copyparty 1.19.15__py3-none-any.whl → 1.19.17__py3-none-any.whl

copyparty/__init__.py

@@ -97,6 +97,25 @@ web/splash.html
 web/splash.js
 web/svcs.html
 web/svcs.js
+web/tl/chi.js
+web/tl/cze.js
+web/tl/deu.js
+web/tl/epo.js
+web/tl/fin.js
+web/tl/fra.js
+web/tl/grc.js
+web/tl/ita.js
+web/tl/kor.js
+web/tl/nld.js
+web/tl/nno.js
+web/tl/nor.js
+web/tl/pol.js
+web/tl/por.js
+web/tl/rus.js
+web/tl/spa.js
+web/tl/swe.js
+web/tl/tur.js
+web/tl/ukr.js
 web/ui.css
 web/up2k.js
 web/util.js

copyparty/__main__.py

@@ -641,8 +641,11 @@ def get_sects():
             if no accounts or volumes are configured,
             current folder will be read/write for everyone
 
-            the group @acct will always have every user with an account
-            (the name of that group can be changed with --grp-all)
+            the group \033[33m@acct\033[0m will always have every user with an account
+            (the name of that group can be changed with \033[32m--grp-all\033[0m)
+
+            to hide a volume from authenticated users, specify \033[33m*,-@acct\033[0m
+            to subtract \033[33m@acct\033[0m from \033[33m*\033[0m (can subtract users from groups too)
 
             consider the config file for more flexible account/volume management,
             including dynamic reload at runtime (and being more readable w)
@@ -664,12 +667,12 @@ def get_sects():
 
             send the password in the '\033[36mPW\033[0m' http-header:
               \033[36mPW: \033[35mhunter2\033[0m
-            or if you have \033[33m--accounts\033[0m enabled,
+            or if you have \033[33m--usernames\033[0m enabled,
               \033[36mPW: \033[35med:hunter2\033[0m
 
             send the password in the URL itself:
               \033[36mhttp://127.0.0.1:3923/\033[35m?pw=hunter2\033[0m
-            or if you have \033[33m--accounts\033[0m enabled,
+            or if you have \033[33m--usernames\033[0m enabled,
               \033[36mhttp://127.0.0.1:3923/\033[35m?pw=ed:hunter2\033[0m
 
             use basic-authentication:
@@ -805,9 +808,11 @@ def get_sects():
              \033[36mf\033[35m forks the process, doesn't wait for completion
              \033[36mc\033[35m checks return code, blocks the action if non-zero
              \033[36mj\033[35m provides json with info as 1st arg instead of filepath
+             \033[36ms\033[35m provides input data on stdin (instead of 1st arg)
              \033[36mwN\033[35m waits N sec after command has been started before continuing
              \033[36mtN\033[35m sets an N sec timeout before the command is abandoned
              \033[36miN\033[35m xiu only: volume must be idle for N sec (default = 5)
+             \033[36mI\033[35m import and run as module, not as subprocess
 
              \033[36mar\033[35m only run hook if user has read-access
              \033[36marw\033[35m only run hook if user has read-write-access
@@ -837,6 +842,9 @@ def get_sects():
               the \033[33m--\033[35m stops notify-send from reading the message as args
               and the alert will be "hey" followed by the messagetext
 
+             \033[36m--xm s,,tee,-a,log.txt\033[35m appends each msg to log.txt;
+             \033[36m--xm s,j,,tee,-a,log.txt\033[35m writes it as json instead
+
              \033[36m--xau zmq:pub:tcp://*:5556\033[35m announces uploads on zeromq;
              \033[36m--xau t3,zmq:push:tcp://*:5557\033[35m also works, and you can
              \033[36m--xau t3,j,zmq:req:tcp://localhost:5555\033[35m too for example
@@ -846,7 +854,8 @@ def get_sects():
             as soon as the volume has been idle for iN seconds (5 by default)
 
