MBonaldo/hfs2
1
0
Fork 0
mirror of https://github.com/rejetto/hfs2.git synced 2025-12-19 10:03:56 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: 'password in pages' option now using new system

Browse Source
This commit is contained in:
Massimo Melina 2020-05-17 00:28:25 +02:00
parent 0a7c30dd06
commit 926bdfc85b
3 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
main.dfm
View File

@ -2932,11 +2932,6 @@ object mainFrm: TmainFrm
AutoCheck = True AutoCheck = True
Caption = 'Encode non-ASCII characters' Caption = 'Encode non-ASCII characters'
end end
object encodePwdUrlChk: TMenuItem
AutoCheck = True
Caption = 'Unreadable passwords in URLs'
Checked = True
end
object pwdInPagesChk: TMenuItem object pwdInPagesChk: TMenuItem
AutoCheck = True AutoCheck = True
Caption = 'Include password in pages (for download managers)' Caption = 'Include password in pages (for download managers)'

59
main.pas
View File

@ -238,7 +238,8 @@ type
function relativeURL(fullEncode:boolean=FALSE):string; function relativeURL(fullEncode:boolean=FALSE):string;
function pathTill(root:Tfile=NIL; delim:char='\'):string; function pathTill(root:Tfile=NIL; delim:char='\'):string;
function parentURL():string; function parentURL():string;
function fullURL(userpwd:string=''; ip:string=''):string; function fullURL(ip, user, pwd:string):string; overload;
function fullURL(ip:string=''):string; overload;
procedure setupImage(newIcon:integer); overload; procedure setupImage(newIcon:integer); overload;
procedure setupImage(); overload; procedure setupImage(); overload;
function getAccountsFor(action:TfileAction; specialUsernames:boolean=FALSE; outInherited:Pboolean=NIL):TstringDynArray; function getAccountsFor(action:TfileAction; specialUsernames:boolean=FALSE; outInherited:Pboolean=NIL):TstringDynArray;
@ -615,7 +616,6 @@ type
Fingerprints1: TMenuItem; Fingerprints1: TMenuItem;
saveNewFingerprintsChk: TMenuItem; saveNewFingerprintsChk: TMenuItem;
Createfingerprintonaddition1: TMenuItem; Createfingerprintonaddition1: TMenuItem;
encodePwdUrlChk: TMenuItem;
pwdInPagesChk: TMenuItem; pwdInPagesChk: TMenuItem;
deleteDontAskChk: TMenuItem; deleteDontAskChk: TMenuItem;
Updates1: TMenuItem; Updates1: TMenuItem;
@ -2711,15 +2711,6 @@ begin
result:=LUT[mainFrm.httpsUrlsChk.checked]; result:=LUT[mainFrm.httpsUrlsChk.checked];
end; // protoColon end; // protoColon
function totallyEncoded(s:string):string;
var
i: integer;
begin
result:='';
for i:=1 to length(s) do
result:=result+'%'+intToHex(ord(s[i]),2)
end; // totallyEncoded
function Tfile.relativeURL(fullEncode:boolean=FALSE):string; function Tfile.relativeURL(fullEncode:boolean=FALSE):string;
begin begin
if isLink() then result:=replaceText(resource, '%ip%', defaultIP) if isLink() then result:=replaceText(resource, '%ip%', defaultIP)
@ -2777,15 +2768,36 @@ s:=copy( s, length(f.resource)+2, length(s) );
result:=result+replaceStr(s, '\','/'); result:=result+replaceStr(s, '\','/');
end; // getFolder end; // getFolder
function Tfile.fullURL(userpwd:string=''; ip:string=''):string; type Tstr2str = Tdictionary<string,string>;
var userPwdHashCache:Tstr2str;
function Tfile.fullURL(ip, user, pwd:string):string;
var s,k,base: string;
begin
if userPwdHashCache = NIL then
userPwdHashCache:=Tstr2str.Create();
base:=fullURL(ip)+'?';
k:=user+':'+pwd;
try result:=base+userPwdHashCache[k]
except
s:='mode=auth&u='+encodeURL(user);
s:=s+'&s2='+strSHA256(s+pwd); // sign with password
userPwdHashCache.add(k,s);
result:=base+s;
end;
end; // fullURL
function Tfile.fullURL(ip:string=''):string;
begin begin
result:=url(); result:=url();
if isLink() then exit; if isLink() then
if assigned(srv) and srv.active and (srv.port <> '80') and (pos(':',ip) = 0) exit;
if assigned(srv) and srv.active
and (srv.port <> '80') and (pos(':',ip) = 0)
and not mainfrm.noPortInUrlChk.checked then and not mainfrm.noPortInUrlChk.checked then
result:=':'+srv.port+result; result:=':'+srv.port+result;
