, fname, rnd)
-                    open_args = {"fdir": fdir, "suffix": suffix}
+                    open_args = {"fdir": fdir, "suffix": suffix, "vf": vfs.flags}
                     if "replace" in self.uparam:
                         if not self.can_delete:
@@ -3238,11 +3260,8 @@ class HttpCli(object):
                             else:
                                 open_args["fdir"] = fdir
-                if "chmod_f" in vfs.flags:
-                    open_args["chmod"] = vfs.flags["chmod_f"]
                 if p_file and not nullwrite:
-                    bos.makedirs(fdir, vfs.flags["chmod_d"])
+                    bos.makedirs(fdir, vf=vfs.flags)
                     # reserve destination filename
                     f, fname = ren_open(fname, "wb", fdir=fdir, suffix=suffix)
@@ -3346,7 +3365,7 @@ class HttpCli(object):
                                 if nullwrite:
                                     fdir = ap2 = ""
                                 else:
-                                    bos.makedirs(fdir, vfs.flags["chmod_d"])
+                                    bos.makedirs(fdir, vf=vfs.flags)
                                     atomic_move(self.log, abspath, ap2, vfs.flags)
                                 abspath = ap2
                         sz = bos.path.getsize(abspath)
@@ -3467,8 +3486,8 @@ class HttpCli(object):
                     ft = "{}:{}".format(self.ip, self.addr[1])
                     ft = "{}\n{}\n{}\n".format(ft, msg.rstrip(), errmsg)
                     f.write(ft.encode("utf-8"))
-                    if "chmod_f" in vfs.flags:
-                        os.fchmod(f.fileno(), vfs.flags["chmod_f"])
+                    if "fperms" in vfs.flags:
+                        set_fperms(f, vfs.flags)
             except Exception as ex:
                 suf = "\nfailed to write the upload report: {}".format(ex)
@@ -3518,7 +3537,7 @@ class HttpCli(object):
         lim = vfs.get_dbv(rem)[0].lim
         if lim:
             fp, rp = lim.all(self.ip, rp, clen, vfs.realpath, fp, self.conn.hsrv.broker)
-            bos.makedirs(fp, vfs.flags["chmod_d"])
+            bos.makedirs(fp, vf=vfs.flags)
         fp = os.path.join(fp, fn)
         rem = "{}/{}".format(rp, fn).strip("/")
@@ -3586,15 +3605,17 @@ class HttpCli(object):
                 zs = ub64enc(zb).decode("ascii")[:24].lower()
                 dp = "%s/md/%s/%s/%s" % (dbv.histpath, zs[:2], zs[2:4], zs)
                 self.log("moving old version to %s/%s" % (dp, mfile2))
-                if bos.makedirs(dp, vfs.flags["chmod_d"]):
+                if bos.makedirs(dp, vf=vfs.flags):
                     with open(os.path.join(dp, "dir.txt"), "wb") as f:
                         f.write(afsenc(vrd))
-                        if "chmod_f" in vfs.flags:
-                            os.fchmod(f.fileno(), vfs.flags["chmod_f"])
+                        if "fperms" in vfs.flags:
+                            set_fperms(f, vfs.flags)
             elif hist_cfg == "s":
                 dp = os.path.join(mdir, ".hist")
                 try:
                     bos.mkdir(dp, vfs.flags["chmod_d"])
+                    if "chown" in vfs.flags:
+                        bos.chown(dp, vfs.flags["uid"], vfs.flags["gid"])
                     hidedir(dp)
                 except:
                     pass
@@ -3632,8 +3653,8 @@ class HttpCli(object):
             wunlink(self.log, fp, vfs.flags)
         with open(fsenc(fp), "wb", self.args.iobuf) as f:
-            if "chmod_f" in vfs.flags:
-                os.fchmod(f.fileno(), vfs.flags["chmod_f"])