             \033[36mxiu\033[0m is also unique in that it will pass the metadata to the
-            executed program on STDIN instead of as argv arguments, and
+            executed program on STDIN instead of as argv arguments (so
+            just like the \033[36ms\033[0m option does for the other hook types), and
             it also includes the wark (file-id/hash) as a json property
 
             \033[36mxban\033[0m can be used to overrule / cancel a user ban event;
@@ -857,6 +866,12 @@ def get_sects():
             on new uploads, but with certain limitations. See
             bin/hooks/reloc* and docs/devnotes.md#hook-effects
 
+            the \033[36mI\033[0m option will override most other options, because
+            it entirely hands over control to the hook, which is
+            then able to tamper with copyparty's internal memory
+            and wreck havoc if it wants to -- but this is worh it
+            because it makes the hook 140x faster
+
             except for \033[36mxm\033[0m, only one hook / one action can run at a time,
             so it's recommended to use the \033[36mf\033[0m flag unless you really need
             to wait for the hook to finish before continuing (without \033[36mf\033[0m
@@ -1147,11 +1162,14 @@ def add_general(ap, nc, srvname):
     ap2.add_argument("--urlform", metavar="MODE", type=u, default="print,xm", help="how to handle url-form POSTs; see \033[33m--help-urlform\033[0m")
     ap2.add_argument("--wintitle", metavar="TXT", type=u, default="cpp @ $pub", help="server terminal title, for example [\033[32m$ip-10.1.2.\033[0m] or [\033[32m$ip-]")
     ap2.add_argument("--name", metavar="TXT", type=u, default=srvname, help="server name (displayed topleft in browser and in mDNS)")
+    ap2.add_argument("--name-url", metavar="TXT", type=u, help="URL for server name hyperlink (displayed topleft in browser)")
+    ap2.add_argument("--name-html", type=u, help=argparse.SUPPRESS)
     ap2.add_argument("--mime", metavar="EXT=MIME", type=u, action="append", help="\033[34mREPEATABLE:\033[0m map file \033[33mEXT\033[0mension to \033[33mMIME\033[0mtype, for example [\033[32mjpg=image/jpeg\033[0m]")
     ap2.add_argument("--mimes", action="store_true", help="list default mimetype mapping and exit")
     ap2.add_argument("--rmagic", action="store_true", help="do expensive analysis to improve accuracy of returned mimetypes; will make file-downloads, rss, and webdav slower (volflag=rmagic)")
     ap2.add_argument("--license", action="store_true", help="show licenses and exit")
     ap2.add_argument("--version", action="store_true", help="show versions and exit")
+    ap2.add_argument("--versionb", action="store_true", help="show version and exit")
 
 
 def add_qr(ap, tty):
@@ -1219,6 +1237,7 @@ def add_upload(ap):
     ap2.add_argument("--hardlink-only", action="store_true", help="do not fallback to symlinks when a hardlink cannot be made (volflag=hardlinkonly)")
     ap2.add_argument("--reflink", action="store_true", help="enable reflink-based dedup; will fallback on full copies when that is impossible (non-CoW filesystem) (volflag=reflink)")
     ap2.add_argument("--no-dupe", action="store_true", help="reject duplicate files during upload; only matches within the same volume (volflag=nodupe)")
+    ap2.add_argument("--no-dupe-m", action="store_true", help="also reject dupes when moving a file into another volume (volflag=nodupem)")
     ap2.add_argument("--no-clone", action="store_true", help="do not use existing data on disk to satisfy dupe uploads; reduces server HDD reads in exchange for much more network load (volflag=noclone)")
     ap2.add_argument("--no-snap", action="store_true", help="disable snapshots -- forget unfinished uploads on shutdown; don't create .hist/up2k.snap files -- abandoned/interrupted uploads must be cleaned up manually")
     ap2.add_argument("--snap-wri", metavar="SEC", type=int, default=300, help="write upload state to ./hist/up2k.snap every \033[33mSEC\033[0m seconds; allows resuming incomplete uploads after a server crash")
@@ -1506,6 +1525,7 @@ def add_optouts(ap):
     ap2.add_argument("--no-pipe", action="store_true", help="disable race-the-beam (lockstep download of files which are currently being uploaded) (volflag=nopipe)")
     ap2.add_argument("--no-tail", action="store_true", help="disable streaming a growing files with ?tail (volflag=notail)")
     ap2.add_argument("--no-db-ip", action="store_true", help="do not write uploader-IP into the database; will also disable unpost, you may want \033[32m--forget-ip\033[0m instead (volflag=no_db_ip)")
+    ap2.add_argument("--no-zls", action="store_true", help="disable browsing the contents of zip/cbz files, does not affect thumbnails")
 