if ip = '' then ip:=defaultIP; if ip = '' then
result:=protoColon()+nonEmptyConcat('',userpwd,'@')+ip+result ip:=defaultIP;
result:=protoColon()+ip+result;
end; // fullURL end; // fullURL
function Tfile.isDLforbidden():boolean; function Tfile.isDLforbidden():boolean;
@ -3557,9 +3569,7 @@ var
else else
if pwdInPagesChk.Checked and (cd.user > '') then if pwdInPagesChk.Checked and (cd.user > '') then
begin begin
if encodePwdUrlChk.checked then s:=totallyEncoded(cd.pwd) s:=f.fullURL(getSafeHost(cd), cd.user, cd.pwd )+fingerprint;
else s:=encodeURL(cd.pwd);
s:=f.fullURL( encodeURL(cd.user)+':'+s, getSafeHost(cd) )+fingerprint;
url:=s url:=s
end end
else else
@ -6676,7 +6686,6 @@ result:='HFS '+VERSION+' - Build #'+VERSION_BUILD+CRLF
+'enable-fingerprints='+yesno[fingerprintsChk.checked]+CRLF +'enable-fingerprints='+yesno[fingerprintsChk.checked]+CRLF
+'save-fingerprints='+yesno[saveNewFingerprintsChk.checked]+CRLF +'save-fingerprints='+yesno[saveNewFingerprintsChk.checked]+CRLF
+'auto-fingerprint='+intToStr(autoFingerprint)+CRLF +'auto-fingerprint='+intToStr(autoFingerprint)+CRLF
+'encode-pwd-url='+yesno[encodePwdUrlChk.checked]+CRLF
+'stop-spiders='+yesno[stopSpidersChk.checked]+CRLF +'stop-spiders='+yesno[stopSpidersChk.checked]+CRLF
+'backup-saving='+yesno[backupSavingChk.checked]+CRLF +'backup-saving='+yesno[backupSavingChk.checked]+CRLF
+'recursive-listing='+yesno[recursiveListingChk.checked]+CRLF +'recursive-listing='+yesno[recursiveListingChk.checked]+CRLF
@ -7064,7 +7073,6 @@ while cfg > '' do
if h = 'enable-fingerprints' then fingerprintsChk.checked:=yes; if h = 'enable-fingerprints' then fingerprintsChk.checked:=yes;
if h = 'save-fingerprints' then saveNewFingerprintsChk.checked:=yes; if h = 'save-fingerprints' then saveNewFingerprintsChk.checked:=yes;
if h = 'auto-fingerprint' then setAutoFingerprint(int); if h = 'auto-fingerprint' then setAutoFingerprint(int);
if h = 'encode-pwd-url' then encodePwdUrlChk.checked:=yes;
if h = 'log-toolbar-expanded' then setLogToolbar(yes); if h = 'log-toolbar-expanded' then setLogToolbar(yes);
if h = 'last-update-check' then lastUpdateCheck:=real; if h = 'last-update-check' then lastUpdateCheck:=real;
if h = 'recursive-listing' then recursiveListingChk.checked:=yes; if h = 'recursive-listing' then recursiveListingChk.checked:=yes;
@ -10522,7 +10530,8 @@ f:=selectedFile;
while assigned(f) and (f.accounts[FA_ACCESS] = NIL) and (f.user = '') do while assigned(f) and (f.accounts[FA_ACCESS] = NIL) and (f.user = '') do
f:=f.parent; f:=f.parent;
if f.user = user then pwd:=f.pwd if f.user = user then
pwd:=f.pwd
else else
begin begin
a:=getAccount(user); a:=getAccount(user);
@ -10530,9 +10539,7 @@ else
else pwd:=''; else pwd:='';
end; end;
s:='mode=auth&u='+encodeURL(user); setClip( selectedFile.fullURL('',user,pwd) )
setClip( selectedFile.fullURL()+'?'+s
+'&s2='+strSHA256(s+pwd) ) // sign with password
end; // copyURLwithPasswordMenuClick end; // copyURLwithPasswordMenuClick
procedure Tmainfrm.copyURLwithAddressMenuClick(sender:Tobject); procedure Tmainfrm.copyURLwithAddressMenuClick(sender:Tobject);
@ -10545,7 +10552,7 @@ delete(addr, pos('&',addr), 1);
s:=''; s:='';
for i:=0 to filesBox.SelectionCount-1 do for i:=0 to filesBox.SelectionCount-1 do
s:=s+nodeTofile(filesBox.Selections[i]).fullURL('', addr)+CRLF; s:=s+nodeTofile(filesBox.Selections[i]).fullURL(addr)+CRLF;
setLength(s, length(s)-2); setLength(s, length(s)-2);
setClip(s); setClip(s);

4
whatsnew.txt
View File

@ -1,4 +1,4 @@
HFS - what's new HFS - what's new
LEGEND LEGEND
! very important ! very important
@ -11,8 +11,10 @@ VER 2.4
propaganda propaganda
New mobile-friendly template New mobile-friendly template
Unicode support Unicode support
New encrypted login, and logout
/propaganda /propaganda
+ new default template + new default template
+ new login system, session based, with logout
+ {.set item|name.} + {.set item|name.}
+ {.get item|icon.} + {.get item|icon.}
+ {.set cfg.} + {.set cfg.}