+            if "fperms" in vfs.flags:
+                set_fperms(f, vfs.flags)
             sz, sha512, _ = hashcopy(p_data, f, None, 0, self.args.s_wr_slp)
         if lim:
@@ -4870,11 +4891,8 @@ class HttpCli(object):
         else:
             rip = host
-        # safer than html_escape/quotep since this avoids both XSS and shell-stuff
-        pw = re.sub(r"[<>&$?`\"']", "_", self.pw or "hunter2")
-        vp = re.sub(r"[<>&$?`\"']", "_", self.uparam["hc"] or "").lstrip("/")
-        pw = pw.replace(" ", "%20")
-        vp = vp.replace(" ", "%20")
+        vp = (self.uparam["hc"] or "").lstrip("/")
+        pw = self.pw or "hunter2"
         if pw in self.asrv.sesa:
             pw = "hunter2"
@@ -4883,14 +4901,14 @@ class HttpCli(object):
             args=self.args,
             accs=bool(self.asrv.acct),
             s="s" if self.is_https else "",
-            rip=rip,
-            ep=ep,
-            vp=vp,
-            rvp=vjoin(self.args.R, vp),
-            host=host,
-            hport=hport,
+            rip=html_sh_esc(rip),
+            ep=html_sh_esc(ep),
+            vp=html_sh_esc(vp),
+            rvp=html_sh_esc(vjoin(self.args.R, vp)),
+            host=html_sh_esc(host),
+            hport=html_sh_esc(hport),
             aname=aname,
-            pw=pw,
+            pw=html_sh_esc(pw),
         )
         self.reply(html.encode("utf-8"))
         return True
@@ -5552,7 +5570,7 @@ class HttpCli(object):
             self.reply(jtxt.encode("utf-8", "replace"), mime="application/json")
             return True
-        html = self.j2s("rups", this=self, v=jtxt)
+        html = self.j2s("rups", this=self, v=json_hesc(jtxt))
         self.reply(html.encode("utf-8"), status=200)
         return True
@@ -5616,15 +5634,15 @@ class HttpCli(object):
                 raise Pebkac(500, "sqlite3 not found on server; sharing is disabled")
             raise Pebkac(500, "server busy, cannot create share; please retry in a bit")
+        skey = self.uparam.get("skey") or self.vpath.split("/")[-1]
         if self.args.shr_v:
-            self.log("handle_eshare: " + self.req)
+            self.log("handle_eshare: " + skey)
         cur = idx.get_shr()
         if not cur:
             raise Pebkac(400, "huh, sharing must be disabled in the server config...")
-        skey = self.vpath.split("/")[-1]
         rows = cur.execute("select un, t1 from sh where k = ?", (skey,)).fetchall()
         un = rows[0][0] if rows and rows[0] else ""
@@ -6133,13 +6151,13 @@ class HttpCli(object):
             self.log("#wow #whoa")
         if not self.args.nid:
-            free, total, _ = get_df(abspath, False)
-            if total is not None:
+            free, total, zs = get_df(abspath, False)
+            if total:
                 h1 = humansize(free or 0)
                 h2 = humansize(total)
                 srv_info.append("{} free of {}".format(h1, h2))
-            elif free is not None:
-                srv_info.append(humansize(free, True) + " free")
+            elif zs:
+                self.log("diskfree(%r): %s" % (abspath, zs), 3)
         srv_infot = "</span> // <span>".join(srv_info)

{copyparty-1.18.6 → copyparty-1.18.8}/copyparty/smbd.py RENAMED Viewed

@@ -317,7 +317,7 @@ class SMB(object):
         self.hub.up2k.handle_mv(uname, "1.7.6.2", vp1, vp2)
         try:
-            bos.makedirs(ap2, vfs2.flags["chmod_d"])
+            bos.makedirs(ap2, vf=vfs2.flags)
         except:
             pass

copyparty 1.18.6__tar.gz → 1.18.8__tar.gz

copyparty 1.18.6tar.gz → 1.18.8tar.gz