 
 def add_safety(ap):
@@ -1524,6 +1544,7 @@ def add_safety(ap):
     ap2.add_argument("--force-js", action="store_true", help="don't send folder listings as HTML, force clients to use the embedded json instead -- slight protection against misbehaving search engines which ignore \033[33m--no-robots\033[0m")
     ap2.add_argument("--no-robots", action="store_true", help="adds http and html headers asking search engines to not index anything (volflag=norobots)")
     ap2.add_argument("--logout", metavar="H", type=float, default=8086.0, help="logout clients after \033[33mH\033[0m hours of inactivity; [\033[32m0.0028\033[0m]=10sec, [\033[32m0.1\033[0m]=6min, [\033[32m24\033[0m]=day, [\033[32m168\033[0m]=week, [\033[32m720\033[0m]=month, [\033[32m8760\033[0m]=year)")
+    ap2.add_argument("--dont-ban", metavar="TXT", type=u, default="no", help="anyone at this accesslevel or above will not get banned: [\033[32mav\033[0m]=admin-in-volume, [\033[32maa\033[0m]=has-admin-anywhere, [\033[32mrw\033[0m]=read-write, [\033[32mauth\033[0m]=authenticated, [\033[32many\033[0m]=disable-all-bans, [\033[32mno\033[0m]=anyone-can-get-banned")
     ap2.add_argument("--ban-pw", metavar="N,W,B", type=u, default="9,60,1440", help="more than \033[33mN\033[0m wrong passwords in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
     ap2.add_argument("--ban-pwc", metavar="N,W,B", type=u, default="5,60,1440", help="more than \033[33mN\033[0m password-changes in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; disable with [\033[32mno\033[0m]")
     ap2.add_argument("--ban-404", metavar="N,W,B", type=u, default="50,60,1440", help="hitting more than \033[33mN\033[0m 404's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; only affects users who cannot see directory listings because their access is either g/G/h")
@@ -1531,7 +1552,7 @@ def add_safety(ap):
     ap2.add_argument("--ban-422", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m 422's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes (invalid requests, attempted exploits ++)")
     ap2.add_argument("--ban-url", metavar="N,W,B", type=u, default="9,2,1440", help="hitting more than \033[33mN\033[0m sus URL's in \033[33mW\033[0m minutes = ban for \033[33mB\033[0m minutes; applies only to permissions g/G/h (decent replacement for \033[33m--ban-404\033[0m if that can't be used)")
     ap2.add_argument("--sus-urls", metavar="R", type=u, default=r"\.php$|(^|/)wp-(admin|content|includes)/", help="URLs which are considered sus / eligible for banning; disable with blank or [\033[32mno\033[0m]")
-    ap2.add_argument("--nonsus-urls", metavar="R", type=u, default=r"^(favicon\.ico|robots\.txt)$|^apple-touch-icon|^\.well-known", help="harmless URLs ignored from 404-bans; disable with blank or [\033[32mno\033[0m]")
+    ap2.add_argument("--nonsus-urls", metavar="R", type=u, default=r"^(favicon\..{3}|robots\.txt)$|^apple-touch-icon|^\.well-known", help="harmless URLs ignored from 403/404-bans; disable with blank or [\033[32mno\033[0m]")
     ap2.add_argument("--early-ban", action="store_true", help="if a client is banned, reject its connection as soon as possible; not a good idea to enable when proxied behind cloudflare since it could ban your reverse-proxy")
     ap2.add_argument("--cookie-nmax", metavar="N", type=int, default=50, help="reject HTTP-request from client if they send more than N cookies")
     ap2.add_argument("--cookie-cmax", metavar="N", type=int, default=8192, help="reject HTTP-request from client if more than N characters in Cookie header")
@@ -1588,12 +1609,14 @@ def add_admin(ap):
     ap2 = ap.add_argument_group("admin panel options")
     ap2.add_argument("--no-reload", action="store_true", help="disable ?reload=cfg (reload users/volumes/volflags from config file)")
     ap2.add_argument("--no-rescan", action="store_true", help="disable ?scan (volume reindexing)")
-    ap2.add_argument("--no-stack", action="store_true", help="disable ?stack (list all stacks)")
+    ap2.add_argument("--no-stack", action="store_true", help="disable ?stack (list all stacks); same as --stack-who=no")
     ap2.add_argument("--no-ups-page", action="store_true", help="disable ?ru (list of recent uploads)")
     ap2.add_argument("--no-up-list", action="store_true", help="don't show list of incoming files in controlpanel")
     ap2.add_argument("--dl-list", metavar="LVL", type=int, default=2, help="who can see active downloads in the controlpanel? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=everyone")
     ap2.add_argument("--ups-who", metavar="LVL", type=int, default=2, help="who can see recent uploads on the ?ru page? [\033[32m0\033[0m]=nobody, [\033[32m1\033[0m]=admins, [\033[32m2\033[0m]=everyone (volflag=ups_who)")
     ap2.add_argument("--ups-when", action="store_true", help="let everyone see upload timestamps on the ?ru page, not just admins")
+    ap2.add_argument("--stack-who", metavar="LVL", type=u, default="a", help="who can see the ?stack page (list of threads)? [\033[32mno\033[0m]=nobody, [\033[32ma\033[0m]=admins, [\033[32mrw\033[0m]=read+write, [\033[32mall\033[0m]=everyone")
+    ap2.add_argument("--stack-v", action="store_true", help="verbose ?stack")
 
 
 def add_thumbnail(ap):
@@ -1791,6 +1814,15 @@ def add_ui(ap, retry ):
     ap2.add_argument("--lg-sba", metavar="TXT", type=u, default="", help="the value of the iframe 'allow' attribute for prologue/epilogue docs (volflag=lg_sba); see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy#iframes")
     ap2.add_argument("--no-sb-md", action="store_true", help="don't sandbox README/PREADME.md documents (volflags: no_sb_md | sb_md)")
     ap2.add_argument("--no-sb-lg", action="store_true", help="don't sandbox prologue/epilogue docs (volflags: no_sb_lg | sb_lg); enables non-js support")
+    ap2.add_argument("--ui-nombar", action="store_true", help="hide top-menu in the UI (volflag=ui_nombar)")
+    ap2.add_argument("--ui-noacci", action="store_true", help="hide account-info in the UI (volflag=ui_noacci)")
+    ap2.add_argument("--ui-nosrvi", action="store_true", help="hide server-info in the UI (volflag=ui_nosrvi)")
+    ap2.add_argument("--ui-nonav", action="store_true", help="hide navpane+breadcrumbs (volflag=ui_nonav)")
+    ap2.add_argument("--ui-notree", action="store_true", help="hide navpane in the UI (volflag=ui_nonav)")
+    ap2.add_argument("--ui-nocpla", action="store_true", help="hide cpanel-link in the UI (volflag=ui_nocpla)")
+    ap2.add_argument("--ui-nolbar", action="store_true", help="hide link-bar in the UI (volflag=ui_nolbar)")
+    ap2.add_argument("--ui-noctxb", action="store_true", help="hide context-buttons in the UI (volflag=ui_noctxb)")
+    ap2.add_argument("--ui-norepl", action="store_true", help="hide repl-button in the UI (volflag=ui_norepl)")
     ap2.add_argument("--have-unlistc", action="store_true", help=argparse.SUPPRESS)
 
 
@@ -1918,15 +1950,19 @@ def run_argparse(
 
 
 def main(argv  = None)  :
+    if argv is None:
+        argv = sys.argv
+
+    if "--versionb" in argv:
+        print(S_VERSION)
+        sys.exit(0)
+
     time.strptime("19970815", "%Y%m%d")  # python#7980
     if WINDOWS:
         os.system("rem")  # enables colors
 
     init_E(E)
 
-    if argv is None:
-        argv = sys.argv
-
     f = '\033[36mcopyparty v{} "\033[35m{}\033[36m" ({})\n{}\033[0;36m\n   sqlite {} | jinja {} | pyftpd {} | tftp {}\n\033[0m'
     f = f.format(
         S_VERSION,
@@ -2053,7 +2089,7 @@ def main(argv  = None)  :
 
     # propagate implications
     for k1, k2 in IMPLICATIONS:
-        if getattr(al, k1):
+        if getattr(al, k1, None):
             setattr(al, k2, True)
 
     # propagate unplications

copyparty/__version__.py

@@ -1,8 +1,8 @@
 # coding: utf-8
 
-VERSION = (1, 19, 15)
+VERSION = (1, 19, 17)
 CODENAME = "usernames"
-BUILD_DT = (2025, 9, 29)
+BUILD_DT = (2025, 10, 17)
 
 S_VERSION = ".".join(map(str, VERSION))
 S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT)

copyparty/authsrv.py

@@ -1961,9 +1961,18 @@ class AuthSrv(object):
             axs_key = "u" + perm
             for vp, vol in vfs.all_vols.items():
                 zx = getattr(vol.axs, axs_key)
-                if "*" in zx:
+                if "*" in zx and "-@acct" not in zx:
                     for usr in unames:
                         zx.add(usr)
+                for zs in list(zx):
+                    if zs.startswith("-"):
+                        zx.discard(zs)
+                        zs = zs[1:]
+                        zx.discard(zs)
+                        if zs.startswith("@"):
+                            zs = zs[1:]
+                            for zs in grps.get(zs) or []:
+                                zx.discard(zs)
 
             # aread,... = dict[uname, list[volnames] or []]
             umap   = {x: [] for x in unames}
@@ -2503,13 +2512,17 @@ class AuthSrv(object):
 
             ico_url = vol.flags.get("ufavico")
             if ico_url:
+                ico_h = ""
                 ico_ext = ico_url.split("?")[0].split(".")[-1].lower()
                 if ico_ext in FAVICON_MIMES:
                     zs = '<link rel="icon" type="%s" href="%s">\n'
-                    head_s += zs % (FAVICON_MIMES[ico_ext], ico_url)
+                    ico_h = zs % (FAVICON_MIMES[ico_ext], ico_url)
                 elif ico_ext == "ico":
                     zs = '<link rel="shortcut icon" href="%s">\n'
-                    head_s += zs % (ico_url,)
+                    ico_h = zs % (ico_url,)
+                if ico_h:
+                    vol.flags["ufavico_h"] = ico_h
+                    head_s += ico_h
 
             if head_s:
                 vol.flags["html_head_s"] = head_s
@@ -2573,6 +2586,15 @@ class AuthSrv(object):
                     for x in drop:
                         vol.flags.pop(x)
 
+            zi = vol.flags.get("lifetime") or 0
+            zi2 = time.time() // (86400 * 365)
+            zi3 = zi2 * 86400 * 365
+            if zi < 0 or zi > zi3:
+                t = "the lifetime of volume [/%s] (%d) exceeds max value (%d years; %d)"
+                t = t % (vol.vpath, zi, zi2, zi3)
+                self.log(t, 1)
+                raise Exception(t)
+
             # verify tags mentioned by -mt[mp] are used by -mte
             local_mtp = {}
             local_only_mtp = {}
@@ -2739,9 +2761,13 @@ class AuthSrv(object):
                 ["uadmin", "uadmin"],
             ]:
                 u = list(sorted(getattr(zv.axs, attr)))
-                u = ["*"] if "*" in u else u
-                u = ", ".join("\033[35meverybody\033[0m" if x == "*" else x for x in u)
-                u = u if u else "\033[36m--none--\033[0m"
+                if u == ["*"] and acct:
+                    u = ["\033[35monly-anonymous\033[0m"]
+                elif "*" in u:
+                    u = ["\033[35meverybody\033[0m"]
+                if not u:
+                    u = ["\033[36m--none--\033[0m"]
+                u = ", ".join(u)
                 t += "\n|  {}:  {}".format(txt, u)
 
             if "e2d" in zv.flags:
@@ -2853,8 +2879,6 @@ class AuthSrv(object):
 
         if have_reflink:
             t = "WARNING: Reflink-based dedup was requested, but %s. This will not work; files will be full copies instead."
-            if sys.version_info < (3, 14):
-                self.log(t % "your python version is not new enough", 1)
             if not sys.platform.startswith("linux"):
                 self.log(t % "your OS is not Linux", 1)
 
@@ -2931,6 +2955,11 @@ class AuthSrv(object):
                 shn.shr_src = (s_vfs, s_rem)
                 shn.realpath = s_vfs.canonical(s_rem)
 
+                o_vn, _ = shn._get_share_src("")
+                shn.flags = o_vn.flags.copy()
+                shn.dbpath = o_vn.dbpath
+                shn.histpath = o_vn.histpath
+
                 # root.all_aps doesn't include any shares, so make a copy where the
                 # share appears in all abspaths it can provide (for example for chk_ap)
                 ap = shn.realpath
@@ -2994,6 +3023,8 @@ class AuthSrv(object):
                 "unlist": vf.get("unlist") or "",
                 "sb_lg": "" if "no_sb_lg" in vf else (vf.get("lg_sbf") or "y"),
             }
+            if "ufavico_h" in vf:
+                vn.js_ls["ufavico"] = vf["ufavico_h"]
             js_htm = {
                 "SPINNER": self.args.spinner,
                 "s_name": self.args.bname,
@@ -3005,6 +3036,7 @@ class AuthSrv(object):
                 "have_shr": self.args.shr,
                 "shr_who": vf["shr_who"],
                 "have_zip": not self.args.no_zip,
+                "have_zls": not self.args.no_zls,
                 "have_mv": not self.args.no_mv,
                 "have_del": not self.args.no_del,
                 "have_unpost": int(self.args.unpost),
@@ -3029,7 +3061,7 @@ class AuthSrv(object):
                 "dvol": self.args.au_vol,
                 "idxh": int(self.args.ih),
                 "dutc": not self.args.localtime,
-                "dfszf": self.args.ui_filesz,
+                "dfszf": self.args.ui_filesz.strip("-"),
                 "themes": self.args.themes,
                 "turbolvl": self.args.turbo,
                 "nosubtle": self.args.nosubtle,
@@ -3041,6 +3073,10 @@ class AuthSrv(object):
                 "lifetime": vn.js_ls["lifetime"],
                 "u2sort": self.args.u2sort,
             }
+            zs = "ui_noacci ui_nocpla ui_noctxb ui_nolbar ui_nombar ui_nonav ui_notree ui_norepl ui_nosrvi"
+            for zs in zs.split():
+                if vf.get(zs):
+                    js_htm[zs] = 1
             vn.js_htm = json_hesc(json.dumps(js_htm))
 
         vols = list(vfs.all_nodes.values())

copyparty/bos/bos.py

@@ -99,7 +99,11 @@ def utime(
 
 
 def utime_c(
-    log  , p , ts , follow_symlinks  = True, throw  = False
+    log  ,
+    p ,
+    ts ,
+    follow_symlinks  = True,
+    throw  = False,
 )  :
     clamp = 0
     ov = ts

copyparty/cfg.py

@@ -19,6 +19,7 @@ def vf_bmap()   :
         "no_clone": "noclone",
         "no_dirsz": "nodirsz",
         "no_dupe": "nodupe",
+        "no_dupe_m": "nodupem",
         "no_forget": "noforget",
         "no_pipe": "nopipe",
         "no_robots": "norobots",
@@ -58,6 +59,15 @@ def vf_bmap()   :
         "rm_partial",
         "rmagic",
         "rss",
+        "ui_noacci",
+        "ui_nocpla",
+        "ui_nolbar",
+        "ui_nombar",
+        "ui_nonav",
+        "ui_notree",
+        "ui_norepl",
+        "ui_nosrvi",
+        "ui_noctxb",
         "wo_up_readme",
         "wram",
         "xdev",
@@ -189,6 +199,7 @@ flagcats = {
         "safededup": "verify on-disk data before using it for dedup",
         "noclone": "take dupe data from clients, even if available on HDD",
         "nodupe": "rejects existing files (instead of linking/cloning them)",
+        "nodupem": "rejects existing files during moves as well",
         "chmod_d=755": "unix-permission for new dirs/folders",
         "chmod_f=644": "unix-permission for new files",
         "uid=573": "change owner of new files/folders to unix-user 573",
@@ -325,6 +336,15 @@ flagcats = {
         "md_sba": "value of iframe allow-prop for markdown-sandbox",
         "lg_sba": "value of iframe allow-prop for *logue-sandbox",
         "nohtml": "return html and markdown as text/html",
+        "ui_noacci": "hide account-info in the UI",
+        "ui_nocpla": "hide cpanel-link in the UI",
+        "ui_nolbar": "hide link-bar in the UI",
+        "ui_nombar": "hide top-menu in the UI",
+        "ui_nonav": "hide navpane+breadcrumbs in the UI",
+        "ui_notree": "hide navpane in the UI",
+        "ui_norepl": "hide repl-button in the UI",
+        "ui_nosrvi": "hide server-info in the UI",
+        "ui_noctxb": "hide context-buttons in the UI",
     },
     "opengraph (discord embeds)": {
         "og": "enable OG (disables hotlinking)",

copyparty/ftpd.py

@@ -247,7 +247,7 @@ class FtpFs(AbstractedFS):
 
         if w and need_unlink:
             if td >= -1 and td <= self.args.ftp_wt:
-                # within permitted timeframe; unlink and accept
+                # within permitted timeframe; allow overwrite or resume
                 do_it = True
             elif self.args.no_del or self.args.ftp_no_ow:
                 # file too old, or overwrite not allowed; reject
@@ -264,7 +264,9 @@ class FtpFs(AbstractedFS):
             if not do_it:
                 raise FSE("File already exists")
 
-            wunlink(self.log, ap, VF_CAREFUL)
+            # Don't unlink file for append mode
+            elif "a" not in mode:
+                wunlink(self.log, ap, VF_CAREFUL)
 
         ret = open(fsenc(ap), mode, self.args.iobuf)
         if w and "fperms" in vfs.flags:
@@ -505,7 +507,7 @@ class FtpHandler(FTPHandler):
                 0,
                 self.cli_ip,
                 time.time(),
-                "",
+                None,
             )
             t = hr.get("rejectmsg") or ""
             if t or not hr: