Merge pull request #41 from divinity76/patch-1

warning about Delphi 10.4 Community being incompatible
2025-12-19 18:13:46 +01:00 · 2025-01-22 22:25:18 +01:00 · 2023-03-25 12:45:10 +01:00 · 2023-03-12 17:42:10 +01:00 · 2020-08-30 23:26:11 +02:00 · 2020-08-23 13:45:47 +02:00
27 changed files with 3592 additions and 2790 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,11 +3,13 @@ __history/
 __recovery/
 win32/
 .vscode/
 .idea/
 *.vfs
 *.dcu
 *.exe
 *.map
 *.tmp
 *.dll
 *.bak
 *.*-
 *.corrupted
--- a/README.md
+++ b/README.md
@ -1,5 +1,26 @@
 # Obsolete
 This is the repository of the old HFS.
 I'm working on HFS 3 on another repository. Check it out! 
 https://github.com/rejetto/hfs
 ## Introduction
 You can use HFS (HTTP File Server) to send and receive files.
 It's different from classic file sharing because it uses web technology.
 It also differs from classic web servers because it's very easy to use and runs "right out-of-the box".
 The virtual file system will allow you to easily share even one single file.
 ## Dev notes
 Initially developed in 2002 with Delphi 6, now with Delphi 10.3.3 (Community Edition).
 Icons are generated at http://fontello.com/ . Use fontello.json for further modifications.
 For the default template we are targeting compatibility with Chrome 49 as it's the latest version running on Windows XP.
 Warning: Delphi Community Edition 10.4 removed support for command-line compilation, and is thus unable to compile JEDI Code Library, and is thus unable to compile HFS2, ref [Community Edition no longer includes the command-line compilers](https://blogs.embarcadero.com/delphi-cbuilder-community-editions-now-available-in-version-10-4-2/#comment-1339) - meaning the last version of Community Edition cabale of compiling HFS2 is Delphi 10.3.x
 ## Libs used
 - [ICS v8.64](http://www.overbyte.be) by François PIETTE 
 - [TRegExpr v0.952b](https://github.com/andgineer/TRegExpr/releases) by Andrey V. Sorokin
 - [JEDI Code Library v2.7](https://github.com/project-jedi/jcl)
 - [Kryvich's Delphi Localizer v4.1](http://sites.google.com/site/kryvich)
--- a/classesLib.pas
+++ b/classesLib.pas
@ -1,5 +1,5 @@
 {
-Copyright (C) 2002-2012  Massimo Melina (www.rejetto.com)
+Copyright (C) 2002-2020  Massimo Melina (www.rejetto.com)
 This file is part of HFS ~ HTTP File Server.
@ -23,9 +23,20 @@ unit classesLib;
 interface
 uses
-  iniFiles, types, hslib, strUtils, sysUtils, classes, math, system.Generics.Collections;
+  iniFiles, types, hslib, strUtils, sysUtils, classes, math, system.Generics.Collections,
  OverbyteIcsWSocket, OverbyteIcshttpProt;
 type
  TantiDos = class
  protected
    accepted: boolean;
    Paddress: string;
  public
    constructor create;
    destructor Destroy; override;
    function accept(conn:ThttpConn; address:string=''):boolean;
    end;
  TfastStringAppend = class
  protected
    buff: string;
@ -88,6 +99,7 @@ type
    constructor create;
    destructor Destroy; override;
    function addFile(src:string; dst:string=''; data:Tobject=NIL):boolean; virtual;
    function contains(src:string):boolean;
    function count():integer;
    procedure reset(); virtual;
    property totalSize:int64 read getTotal;
@ -138,7 +150,7 @@ type
  PtplSection = ^TtplSection;
  TtplSection = record
    name, txt: string;
-    nolog, nourl, cache: boolean;
+    nolog, public, noList, cache: boolean;
    ts: Tdatetime;
    end;
@ -189,6 +201,12 @@ type
    destructor Destroy; override;
    end;
  ThttpClient = class(TSslHttpCli)
    constructor Create(AOwner: TComponent); override;
    destructor Destroy; override;
    class function createURL(url:string):ThttpClient;
    end;
  Ttlv = class
  protected
    cur, bound: integer;
@ -214,6 +232,94 @@ implementation
 uses
  utilLib, main, windows, dateUtils, forms;
 const folderConcurrents: integer = 0;
 const MAX_CONCURRENTS = 3;
 const ip2availability: Tdictionary<string,Tdatetime> = NIL;
 constructor TantiDos.create();
 begin
 accepted:=FALSE;
 end;
 function TantiDos.accept(conn:ThttpConn; address:string=''):boolean;
  procedure reject();
  resourcestring
    MSG_ANTIDOS_REPLY = 'Please wait, server busy';
  begin
  conn.reply.mode:=HRM_OVERLOAD;
  conn.addHeader(ansistring('Refresh: '+intToStr(1+random(2)))); // random for less collisions
  conn.reply.body:=UTF8Encode(MSG_ANTIDOS_REPLY);
  end;
 begin
 if address= '' then
  address:=conn.address;
 if ip2availability = NIL then
  ip2availability:=Tdictionary<string,Tdatetime>.create();
 try
  if ip2availability[address] > now() then // this specific address has to wait?
    begin
    reject();
    exit(FALSE);
    end;
 except
  end;
 if folderConcurrents >= MAX_CONCURRENTS then   // max number of concurrent folder loading, others are postponed
  begin
  reject();
  exit(FALSE);
  end;
 inc(folderConcurrents);
 Paddress:=address;
 ip2availability.AddOrSetValue(address, now()+1/HOURS);
 accepted:=TRUE;
 Result:=TRUE;
 end;
 destructor TantiDos.Destroy;
 var
  pair: Tpair<string,Tdatetime>;
  t: Tdatetime;
 begin
 if not accepted then
  exit;
 t:=now();
 if folderConcurrents = MAX_CONCURRENTS then // serving multiple addresses at max capacity, let's give a grace period for others
  ip2availability[Paddress]:=t + 1/SECONDS
 else
  ip2availability.Remove(Paddress);
 dec(folderConcurrents);
 // purge leftovers
 for pair in ip2availability do
  if pair.Value < t then
    ip2availability.Remove(pair.Key);
 end;
 class function ThttpClient.createURL(url:string):ThttpClient;
 begin
 if startsText('https://', url)
 and not httpsCanWork() then
  exit(NIL);
 result:=ThttpClient.Create(NIL);
 result.URL:=url;
 end;
 constructor ThttpClient.create(AOwner: TComponent);
 begin
 inherited;
 followRelocation:=TRUE;
 agent:=HFS_HTTP_AGENT;
 SslContext := TSslContext.Create(NIL);
 end; // create
 destructor ThttpClient.Destroy;
 begin
 SslContext.free;
 SslContext:=NIl;
 inherited destroy;
 end;
 constructor TperIp.create();
 begin
 limiter:=TspeedLimiter.create();
@ -419,6 +525,16 @@ if cachedTotal < 0 then calculate();
 result:=cachedTotal;
 end; // getTotal
 function TarchiveStream.contains(src:string):boolean;
 var
  i: integer;
 begin
 for i:=0 to Length(flist)-1 do
  if flist[i].src = src then
    exit(TRUE);
 result:=FALSE;
 end;
 function TarchiveStream.addFile(src:string; dst:string=''; data:Tobject=NIL):boolean;
  function getMtime(fh:Thandle):int64;
@ -504,10 +620,7 @@ end; // reset
 function TtarStream.fsInit():boolean;
 begin
 if assigned(fs) and (fs.FileName = flist[cur].src) then
-  begin
+  exit(TRUE);
  result:=TRUE;
  exit;
  end;
 result:=FALSE;
 try
  freeAndNIL(fs);
@ -746,10 +859,12 @@ var
 var
  i, posBak: int64;
  n: integer;
 begin
 posBak:=pos;
 p:=@buffer;
-while (count > 0) and (cur < length(flist)) do
+n:=length(flist);
 while (count > 0) and (cur < n) do
  case where of
    TW_HEADER:
      begin
@ -913,7 +1028,7 @@ if sections.containsKey(section) then
  result:=sections[section]
 else
  result:=NIL;
-if inherit and assigned(over) and ((result = NIL) or (trim(result.txt) = '')) then
+if inherit and assigned(over) and (result = NIL) then
  result:=over.getSection(section);
 end; // getSection
@ -928,7 +1043,7 @@ else
 end; // getTxt
 function Ttpl.getTxtByExt(fileExt:string):string;
-begin result:=getTxt('file.'+fileExt) end;
+begin result:=getTxt('file'+fileExt) end;
 procedure Ttpl.fromString(txt:string);
 var
@ -978,12 +1093,52 @@ var
  procedure saveInSection();
  var
    ss: TStringDynArray;
    s: string;
    i: integer;
    base: TtplSection;
    function parseFlagsAndAcceptSection(flags:TStringDynArray):boolean;
    var
      f, k, v, s: string;
      i: integer;
    begin
    for f in flags do
      begin
      i:=pos('=',f);
      if i = 0 then
        begin
        if f='no log' then
          base.nolog:=TRUE
        else if f='public' then
          base.public:=TRUE
        else if f='no list' then
          base.noList:=TRUE
        else if f='cache' then
          base.cache:=TRUE;
        Continue;
        end;
      k:=copy(f,1,i-1);
      v:=copy(f,i+1,MAXINT);
      if k = 'build' then
        begin
        s:=chop('-',v);
        if (v > '') and (VERSION_BUILD > v) // max
        or (s > '') and (VERSION_BUILD < s) then // min
          exit(FALSE);
        end
      else if k = 'ver' then
        if fileMatch(v, VERSION) then continue
        else exit(FALSE)
      else if k = 'template' then
        if fileMatch(v, getTill(#13,getTxt('template id'))) then continue
        else exit(FALSE)
      end;
    result:=TRUE;
    end;
  var
    ss: TStringDynArray;
    s, si: string;
    till: pchar;
-    append: boolean;
+    append, prepend, add: boolean;
    sect, from: PtplSection;
  begin
  till:=pred(bos);
@ -991,44 +1146,49 @@ var
  if till^ = #10 then dec(till);
  if till^ = #13 then dec(till);
  base:=default(TtplSection);
  base.txt:=getStr(ptxt, till);
  // there may be flags after |
  s:=cur_section;
  cur_section:=chop('|', s);
  base.nolog:=ansiPos('no log', s) > 0;
  base.nourl:=ansiPos('private', s) > 0;
  base.cache:=ansiPos('cache', s) > 0;
  base.ts:=now();
  ss:=split('|',cur_section);
  cur_section:=popString(ss);
  if not parseFlagsAndAcceptSection(ss) then
    exit;
-  s:=cur_section;
+  prepend:=startsStr('^', cur_section);
-  append:=ansiStartsStr('+', s);
+  append:=startsStr('+', cur_section);
-  if append then
+  add:=prepend or append;
-    delete(s,1,1);
+  if add then
    delete(cur_section,1,1);
  // there may be several section names separated by =
-  ss:=split('=', s);
+  ss:=split('=', cur_section);
  // handle the main section specific case
-  if ss = NIL then addString('', ss);
+  if ss = NIL then
    addString('', ss);
  // assign to every name the same txt
-  for i:=0 to length(ss)-1 do
+  for si in ss do
    begin
-    s:=trim(ss[i]);
+    s:=trim(si);
    sect:=getSection(s, FALSE);
    from:=NIL;
    if sect = NIL then // not found
      begin
-      if append then
+      if add then
        from:=getSection(s);
      sect:=newSection(s);
      end
    else
-      if append then
+      if add then
        from:=sect;
    if from<>NIL then
      begin // inherit from it
-      sect.txt:=from.txt+base.txt;
+      if append then
        sect.txt:=from.txt+base.txt
      else
        sect.txt:=base.txt+CRLF+from.txt;
      sect.nolog:=from.nolog or base.nolog;
-      sect.nourl:=from.nourl or base.nourl;
+      sect.public:=from.public or base.public;
      sect.noList:=from.noList or base.noList;
      continue;
      end;
    sect^:=base;
@ -1037,14 +1197,13 @@ var
  end; // saveInSection
 const
-  BOM = #$EF#$BB#$BF;
+  UTF8_BOM = #$EF#$BB#$BF;
 var
  first: boolean;
 begin
-// this is used by some unicode files. at the moment we just ignore it.
+if ansiStartsStr(UTF8_BOM, txt) then
-if ansiStartsStr(BOM, txt) then
+  delete(txt, 1, length(UTF8_BOM));
-  delete(txt, 1, length(BOM));
+
 if txt = '' then exit;
 src:=src+txt;
 cur_section:='';
@ -1089,8 +1248,8 @@ function Ttlv.pop(var value:string; var raw:ansistring):integer;
 var
  n: integer;
 begin
-result:=-1;
+if isOver() then 
-if isOver() then exit; // finished
+  exit(-1); // finished
 result:=integer((@whole[cur])^);
 n:=Pinteger(@whole[cur+4])^;
 raw:=copy(whole, cur+8, n);
@ -1109,10 +1268,7 @@ function Ttlv.down():boolean;
 begin
 // do we have anything to recur on?
 if (cur = 1) then
-  begin
+  exit(FALSE);
  result:=false;
  exit;
  end;
 // push into the stack
 if (stackTop = length(stack)) then // space over
  setLength(stack, stackTop+10); // make space
@ -1129,10 +1285,7 @@ end; // down
 function Ttlv.up():boolean;
 begin
 if stackTop = 0 then
-  begin
+  exit(FALSE);
  result:=false;
  exit;
  end;
 dec(stackTop);
 bound:=stack[stackTop];
 dec(stackTop);
--- a/country.cache
+++ b/country.cache
@ -1 +0,0 @@
 127.0.0.1=(Private Address) (XX)
--- a/data.rc
+++ b/data.rc
@ -1,10 +1,7 @@
 1 24 "WindowsXP.manifest"
 defaultTpl TEXT default.tpl
 dmBrowserTpl TEXT dmBrowser.tpl
 invertban TEXT invertban.txt
 filelistTpl TEXT filelist.tpl
 uploadDisabled TEXT upload_disabled.txt
 uploadHowTo TEXT upload_how.txt
 alias TEXT alias.txt
 IPservices TEXT ipservices.txt
 jquery TEXT jquery.min.js
--- a/default.tpl
+++ b/default.tpl
--- a/defs.inc
+++ b/defs.inc
@ -1,3 +1,5 @@
 {$A+,B-,C+,E-,F-,G+,H+,I-,J+,K-,L+,M-,N+,O+,P+,Q-,R-,S-,T-,U-,V+,X+,Y+,Z1}
 {$DEFINE NOT STABLE }
 {$IFDEF STABLE }
  {$ASSERTIONS OFF}
--- a/notes.txt
+++ b/notes.txt
@ -1,9 +0,0 @@
 Initially developed with Delphi 6, now with Delphi 10.3.3
 Icons are generated at http://fontello.com/ . Use fontello.json for further modifications.
 === LIBS USED
 ICS v8.63 by François PIETTE http://www.overbyte.be
 TRegExpr v0.952 by Andrey V. Sorokin http://www.regexpstudio.com/TRegExpr/TRegExpr.html
 JEDI Code Library v2.7 https://github.com/project-jedi/jcl
 Kryvich's Delphi Localizer v4.1 http://sites.google.com/site/kryvich
--- a/hfs.dof
+++ b/hfs.dof
@ -1,133 +0,0 @@
 [FileVersion]
 Version=6.0
 [Compiler]
 A=8
 B=0
 C=1
 D=1
 E=0
 F=0
 G=1
 H=1
 I=1
 J=0
 K=0
 L=1
 M=0
 N=1
 O=1
 P=1
 Q=0
 R=0
 S=0
 T=0
 U=0
 V=1
 W=1
 X=1
 Y=2
 Z=1
 ShowHints=1
 ShowWarnings=1
 UnitAliases=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE;
 [Linker]
 MapFile=3
 OutputObjs=0
 ConsoleApp=1
 DebugInfo=0
 RemoteSymbols=0
 MinStackSize=16384
 MaxStackSize=1048576
 ImageBase=4194304
 ExeDescription=Http File Server - www.rejetto.com/hfs
 [Directories]
 OutputDir=
 UnitOutputDir=
 PackageDLLOutputDir=
 PackageDCPOutputDir=
 SearchPath=$(DELPHI)\Lib\Debug;C:\code\other\compiled
 Packages=vcl;rtl;vclx;VclSmp;DJCL60;IcsDel60
 Conditionals=
 DebugSourceDirs=C:\code\other\ics\Delphi\Vc32\
 UsePackages=0
 [Parameters]
 RunParams=
 HostApplication=
 Launcher=
 UseLauncher=0
 DebugCWD=
 [Version Info]
 IncludeVerInfo=0
 AutoIncBuild=0
 MajorVer=1
 MinorVer=6
 Release=0
 Build=0
 Debug=0
 PreRelease=0
 Special=0
 Private=0
 DLL=0
 Locale=1040
 CodePage=1252
 [Version Info Keys]
 CompanyName=rejetto
 FileDescription=
 FileVersion=1.6.0.0
 InternalName=HFS
 LegalCopyright=Copyright (C) 2002-2004  Massimo Melina (www.rejetto.com)
 LegalTrademarks=
 OriginalFilename=hfs.exe
 ProductName=Http File Server
 ProductVersion=1.0.0.0
 Comments=
 [Excluded Packages]
 c:\programmi\borland\delphi6\Bin\dclshlctrls60.bpl=Shell Control Property and Component Editors
 c:\programmi\borland\delphi6\Projects\Bpl\dclusr60.bpl=Borland User Components
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclBaseExpertD60.bpl=JCL Package containing common units for JCL Experts
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclDebugExpertD60.bpl=JCL Debug IDE extension
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclProjectAnalysisExpertD60.bpl=JCL Project Analyzer
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclFavoriteFoldersExpertD60.bpl=JCL Open and Save IDE dialogs with favorite folders
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclThreadNameExpertD60.bpl=JCL Thread Name IDE expert
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclUsesExpertD60.bpl=JCL Uses Wizard
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JclSIMDViewExpertD60.bpl=JCL Debug Window of XMM registers
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvAppFrmD6D.bpl=JVCL Application and Form Components
 C:\PROGRA~1\Borland\Delphi6\Projects\Bpl\JvCoreD6D.bpl=JVCL Core Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvBandsD6D.bpl=JVCL Band Objects
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvCmpD6D.bpl=JVCL Non-Visual Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvCryptD6D.bpl=JVCL Encryption and Compression Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvCtrlsD6D.bpl=JVCL Visual Controls
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvCustomD6D.bpl=JVCL Custom Controls
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvDlgsD6D.bpl=JVCL Dialog Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvDockingD6D.bpl=JVCL Docking Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvDotNetCtrlsD6D.bpl=JVCL DotNet Controls
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvGlobusD6D.bpl=JVCL Globus Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvHMID6D.bpl=JVCL HMI Controls design time unit
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvInterpreterD6D.bpl=JVCL Interpreter Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvJansD6D.bpl=JVCL Jans Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvManagedThreadsD6D.bpl=JVCL Managed Threads
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvMMD6D.bpl=JVCL Multimedia and Image Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvNetD6D.bpl=JVCL Network Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvPageCompsD6D.bpl=JVCL Page Style Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvPluginD6D.bpl=JVCL Plugin Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvPrintPreviewD6D.bpl=JVCL Print Preview Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvRuntimeDesignD6D.bpl=JVCL Runtime Design Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvStdCtrlsD6D.bpl=JVCL Standard Controls
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvSystemD6D.bpl=JVCL System Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvTimeFrameworkD6D.bpl=JVCL Time Framework
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvUIBD6D.bpl=JVCL Unified Interbase Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvValidatorsD6D.bpl=JVCL Validators and Error Provider Components
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvWizardD6D.bpl=JVCL Wizard Design Time Package
 C:\Programmi\Borland\Delphi6\Projects\Bpl\JvXPCtrlsD6D.bpl=JVCL XP Controls
 C:\PROGRAMMI\BORLAND\DELPHI6\Bin\PDIFac60.bpl=Interface for ProDelphi viewer
 c:\programmi\borland\delphi6\Bin\dcl31w60.bpl=Delphi 1.0 Compatibility Components
 c:\programmi\borland\delphi6\Projects\Bpl\VirtualTreesD6D.bpl=Virtual Treeview
 [HistoryLists\hlDebugSourcePath]
 Count=1
 Item0=C:\code\other\ics\Delphi\Vc32\
 [HistoryLists\hlUnitAliases]
 Count=1
 Item0=WinTypes=Windows;WinProcs=Windows;DbiTypes=BDE;DbiProcs=BDE;DbiErrs=BDE;
 [HistoryLists\hlSearchPath]
 Count=1
 Item0=$(DELPHI)\Lib\Debug;C:\code\other\compiled
--- a/hfs.dproj
+++ b/hfs.dproj
@ -206,31 +206,31 @@
            </Platforms>
            <ModelSupport>False</ModelSupport>
            <Deployment Version="3">
                <DeployFile LocalName="hfs.dpr" Configuration="Release" Class="ProjectFile">
                    <Platform Name="Win32">
                        <RemoteDir>.\</RemoteDir>
                        <Enabled>false</Enabled>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployFile LocalName="hfs.exe" Configuration="Debug" Class="ProjectOutput">
                    <Platform Name="Win32">
                        <RemoteName>hfs.exe</RemoteName>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployFile LocalName="hfs.exe" Configuration="Release" Class="ProjectOutput">
                    <Platform Name="Win32">
                        <RemoteName>hfs.exe</RemoteName>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployFile LocalName="hfs.dpr" Configuration="Debug" Class="ProjectFile">
                    <Platform Name="Win32">
                        <RemoteDir>.\</RemoteDir>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployFile LocalName="hfs.dpr" Configuration="Release" Class="ProjectFile">
                    <Platform Name="Win32">
                        <RemoteDir>.\</RemoteDir>
                        <Enabled>false</Enabled>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployFile LocalName="hfs.exe" Configuration="Release" Class="ProjectOutput">
                    <Platform Name="Win32">
                        <RemoteName>hfs.exe</RemoteName>
                        <Overwrite>true</Overwrite>
                    </Platform>
                </DeployFile>
                <DeployClass Name="AdditionalDebugSymbols">
                    <Platform Name="OSX32">
                        <Operation>1</Operation>
--- a/hfs.drc
+++ b/hfs.drc
--- a/hfs.dsk
+++ b/hfs.dsk
@ -1,185 +0,0 @@
 [Closed Files]
 File_0=SourceModule,'C:\code\mine\hfs\whatsnew.txt',0,1,13,28,45,0,0
 File_1=SourceModule,'C:\code\mine\hslib\hslib.pas',0,1,901,26,924,0,0
 File_2=SourceModule,'C:\code\mine\hfs\utillib.pas',0,1,46,1,80,0,0
 File_3=SourceModule,'C:\code\mine\hfs\todo.txt',0,1,1,1,1,0,0
 File_4=SourceModule,'C:\code\other\ics\Delphi\Vc32\WSocket.pas',0,1,2948,36,2957,0,0
 File_5=SourceModule,'C:\code\other\ics\Delphi\Vc32\WSocketS.pas',0,1,48,46,265,0,0
 File_6=SourceModule,'C:\code\other\ics\Delphi\Vc32\UUEncode.pas',0,1,64,21,82,0,0
 File_7=SourceModule,'C:\code\mine\andrq\utilLib.pas',0,1,3737,25,3767,0,0
 File_8=SourceModule,'C:\code\mine\andrq\prefDlg.pas',0,1,570,27,590,1,0
 [Modules]
 Module0=C:\code\mine\hfs\main.pas
 Count=1
 EditWindowCount=1
 [C:\code\mine\hfs\main.pas]
 ModuleType=SourceModule
 FormState=1
 FormOnTop=0
 [C:\Programmi\Borland\Delphi6\Projects\ProjectGroup1.bpg]
 FormState=0
 FormOnTop=0
 [C:\code\mine\hfs\hfs.dpr]
 FormState=0
 FormOnTop=0
 [EditWindow0]
 ViewCount=1
 CurrentView=0
 View0=0
 MessageView=MessageView@EditWindow0
 Create=1
 Visible=1
 State=0
 Left=190
 Top=101
 Width=834
 Height=639
 MaxLeft=-4
 MaxTop=97
 ClientWidth=826
 ClientHeight=612
 LeftPanelSize=0
 RightPanelSize=0
 BottomPanelSize=0
 BottomPanelClients=MessageView@EditWindow0
 BottomPanelData=00000400010000000B0000004D6573736167655669657700000000000000000000000000000000000100000000000000000B0000004D65737361676556696577FFFFFFFF
 [View0]
 Module=C:\code\mine\hfs\main.pas
 CursorX=33
 CursorY=63
 TopLine=41
 LeftCol=1
 [Watches]
 Count=1
 Watch0='h',256,0,18,1,0
 [Breakpoints]
 Count=0
 [AddressBreakpoints]
 Count=0
 [Main Window]
 Create=1
 Visible=1
 State=2
 Left=0
 Top=0
 Width=1024
 Height=105
 MaxLeft=-4
 MaxTop=-4
 MaxWidth=1032
 MaxHeight=105
 ClientWidth=1024
 ClientHeight=78
 [ProjectManager]
 Create=1
 Visible=0
 State=0
 Left=369
 Top=372
 Width=438
 Height=303
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=430
 ClientHeight=279
 TBDockHeight=303
 LRDockWidth=438
 Dockable=1
 [CPUWindow]
 Create=1
 Visible=0
 State=0
 Left=245
 Top=207
 Width=533
 Height=353
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=525
 ClientHeight=326
 DumpPane=79
 DisassemblyPane=187
 RegisterPane=231
 FlagPane=64
 [AlignmentPalette]
 Create=1
 Visible=0
 State=0
 Left=200
 Top=107
 Width=156
 Height=82
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=150
 ClientHeight=60
 [PropertyInspector]
 Create=1
 Visible=1
 State=0
 Left=0
 Top=119
 Width=190
 Height=621
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=182
 ClientHeight=597
 TBDockHeight=621
 LRDockWidth=190
 Dockable=1
 SplitPos=85
 ArrangeBy=Name
 SelectedItem=Caption
 ExpandedItems=
 HiddenCategories=
 [ObjectTree]
 Create=1
 Visible=1
 State=0
 Left=1
 Top=99
 Width=190
 Height=252
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=182
 ClientHeight=228
 TBDockHeight=252
 LRDockWidth=190
 Dockable=1
 [MessageView@EditWindow0]
 Create=1
 Visible=0
 State=0
 Left=12
 Top=0
 Width=814
 Height=52
 MaxLeft=-1
 MaxTop=-1
 ClientWidth=814
 ClientHeight=52
 TBDockHeight=52
 LRDockWidth=443
 Dockable=1
 [DockHosts]
 DockHostCount=0
--- a/hfs.events
+++ b/hfs.events
@ -1,3 +0,0 @@
 [+download]
 {.remove header|ETag.}
 {.remove header|Set-cookie.}
--- a/hfs.lng
+++ b/hfs.lng
@ -1,5 +1,5 @@
 ; Kryvich's Delphi Localizer Language File.
-; Generated by K.D.L. Scanner, 24/05/2020 20:02:17
+; Generated by K.D.L. Scanner, 02/08/2020 18:30:32
 Humanize=1
 HumanizedCR=\^
@ -120,6 +120,8 @@ filemenu.Editresource1.Caption=Edit resource...
 filemenu.CopyURL1.Caption=Copy URL address
 filemenu.CopyURL1.Hint=just double click!
 filemenu.CopyURLwithpassword1.Caption=Copy URL with password
 filemenu.CopyURLwithdifferentaddress1.Caption=Copy URL with different host address
 filemenu.CopyURLwithfingerprint1.Caption=Copy URL with fingerprint
 filemenu.Browseit1.Caption=Browse it
 filemenu.SetURL1.Caption=Set URL...
 filemenu.Openit1.Caption=Open it
@ -127,8 +129,6 @@ filemenu.Flagasnew1.Caption=Flag as new
 filemenu.Resetnewflag1.Caption=Reset <new> flag
 filemenu.Setuserpass1.Caption=Set user/pass...
 filemenu.Resetuserpass1.Caption=Reset user/pass
 filemenu.CopyURLwithdifferentaddress1.Caption=Copy URL with different host address
 filemenu.CopyURLwithfingerprint1.Caption=Copy URL with fingerprint
 filemenu.Purge1.Caption=Purge...
 filemenu.Switchtovirtual1.Caption=Change to virtual-folder
 filemenu.Switchtorealfolder1.Caption=Change to real-folder
@ -282,7 +282,6 @@ menu.Debug1.dumpTrafficChk.Caption=Dump traffic
 menu.Debug1.Showcustomizedoptions1.Caption=Show customized options...
 menu.Debug1.highSpeedChk.Caption=Experimental high speed handling
 menu.Debug1.macrosLogChk.Caption=Enable macros.log
 menu.Debug1.Appendmacroslog1.Caption=Append macros.log
 menu.Debug1.Runscript1.Caption=Run script...
 menu.Debug1.showMemUsageChk.Caption=Show memory usage
 menu.Debug1.noContentdispositionChk.Caption=No Content-disposition
@ -397,7 +396,7 @@ pageCtrl.accountsPage.accountpropGrp.Label8.Caption=Notes
 pageCtrl.accountsPage.accountpropGrp.accountenabledChk.Caption=&Enabled
 pageCtrl.accountsPage.accountpropGrp.ignoreLimitsChk.Caption=&Ignore limits
 pageCtrl.accountsPage.accountpropGrp.pwdBox.EditLabel.Caption=&Password
-pageCtrl.accountsPage.accountpropGrp.redirBox.EditLabel.Caption=After ~login, redirect to
+pageCtrl.accountsPage.accountpropGrp.redirBox.EditLabel.Caption{1}=After login, redirect to
 pageCtrl.accountsPage.accountpropGrp.accountLinkBox.EditLabel.Caption=Member of
 pageCtrl.accountsPage.accountpropGrp.groupChk.Caption=&Group
 pageCtrl.accountsPage.accountpropGrp.groupsBtn.Caption=Choose...
@ -452,141 +451,283 @@ Panel1.Button1.Caption=&Yes
 Panel1.Button2.Caption=&No
 [ResourceStrings]
-64820_main_MSG{1}=The current template is using macros.\^Do you want to cancel this action?
+64656_main_MSG_NUM_ADDR=In this moment there are %d different addresses
-64801_main_REMOVE_SHELL=Remove from shell context menu
+64657_main_MSG_NUM_ADDR_DL=In this moment there are %d different addresses downloading
-64802_main_S_OFF=Switch OFF
+64658_main_MSG_MAX_LINES=Max lines on screen.
-64803_main_S_ON{1}=Switch ON
+64659_main_MSG_APACHE_LOG_FMT=Apache log file format
-64804_main_LOG=Log
+64660_main_MSG_APACHE_LOG_FMT_LONG=Here you can specify how to format the log file complying Apache standard.\^Leave blank to get bare copy of screen on file.\^\^Example:\^   %h %l %u %t "%r" %>s %b
-64820_main_MSG=You are invited to re-insert your No-IP configuration, otherwise the updater won't work as expected.
+64661_main_MSG_ICONS_ADDED=%d new icons added
-64820_main_MSG{1}=Max simultaneous addresses.
+64662_main_MSG_DDNS_DISABLED=Dynamic DNS updater disabled
-64809_main_MSG2=In this moment there are %d different addresses
+64663_main_MSG_MD5_WARN=This option creates an .md5 file for every new calculated fingerprint.\^Use with care to get not your disk invaded by these files.
-64820_main_MSG{1}=Max simultaneous addresses downloading.
+64664_main_MSG_AUTO_MD5=Auto fingerprint
-64809_main_MSG2{1}=In this moment there are %d different addresses downloading
+64665_main_MSG_AUTO_MD5_LONG=When you add files and no fingerprint is found, it is calculated.\^To avoid long waitings, set a limit to file size (in KiloBytes).\^Leave empty to disable, and have no fingerprint created.
-64820_main_MSG{1}=Max lines on screen
+64666_main_MSG_UPL_HOWTO=1. Add a folder (choose "real folder")\^\^You should now see a RED folder in your virtual file sytem, inside HFS\^\^2. Right click on this folder\^3. Properties -> Permissions -> Upload\^4. Check on "Anyone"\^5. Ok\^\^Now anyone who has access to your HFS server can upload files to you.
-64820_main_MSG{1}=Here you can specify how to format the log file complying Apache standard.\^Leave blank to get bare copy of screen on file.\^\^Example:\^   %h %l %u %t "%r" %>s %b
+64672_main_MSG_EVENTS_HLP=For help on how to use this file please refer http://www.rejetto.com/wiki/?title=HFS:_Event_scripts
-64820_main_MSG{1}=This option creates an .md5 file for every new calculated fingerprint.\^Use with care to get not your disk invaded by these files.
+64673_main_MSG_EDIT_RES=Edit resource
-64820_main_MSG{1}=When you add files and no fingerprint is found, it is calculated.\^To avoid long waitings, set a limit to file size (in KiloBytes).\^Leave empty to disable, and have no fingerprint created.
+64674_main_MSG_TPL_USE_MACROS=The current template is using macros.\^Do you want to cancel this action?
-64820_main_MSG{1}=Specify your addresses, each per line
+64675_main_REMOVE_SHELL=Remove from shell context menu
-64820_main_MSG{1}=Can't find external address\^( %s )
+64676_main_S_OFF=Switch OFF
-64820_main_MSG{1}=This option makes pointless the option "Find external address at startup", which has now been disabled for your convenience.
+64677_main_S_ON{1}=Switch ON
-64820_main_MSG{1}=Enter URL for updating.\^%ip% will be translated to your external IP.
+64678_main_LOG=Log
-64820_main_MSG{1}=The upload will fail if your disk has less than the specified amount of free MegaBytes.
+64679_main_MSG_RE_NOIP=You are invited to re-insert your No-IP configuration, otherwise the updater won't work as expected.
-64820_main_MSG{1}=This string will be appended to the filename.\^\^If you need more control, enter a string with %name% in it, and this symbol will be replaced by the original filename.
+64680_main_MSG_TRAY_DEF=%ip%\^Uptime: %uptime%\^Downloads: %downloads%
-64822_main_MSG_BEFORE=Here you can test if your server does work on the Internet.\^If you are not interested in serving files over the Internet, this is NOT for you.\^\^We'll now perform a test involving network activity.\^In order to complete this test, you may need to allow HFS's activity in your firewall, by clicking Allow on the warning prompt.\^\^WARNING: for the duration of the test, all ban rules and limits on the number of connections won't apply.
+64681_main_MSG_CLEAN_START=Clean start
-64823_main_MSG_OK=The test is successful. The server should be working fine.
+64682_main_MSG_RESTORE_BAK=A file system backup has been created for a system shutdown.\^Do you want to restore this backup?
-64824_main_MSG_OK_PORT=Port %s is not working, but another working port has been found and set: %s.
+64683_main_MSG_EXT_ADDR_FAIL=Search for external address failed
-64825_main_MSG_3=You may be behind a router or firewall.
+64684_main_MSG_TO_EXPERT=Switch to expert mode.
-64826_main_MSG_6=You are behind a router.\^Ensure it is configured to forward port %s to your computer.
+64685_main_MSG_DONT_LOG_HINT=Select the files/folder you don't want to be logged,\^then right click and select "Don't log".
-64827_main_MSG_7=You may be behind a firewall.\^Ensure nothing is blocking HFS.
+64686_main_MSG_DL_PERC=Downloading %d%%
-64820_main_MSG{1}="Suggest" the browser to open directly the specified files.\^Other files should pop up a save dialog.
+64687_main_MSG_UNINSTALL_WARN=Delete HFS and all settings?
-64820_main_MSG{1}=You should not use this option unless you really know its meaning.\^Continue?
+64688_main_MSG_SELF_3=You may be behind a router or firewall.
-64830_main_HELP=For help on how to use this file please refer http://www.rejetto.com/wiki/?title=HFS:_Event_scripts
+64689_main_MSG_SELF_6=You are behind a router.\^Ensure it is configured to forward port %s to your computer.
-64831_main_CAPTION=Edit resource
+64690_main_MSG_SELF_7=You may be behind a firewall.\^Ensure nothing is blocking HFS.
-64832_main_MSG_CORRUPTED=This file does not contain valid data.
+64691_main_MSG_RET_EXT=Retrieving external address...
-64833_main_MSG_MACROS_FOUND=!!!!!!!!! DANGER !!!!!!!!!\^This file contains macros.\^Don't accept macros from people you don't trust.\^\^Trust this file?
+64692_main_MSG_SELF_CANT_ON=Unable to switch the server on
-64834_main_MSG_INFO=Last stable version: %s\^\^Last untested version: %s\^
+64693_main_MSG_SELF_CANT_LIST=Self test cannot be performed because HFS was configured to accept connections only on 127.0.0.1
-64835_main_MSG_NEWER=There's a new version available online: %s
+64694_main_MSG_SELF_CANT_S=Self test doesn't support HTTPS.\^It's likely it won't work.
-64836_main_ARE_EXPERT{1}=You are in Expert mode
+64695_main_MSG_SELF_ING=Self testing...
-64837_main_ARE_EASY=You are in Easy mode
+64696_main_MSG_TEST_CANC=Test cancelled
-64838_main_SW2EXPERT=Switch to Expert mode
+64697_main_MSG_TEST_INET=Testing internet connection...
-64839_main_SW2EASY=Switch to Easy mode
+64698_main_MSG_SELF_UNAV=Sorry, the test is unavailable at the moment
-64820_main_MSG{1}=Enter the number of MINUTES with no download after which the program automatically shuts down.\^Leave blank to get no timeout.
+64699_main_MSG_SELF_NO_INET=Your internet connection does not work
-64820_main_MSG{1}=This function does not save any previous information to the log file.\^Instead, it saves all information that appears in the log box in real-time (from when you click "OK", below).\^Specify a filename for the log.\^If you leave the filename blank, no log file is saved.\^\^Here are some symbols you can use in the filename to split the log:\^  %d% -- day of the month (1..31)\^  %m% -- month (1..12)\^  %y% -- year (2000..)\^  %dow% -- day of the week (0..6)\^  %w% -- week of the year (1..53)\^  %user% -- username surrounded by parenthesis
+64700_main_MSG_SELF_NO_ANSWER=The test failed: server does not answer.
-64820_main_MSG{1}=Please insert an URL for the link\^\^Do not forget to specify http:// or whatever.\^%%ip%% will be translated to your address
+64701_main_MSG_OPEN_BROW=Open directly in browser
-64820_main_MSG{1}=The realm string is shown on the user/pass dialog of the browser.\^Here you can customize the realm for the login button
+64702_main_MSG_OPEN_BROW_LONG="Suggest" the browser to open directly the specified files.\^Other files should pop up a save dialog.
-64820_main_MSG{1}=The connection is kicked after a timeout.\^Specify in seconds.\^Leave blank to get no timeout.
+64703_main_MSG_HIDE_PORT=You should not use this option unless you really know its meaning.\^Continue?
-64820_main_MSG{1}=All changes will be lost\^Continue?
+64704_main_MSG_RESET_TOT=Do you want to reset total in/out?
-64820_main_MSG{1}=Enter the number of MINUTES files stay flagged from their addition.\^Leave blank to disable.
+64705_main_MSG_DISAB_FIND_EXT=This option makes pointless the option "Find external address at startup", which has now been disabled for your convenience.
-64820_main_MSG{1}=Any event from the following IP address mask will be not logged.
+64706_main_MSG_ENT_URL=Enter URL
-64876_main_LIMIT{1}=Speed limit
+64707_main_MSG_ENT_URL_LONG=Enter URL for updating.\^%ip% will be translated to your external IP.
-64849_main_MSG_MAX_BW_1=Max bandwidth for single address (KB/s).
+64708_main_MSG_ENT_USR=Enter user
-64850_main_LIMIT1=Speed limit for single address
+64709_main_MSG_ENT_PWD=Enter password
-64851_main_NODL=No downloads timeout: 
+64710_main_MSG_ENT_HOST=Enter host
-64820_main_MSG{1}=Graph refresh rate: %d (tenths of second)
+64711_main_MSG_ENT_HOST_LONG=Enter domain (full form!)
-64820_main_MSG{1}=Max simultaneous connections to serve.\^Most people don't know this function well, and have problems. If you are unsure, please use the "Max simultaneous downloads".
+64712_main_MSG_HOST_FORM=Please, enter it in the FULL form, with dots
-64809_main_MSG2{1}=In this moment there are %d active connections
+64713_main_MSG_MIN_SPACE=Min disk space
-64820_main_MSG{1}=Max simultaneous downloads.
+64714_main_MSG_MIN_SPACE_LONG=The upload will fail if your disk has less than the specified amount of free MegaBytes.
-64809_main_MSG2{1}=In this moment there are %d active downloads
+64715_main_MSG_REN_PART=Rename partial uploads
-64820_main_MSG{1}=Max simultaneous connections to accept from a single IP address.\^Most people don't know this function well, and have problems. If you are unsure, please use the "Max simultaneous downloads from a single IP address".
+64716_main_MSG_REN_PART_LONG=This string will be appended to the filename.\^\^If you need more control, enter a string with %name% in it, and this symbol will be replaced by the original filename.
-64820_main_MSG{1}=Max simultaneous downloads from a single IP address.
+64717_main_MSG_SELF_BEFORE=Here you can test if your server does work on the Internet.\^If you are not interested in serving files over the Internet, this is NOT for you.\^\^We'll now perform a test involving network activity.\^In order to complete this test, you may need to allow HFS's activity in your firewall, by clicking Allow on the warning prompt.\^\^WARNING: for the duration of the test, all ban rules and limits on the number of connections won't apply.
-64859_main_MSG_TITLE=Loading VFS
+64718_main_MSG_SELF_OK=The test is successful. The server should be working fine.
-64860_main_MSG_OLD=This file is old and uses different settings.\^The "let browse" folder option will be reset.\^Re-saving the file will update its format.
+64719_main_MSG_SELF_OK_PORT=Port %s is not working, but another working port has been found and set: %s.
-64861_main_MSG_UNK_FK=This file has been created with a newer version.\^Some data was discarded because unknown.\^If you save the file now, the discarded data will NOT be saved.
+64720_main_MSG_LOG_FILE=Log file
-64862_main_MSG_VIS_ONLY_ANON=This VFS file uses the "Visible only to anonymous users" feature.\^This feature is not available anymore.\^You can achieve similar results by restricting access to @anonymous,\^then enabling "List protected items only for allowed users".
+64721_main_MSG_LOG_FILE_LONG=This function does not save any previous information to the log file.\^Instead, it saves all information that appears in the log box in real-time (from when you click "OK", below).\^Specify a filename for the log.\^If you leave the filename blank, no log file is saved.\^\^Here are some symbols you can use in the filename to split the log:\^  %d% -- day of the month (1..31)\^  %m% -- month (1..12)\^  %y% -- year (2000..)\^  %dow% -- day of the week (0..6)\^  %w% -- week of the year (1..53)\^  %user% -- username surrounded by parenthesis
-64863_main_MSG_AUTO_DISABLED=Because of the problems encountered in loading,\^automatic saving has been disabled\^until you save manually or load another one.
+64722_main_MSG_SET_URL=Set URL
-64864_main_IN_SPEED=In: %.1f KB/s
+64723_main_MSG_SET_URL_LONG=Please insert an URL for the link\^\^Do not forget to specify http:// or whatever.\^%%ip%% will be translated to your address
-64865_main_BANS=Ban rules: %d
+64724_main_MSG_REALM=Login realm
-64866_main_MEMORY=Mem
+64725_main_MSG_REALM_LONG=The realm string is shown on the user/pass dialog of the browser.\^Here you can customize the realm for the login button
-64867_main_CUSTOMIZED=Customized template
+64726_main_MSG_INACT_TIMEOUT=Connection inactivity timeout
-64868_main_ITEMS=VFS: %d items
+64727_main_MSG_INACT_TIMEOUT_LONG=The connection is kicked after a timeout.\^Specify in seconds.\^Leave blank to get no timeout.
-64869_main_MSG1=%s item(s) already exists:\^%s\^\^Continue?
+64728_main_MSG_CHANGES_LOST=All changes will be lost\^Continue?
-64820_main_MSG{1}=Leave empty to disable this feature.\^Here you can specify a mask.\^When a file is requested, if the mask doesn't match the "Referer" HTTP field, the request is rejected.
+64729_main_MSG_FLAG_NEW=Flag new files
-64871_main_MSG_BETTERSTOP=\^Going on may lead to problems.\^It is adviced to stop loading.\^Stop?
+64730_main_MSG_FLAG_NEW_LONG=Enter the number of MINUTES files stay flagged from their addition.\^Leave blank to disable.
-64872_main_MSG_BADCRC=This file is corrupted (CRC).
+64731_main_MSG_DONT_LOG_MASK=Do not log address
-64835_main_MSG_NEWER{1}=This file has been created with a newer and incompatible version.
+64732_main_MSG_DONT_LOG_MASK_LONG=Any event from the following IP address mask will be not logged.
-64874_main_MSG_ZLIB=This file is corrupted (ZLIB).
+64733_main_MSG_CUST_IP=Custom IP addresses
-64875_main_MSG_BAKAVAILABLE=This file is corrupted but a backup is available.\^Continue with backup?
+64734_main_MSG_CUST_IP_LONG=Specify your addresses, each per line
-64876_main_LIMIT=Limit
+64735_main_MSG_NO_EXT_IP=Can't find external address\^( %s )
-64877_main_TOP_SPEED=Top speed
+64736_main_MSG_TENTH_SEC=Tenths of second
-64878_main_MSG_MAX_BW=Max bandwidth (KB/s).
+64737_main_MSG_LOADING_VFS=Loading VFS
-64879_main_ZEROMSG=Zero is an effective limit.\^To disable instead, leave empty.
+64738_main_MSG_VFS_OLD=This file is old and uses different settings.\^The "let browse" folder option will be reset.\^Re-saving the file will update its format.
-64880_main_AUTOSAVE=Auto save every: 
+64739_main_MSG_UNK_FK=This file has been created with a newer version.\^Some data was discarded because unknown.\^If you save the file now, the discarded data will NOT be saved.
-64820_main_MSG{1}=Auto-save %s.\^Specify in seconds.\^Leave blank to disable.
+64740_main_MSG_VIS_ONLY_ANON=This VFS file uses the "Visible only to anonymous users" feature.\^This feature is not available anymore.\^You can achieve similar results by restricting access to @anonymous,\^then enabling "List protected items only for allowed users".
-64882_main_MSG_MIN=We don't accept less than %d
+64741_main_MSG_AUTO_DISABLED=Because of the problems encountered in loading,\^automatic saving has been disabled\^until you save manually or load another one.
-64883_main_MSG_BAN=Your ban configuration may have been screwed up.\^Please verify it.
+64742_main_MSG_CORRUPTED=This file does not contain valid data.
-64820_main_MSG{1}=Can't save options there.\^Should I try to save to user registry?
+64743_main_MSG_MACROS_FOUND=!!!!!!!!! DANGER !!!!!!!!!\^This file contains macros.\^Don't accept macros from people you don't trust.\^\^Trust this file?
-64885_main_MSG_SAVE_ERROR=Cannot save the update
+64744_main_MSG_UPD_INFO=Last stable version: %s\^\^Last untested version: %s\^
-64886_main_MSG_LIMITED=The auto-update feature cannot work because it requires the "Only 1 instance" option enabled.\^\^Your browser will now be pointed to the update, so you can install it manually.
+64745_main_MSG_NEWER=There's a new version available online: %s
-64887_main_MSG_UPDATE=You are invited to use the new version.\^\^Update now?
+64746_main_MSG_SRC_UPD=Searching for updates...
-64888_main_MSG_FROMDISK=Update info has been read from local file.\^To resume normal operation of the updater, delete the file hfs.updateinfo.txt from the HFS program folder.
+64747_main_ARE_EXPERT{1}=You are in Expert mode
-64889_main_COPY=Copy to clipboard
+64748_main_ARE_EASY=You are in Easy mode
-64890_main_ALREADY=Already in clipboard
+64749_main_SW2EXPERT=Switch to Expert mode
-64891_main_NOSPACE=Out of space
+64750_main_SW2EASY=Switch to Easy mode
-64892_main_CONN=Connections: %d
+64751_main_MSG_DL_TIMEOUT_LONG=Enter the number of MINUTES with no download after which the program automatically shuts down.\^Leave blank to get no timeout.
-64893_main_TOT_IN=Total In: %s
+64752_main_MSG_NEWER_INCOMP=This file has been created with a newer and incompatible version.
-64894_main_TOT_OUT{1}=Total Out: %s
+64753_main_MSG_ZLIB=This file is corrupted (ZLIB).
-64895_main_OUT_SPEED=Out: %.1f KB/s
+64754_main_MSG_BAKAVAILABLE=This file is corrupted but a backup is available.\^Continue with backup?
-64896_main_MSG_DDNS_notdonator=an option specified requires payment
+64755_main_MSG_CANT_LOAD_SAVE=Cannot load or save while adding files
-64897_main_MSG_DDNS_badagent=banned client
+64756_main_MSG_OPEN_VFS=Open VFS file
-64820_main_MSG{1}=There are %d open connections from this address.\^Do you want to kick them all now?
+64757_main_LIMIT{2}=Limit
-64809_main_MSG2{1}=You can edit the address.\^Masks and ranges are allowed.
+64758_main_TOP_SPEED=Top speed
-64820_main_MSG{1}=This option is NOT compatible with "dynamic dns updater".\^Continue?
+64759_main_MSG_MAX_BW=Max bandwidth (KB/s).
-64809_main_MSG2{1}=There are %d connections open.\^Do you want to close them now?
+64760_main_MSG_LIM0=Zero is an effective limit.\^To disable instead, leave empty.
-64902_main_FAILED=Login failed
+64761_main_MSG_MAX_BW_1=Max bandwidth for single address (KB/s).
-64876_main_LIMIT{1}=Max simultaneous addresses: %s ...
+64762_main_MSG_GRAPH_RATE_MENU=Graph refresh rate: %d (tenths of second)
-64876_main_LIMIT{1}=Max simultaneous addresses downloading: %s ...
+64763_main_MSG_MAX_CON_LONG=Max simultaneous connections to serve.\^Most people don't know this function well, and have problems. If you are unsure, please use the "Max simultaneous downloads".
-64876_main_LIMIT{1}=Max connections: %s ...
+64764_main_MSG_WARN_CONN=In this moment there are %d active connections
-64876_main_LIMIT{1}=Max connections from single address: %s ...
+64765_main_MSG_WARN_ACT_DL=In this moment there are %d active downloads
-64876_main_LIMIT{1}=Max simultaneous downloads: %s ...
+64766_main_MSG_MAX_CON_SING_LONG=Max simultaneous connections to accept from a single IP address.\^Most people don't know this function well, and have problems. If you are unsure, please use the "Max simultaneous downloads from a single IP address".
-64876_main_LIMIT{1}=Max simultaneous downloads from single address: %s ...
+64767_main_MSG_GRAPH_RATE{1}=Graph refresh rate
-64909_main_FINGERPRINT=Create fingerprint on addition under %d KB
+64768_main_MSG_VFS_DONT_CONS_DL_MASK=Don't consider as download (mask): %s
-64910_main_NO_FINGERPRINT=Create fingerprint on addition: disabled
+64769_main_MSG_VFS_INHERITED= [inherited]
-64820_main_MSG{1}=Please insert a comment for "%s".\^You should use HTML: <br> for break line.
+64770_main_MSG_VFS_EXTERNAL= [external]
-64912_main_MSG_EMPTY_NO_LIMIT=Leave blank to get no limits.
+64771_main_MSG_CON_HINT=Connection time: %s\^Last request time: %s\^Agent: %s
-64913_main_MSG_ADDRESSES_EXCEED=The following addresses exceed the limit:\^%s
+64772_main_MSG_CON_STATE_IDLE=idle
-64914_main_MSG_NO_TEMP=Cannot save temporary file
+64773_main_MSG_CON_STATE_REQ=requesting
-64915_main_MSG_ERROR_REGISTRY=Can't write to registry.\^You may lack necessary rights.
+64774_main_MSG_CON_STATE_RCV=receiving
-64916_main_MSG_MANY_ITEMS=You are putting many files.\^Try using real folders instead of virtual folders.\^Read documentation or ask on the forum for help.
+64775_main_MSG_CON_STATE_THINK=thinking
-64917_main_MSG_ADD_TO_HFS="Add to HFS" has been added to your Window's Explorer right-click menu.
+64776_main_MSG_CON_STATE_REP=replying
-64918_main_MSG_SINGLE_INSTANCE=Sorry, this feature only works with the "Only 1 instance" option enabled.\^\^You can find this option under Menu -> Start/Exit\^(only in expert mode)
+64777_main_MSG_CON_STATE_SEND=sending
-64919_main_MSG_COMM_ERROR=Network error. Request failed.
+64778_main_MSG_CON_STATE_DISC=disconnected
-64920_main_MSG_DDNS_badauth=invalid user/password
+64779_main_MSG_TPL_RESET=The template has been reset
-64921_main_MSG_DDNS_notfqdn=incomplete hostname, required form aaa.bbb.com
+64780_main_MSG_ALLO_REF=Allowed referer
-64922_main_MSG_DDNS_nohost=specified hostname does not exist
+64781_main_MSG_ALLO_REF_LONG=Leave empty to disable this feature.\^Here you can specify a mask.\^When a file is requested, if the mask doesn't match the "Referer" HTTP field, the request is rejected.
-64923_main_MSG_DDNS_notyours=specified hostname belongs to another username
+64782_main_MSG_BETTERSTOP=\^Going on may lead to problems.\^It is adviced to stop loading.\^Stop?
-64924_main_MSG_DDNS_numhost=too many or too few hosts found
+64783_main_MSG_BADCRC=This file is corrupted (CRC).
-64925_main_MSG_DDNS_abuse=specified hostname is blocked for update abuse
+64784_main_MSG_VFS_HIDE_EMPTY=Hidden if empty
-64926_main_MSG_DDNS_dnserr=server error
+64785_main_MSG_VFS_NOT_BROW=Not browsable
-64927_main_MSG_DDNS_911=server error
+64786_main_MSG_VFS_HIDE_EMPTY_FLD=Hide empty folders
-64935_main_S_PORT_LABEL=Port: %s
+64787_main_MSG_VFS_HIDE_EXT=Hide extention
-64936_main_S_PORT_ANY=any
+64788_main_MSG_VFS_ARCABLE=Archivable
-64937_main_DISABLED=disabled
+64789_main_MSG_VFS_DEF_MASK=Default file mask: %s
-64938_main_MSG_UNPROTECTED_LINKS=Links are NOT actually protected.\^The feature is there to be used with the "list protected items only..." option.\^Continue?
+64790_main_MSG_VFS_ACCESS=Access for
-64939_main_MSG_SAME_NAME=An item with the same name is already present in this folder.\^Continue?
+64791_main_MSG_VFS_UPLOAD=Upload allowed for
-64940_main_MSG_OPTIONS_SAVED=Options saved
+64792_main_MSG_VFS_DELETE=Delete allowed for
-64941_main_MSG_SOME_LOCKED=Some items were not affected because locked
+64793_main_MSG_VFS_COMMENT=Comment: %s
-64942_main_MSG_ITEM_LOCKED=The item is locked
+64794_main_MSG_VFS_REALM=Realm: %s
-64943_main_MSG_INVALID_VALUE=Invalid value
+64795_main_MSG_VFS_DIFF_TPL=Diff template: %s
 64796_main_MSG_VFS_FILES_FLT=Files filter: %s
 64797_main_MSG_VFS_FLD_FLT=Folders filter: %s
 64798_main_MSG_VFS_UPL_FLT=Upload filter: %s
 64799_main_MSG_VFS_DONT_CONS_DL=Don't consider as download
 64800_main_IN_SPEED=In: %.1f KB/s
 64801_main_BANS=Ban rules: %d
 64802_main_MEMORY=Mem
 64803_main_CUST_TPL=Customized template
 64804_main_VFS_ITEMS=VFS: %d items
 64805_main_MSG_ITEM_EXISTS=%s item(s) already exists:\^%s\^\^Continue?
 64806_main_MSG_INSTALL_TPL=Install this template?
 64807_main_MSG_FOLDER_UPLOAD=Do you want ANYONE to be able to upload to this folder?
 64808_main_MSG_VFS_DRAG_INVIT=Drag your files here
 64809_main_MSG_VFS_URL=URL: %s
 64810_main_MSG_VFS_PATH=Path: %s
 64811_main_MSG_VFS_SIZE=Size: %s
 64812_main_MSG_VFS_DLS=Downloads: %s
 64813_main_MSG_VFS_INVISIBLE=Invisible
 64814_main_MSG_VFS_DL_FORB=Download forbidden
 64815_main_MSG_VFS_DONT_LOG=Don't log
 64816_main_MSG_UPD_DL=Downloading new version...
 64817_main_MSG_UPDATE=You are invited to use the new version.\^\^Update now?
 64818_main_MSG_REQUESTING=Requesting...
 64819_main_MSG_CHK_UPD=Checking for updates
 64820_main_MSG_CHK_UPD_FAIL=Check update: failed
 64821_main_MSG_CHK_UPD_HEAD=Check update: 
 64822_main_MSG_CHK_UPD_VER=new version found: %s
 64823_main_MSG_CHK_UPD_VER_EXT=Build #%s (current is #%s)
 64824_main_MSG_CHK_UPD_NONE=no new version
 64825_main_TO_CLIP=Copy to clipboard
 64826_main_ALREADY_CLIP=Already in clipboard
 64827_main_MSG_NO_SPACE=Out of space
 64828_main_CONN=Connections: %d
 64829_main_TOT_IN=Total In: %s
 64830_main_TOT_OUT{1}=Total Out: %s
 64831_main_OUT_SPEED=Out: %.1f KB/s
 64832_main_MSG_FILE_ADD_ABORT=File addition was aborted.\^The list of files is incomplete.
 64833_main_MSG_ADDING=Adding item #%d
 64834_main_MSG_INV_FILENAME=Invalid filename
 64835_main_MSG_DELETE=Delete?
 64836_main_AUTOSAVE=Auto save every: 
 64837_main_SECONDS=%d seconds
 64838_main_MSG_SPD_LIMIT_SING=Speed limit for single address
 64839_main_MSG_SPD_LIMIT=Speed limit
 64840_main_MSG_AUTO_SAVE=Auto-save %s
 64841_main_MSG_AUTO_SAVE_LONG=Auto-save %s.\^Specify in seconds.\^Leave blank to disable.
 64842_main_MSG_MIN=We don't accept less than %d
 64843_main_MSG_BAN=Your ban configuration may have been screwed up.\^Please verify it.
 64844_main_MSG_CANT_SAVE_OPT=Can't save options there.\^Should I try to save to user registry?
 64845_main_MSG_UPD_SAVE_ERROR=Cannot save the update
 64846_main_MSG_UPD_REQ_ONLY1=The auto-update feature cannot work because it requires the "Only 1 instance" option enabled.\^\^Your browser will now be pointed to the update, so you can install it manually.
 64847_main_MSG_UPD_WAIT=Waiting for last requests to be served, then we'll update
 64848_main_MSG_LOG_HEAD=Served head
 64849_main_MSG_LOG_NOT_MOD=Not modified, use cache
 64850_main_MSG_LOG_REDIR=Redirected to %s
 64851_main_MSG_LOG_NOT_SERVED=Not served: %d - %s
 64852_main_MSG_LOG_UPL=Uploading %s
 64853_main_MSG_LOG_UPLOADED=Fully uploaded %s - %s @ %sB/s
 64854_main_MSG_LOG_UPL_FAIL=Upload failed %s
 64855_main_MSG_LOG_DL=Fully downloaded - %s @ %sB/s - %s
 64856_main_MSG_LOGIN_FAILED=Login failed
 64857_main_MSG_MIN_DISK_REACHED=Minimum disk space reached.
 64858_main_MSG_UPL_NAME_FORB=File name or extension forbidden.
 64859_main_MSG_UPL_CANT_CREATE=Error creating file.
 64860_main_FINGERPRINT=Create fingerprint on addition under %d KB
 64861_main_NO_FINGERPRINT=Create fingerprint on addition: disabled
 64862_main_MSG_SAVE_VFS=Your current file system is not saved.\^Save it?
 64863_main_MSG_INP_COMMENT=Please insert a comment for "%s".\^You should use HTML: <br> for break line.
 64864_main_MSG_BAN_CMT=Ban comment
 64865_main_MSG_BAN_CMT_LONG=A comment for this ban...
 64866_main_MSG_BREAK_DYN_DNS=This option is NOT compatible with "dynamic dns updater".\^Continue?
 64867_main_MSG_CANT_OPEN_PORT=Cannot open port.
 64868_main_MSG_PORT_USED_BY=It is already used by %s
 64869_main_MSG_PORT_BLOCKED=Something is blocking, maybe your system firewall.
 64870_main_MSG_KICK_ALL=There are %d connections open.\^Do you want to close them now?
 64871_main_MSG_TPL_INCOMPATIBLE=The template you are trying to load is not compatible with current HFS version.\^HFS will now use default template.\^Ask on the forum if you need further help.
 64872_main_MSG_LOG_SERVER_START=Server start
 64873_main_MSG_LOG_SERVER_STOP=Server stop
 64874_main_MSG_LOG_CONNECTED=Connected
 64875_main_MSG_LOG_DISC_SRV=Disconnected by server
 64876_main_MSG_LOG_DISC=Disconnected
 64877_main_MSG_LOG_GOT=Got %d bytes
 64878_main_MSG_LOG_BYTES_SENT=%s bytes sent
 64879_main_MSG_LOG_SERVED=Served %s
 64880_main_MSG_DDNS_FAIL=DNS update failed: %s\^User intervention is required.
 64881_main_MSG_DDNS_REPLY_SIZE=%d bytes reply
 64882_main_MSG_DDNS_badauth=invalid user/password
 64883_main_MSG_DDNS_notfqdn=incomplete hostname, required form aaa.bbb.com
 64884_main_MSG_DDNS_nohost=specified hostname does not exist
 64885_main_MSG_DDNS_notyours=specified hostname belongs to another username
 64886_main_MSG_DDNS_numhost=too many or too few hosts found
 64887_main_MSG_DDNS_abuse=specified hostname is blocked for update abuse
 64888_main_MSG_DDNS_dnserr=server error
 64889_main_MSG_DDNS_911=server error
 64890_main_MSG_DDNS_notdonator=an option specified requires payment
 64891_main_MSG_DDNS_badagent=banned client
 64892_main_MSG_BAN_MASK=Ban IP mask
 64893_main_MSG_IP_MASK_LONG=You can edit the address.\^Masks and ranges are allowed.
 64894_main_MSG_KICK_ADDR=There are %d open connections from this address.\^Do you want to kick them all now?
 64895_main_MSG_BAN_ALREADY=This IP address is already banned
 64896_main_MSG_ADDRESSES_EXCEED=The following addresses exceed the limit:\^%s
 64897_main_MSG_NO_TEMP=Cannot save temporary file
 64898_main_MSG_ERROR_REGISTRY=Can't write to registry.\^You may lack necessary rights.
 64899_main_MSG_MANY_ITEMS=You are putting many files.\^Try using real folders instead of virtual folders.\^Read documentation or ask on the forum for help.
 64900_main_MSG_ADD_TO_HFS="Add to HFS" has been added to your Window's Explorer right-click menu.
 64901_main_MSG_SINGLE_INSTANCE=Sorry, this feature only works with the "Only 1 instance" option enabled.\^\^You can find this option under Menu -> Start/Exit\^(only in expert mode)
 64902_main_MSG_COMM_ERROR=Network error. Request failed.
 64903_main_MSG_CON_PAUSED=paused
 64904_main_MSG_CON_SENT=%s / %s sent
 64905_main_MSG_CON_RECEIVED=%s / %s received
 64906_main_MSG_DDNS_NO_REPLY=no reply
 64907_main_MSG_DDNS_OK=successful
 64908_main_MSG_DDNS_UNK=unknown reply: %s
 64909_main_MSG_DDNS_ERR=error: %s
 64910_main_MSG_DDNS_REQ=DNS update requested for %s: %s
 64911_main_MSG_DDNS_DOING=Updating dynamic DNS...
 64912_main_MSG_MAX_CON_SING=Max connections from single address
 64913_main_MSG_MAX_SIM_ADDR{1}=Max simultaneous addresses
 64914_main_MSG_MAX_SIM_ADDR_DL=Max simultaneous addresses downloading
 64915_main_MSG_MAX_SIM_DL_SING{2}=Max simultaneous downloads from single address
 64916_main_MSG_MAX_SIM_DL=Max simultaneous downloads
 64917_main_MSG_SET_LIMIT=Set limit
 64918_main_MSG_UNPROTECTED_LINKS=Links are NOT actually protected.\^The feature is there to be used with the "list protected items only..." option.\^Continue?
 64919_main_MSG_SAME_NAME=An item with the same name is already present in this folder.\^Continue?
 64920_main_MSG_CONTINUE=Continue?
 64921_main_MSG_PROCESSING=Processing...
 64922_main_MSG_SPEED_KBS=%.1f kB/s
 64923_main_MSG_OPTIONS_SAVED=Options saved
 64924_main_MSG_SOME_LOCKED=Some items were not affected because locked
 64925_main_MSG_ITEM_LOCKED=The item is locked
 64926_main_MSG_INVALID_VALUE=Invalid value
 64927_main_MSG_EMPTY_NO_LIMIT=Leave blank to get no limits.
 64935_classesLib_MSG_ANTIDOS_REPLY=Please wait, server busy
 64936_optionsDlg_MSG_INVERT_BAN=Normal behavior of the Ban is to prevent access to the addresses you specify (also called black-list).\^If you want the opposite, to allow the addresses that you specify (white-list), enter all addresses in a single row preceded by a \ character.\^\^Let say you want to allow all your 192.168 local network plus your office at 1.1.1.1.\^Just put this IP address mask: \192.168.*;1.1.1.1\^The opening \ character inverts the logic, so everything else is banned.\^\^If you want to know more about address masks, check the guide.
 64937_main_S_PORT_LABEL=Port: %s
 64938_main_S_PORT_ANY=any
 64939_main_DISABLED=disabled
 64940_main_S_OK=Ok
 64941_main_MSG_MENU_VAL= (%s)
 64942_main_MSG_DL_TIMEOUT{1}=No downloads timeout
 64943_main_MSG_MAX_CON=Max connections
 65046_OverbyteIcsHttpContCod_ERR_GETCODING_OVERRIDE=GetCoding must be overridden in %s
 65088_OverbyteIcsCharsetUtils_sHebrewISOVisual=Hebrew (ISO-Visual)
 65089_OverbyteIcsCharsetUtils_sHebrewWindows=Hebrew (Windows)
 65090_OverbyteIcsCharsetUtils_sJapaneseJIS=Japanese (JIS)
@ -601,7 +742,6 @@ Panel1.Button2.Caption=&No
 65099_OverbyteIcsCharsetUtils_sVietnameseWindows=Vietnamese (Windows)
 65100_OverbyteIcsCharsetUtils_sWesternEuropeanISO=Western European (ISO)
 65101_OverbyteIcsCharsetUtils_sWesternEuropeanWindows=Western European (Windows)
 65102_OverbyteIcsHttpContCod_ERR_GETCODING_OVERRIDE=GetCoding must be overridden in %s
 65104_OverbyteIcsCharsetUtils_sBalticISO=Baltic (ISO)
 65105_OverbyteIcsCharsetUtils_sBalticWindows=Baltic (Windows)
 65106_OverbyteIcsCharsetUtils_sCentralEuropeanISO=Central European (ISO)
--- a/hslib.pas
+++ b/hslib.pas
@ -1,5 +1,5 @@
 {
-Copyright (C) 2002-2014 Massimo Melina (www.rejetto.com)
+Copyright (C) 2002-2020 Massimo Melina (www.rejetto.com)
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@ -19,6 +19,7 @@ Copyright (C) 2002-2014 Massimo Melina (www.rejetto.com)
 HTTP Server Lib
 ==== TO DO
 * https
 * upload bandwidth control (can it be done without multi-threading?)
 }
@ -29,7 +30,7 @@ unit HSlib;
 interface
 uses
-  OverbyteIcsWSocket, OverbyteIcsWSockets, classes, messages, winprocs, forms, extctrls, sysutils, system.contnrs, strUtils, winsock, inifiles, types;
+  OverbyteIcsWSocket, classes, messages, winprocs, forms, extctrls, sysutils, system.contnrs, strUtils, winsock, inifiles, types;
 const
  VERSION = '2.11.0';
@ -103,7 +104,7 @@ type
    );
    body: ansistring;    // specifies reply body according to bodyMode
    bodyFile: string;
-    bodyStream: Tstream;   // note: the stream is automatically freed 
+    bodyStream: Tstream;   // note: the stream is automatically freed
    firstByte, lastByte: int64;  // body interval for partial replies (206)
    realm,           // this will appear in the authentication dialog
    reason,         // customized reason phrase
@ -156,6 +157,7 @@ type
    P_requestCount: integer;
    P_destroying: boolean;  // destroying is in progress
    P_sndBuf: integer;
    P_v6: boolean;
    persistent: boolean;
    disconnecting: boolean; // disconnected() has been called
    lockCount: integer;     // prevent freeing of the object
@ -204,7 +206,7 @@ type
    eventData: ansistring;
    ignoreSpeedLimit: boolean;
    limiters: TobjectList;     // every connection can be bound to a number of TspeedLimiter
-    constructor create(server:ThttpSrv);
+    constructor create(server:ThttpSrv; acceptingSock:Twsocket);
    destructor Destroy; override;
    procedure disconnect();
    procedure addHeader(s:ansistring; overwrite:boolean=TRUE); // set an additional header line. If overwrite=false will always append.
@ -219,6 +221,7 @@ type
    function  initInputStream():boolean;
    property address:string read P_address;      // other peer ip address
    property port:string read P_port;            // other peer port
    property v6:boolean read P_v6;
    property requestCount:integer read P_requestCount;
    property bytesToSend:int64 read getBytesToSend;
    property bytesToPost:int64 read getBytesToPost;
@ -261,7 +264,7 @@ type
    procedure calculateSpeed();
    procedure processDisconnecting();
  public
-    sock: TwsocketServer;     // listening socket
+    sock, sock6: Twsocket;     // listening socket
    conns,          // full list of connected clients
    disconnecting,  // list of pending disconnections
    offlines,       // disconnected clients to be freed
@ -290,7 +293,7 @@ const
  MINIMUM_CHUNK_SIZE = 2*1024;
  MAXIMUM_CHUNK_SIZE = 1024*1024;
  HRM2CODE: array [ThttpReplyMode] of integer = (200, 200, 403, 401, 404, 400,
-  	500, 0, 0, 405, 302, 503, 413, 301, 304 );
+  	500, 0, 0, 405, 302, 429, 413, 301, 304 );
  METHOD2STR: array [ThttpMethod] of ansistring = ('UNK','GET','POST','HEAD');
  HRM2STR: array [ThttpReplyMode] of ansistring = ('Head+Body', 'Head only', 'Deny',
    'Unauthorized', 'Not found', 'Bad request', 'Internal error', 'Close',
@ -334,6 +337,7 @@ uses
  Windows, ansistrings;
 const
  CRLF = #13#10;
  HEADER_LIMITER: ansistring = CRLF+CRLF;
  MAX_REQUEST_LENGTH = 64*1024;
  MAX_INPUT_BUFFER_LENGTH = 256*1024;
  // used as body content when the user did not specify any
@ -349,7 +353,7 @@ const
    '',
    '405 - Method not allowed',
    '<html><head><meta http-equiv="refresh" content="url=%url%" /></head><body onload=''window.location="%url%"''>302 - <a href="%url%">Redirection to %url%</a></body></html>',
-    '503 - Server is overloaded, retry later',
+    '429 - Server is overloaded, retry later',
    '413 - The request has exceeded the max length allowed',
    '301 - Moved permanently to <a href="%url%">%url%</a>',
    '' // RFC2616: The 304 response MUST NOT contain a message-body
@ -385,28 +389,11 @@ begin if c then result:=a else result:=b end;
 function min(a,b:integer):integer;
 begin if a < b then result:=a else result:=b end;
 // this table is to be used by ipos(), to be calculated once
 var
  upcaseTab: array [char] of char;
 function ipos(ss, s: string; ofs:integer=1):integer; overload;
  procedure initTab();
  var
    i: char;
    tmp: string;
  begin
  for i:=#0 to #255 do
    begin
    tmp:=ansiUppercase(i);
    upcaseTab[i]:=tmp[1];
    end;
  end;
 var
  rss, rs, rss1, p: pchar;
  l: integer;
 begin
 if upcaseTab[#1] = #0 then initTab();
 result:=0;
 l:=length(s);
 if (l < ofs) or (l = 0) or (ss = '') then exit;
@ -418,7 +405,7 @@ for result:=ofs to l do
  begin
  rss:=rss1;
  p:=rs;
-  while (rss^ <> #0) and (rss^ = upcaseTab[p^]) do
+  while (rss^ <> #0) and (rss^ = upcase(p^)) do
    begin
    inc(rss);
    inc(p);
@ -436,7 +423,7 @@ begin
  repeat
  result:=posEx(ss, s, ofs);
  if result = 0 then exit;
-  
+
    repeat
    qpos:=posEx(quote, s, ofs);
    if qpos = 0 then exit; // there's no quoting, our result will fit
@ -512,6 +499,43 @@ while i <= length(s) do
  end;
 end; // base64decode
 function validUTF8(s:rawbytestring):boolean;
 var
  i, more, len: integer;
  c: byte;
 begin
 len:=length(s);
 i:=0;
 while i < len do
  begin
  inc(i);
  c:=ord(s[i]);
  if c < $80 then
    continue;
  if c >= $FE then
    exit(FALSE);
  if c >= $F0 then
    more:=3
  else if c >= $E0 then
    more:=2
  else if c >= $C0 then
    more:=1
  else
    exit(FALSE);
  if i+more > len then
    exit(FALSE);
  while more > 0 do
    begin
    inc(i);
    c:=ord(s[i]);
    if (c < $80) or (c > $C0) then
      exit(FALSE);
    dec(more);
    end;
  end;
 result:=TRUE;
 end; // validUTF8
 function decodeURL(url:ansistring; utf8:boolean=TRUE):string;
 var
  i, j: integer;
@ -531,10 +555,11 @@ while i<length(url) do
    url[j]:=url[i];
  end;
 setLength(url, j);
-if utf8 then
+if utf8 and validUTF8(url)  then
  begin
  result:=utf8ToString(url);
-  if result='' then  // if the string is not UTF8 compliant, the result is empty
+  // if the string is not UTF8 compliant, the result is empty, or sometimes same length (but ruined)
  if (result='') or (length(result)=length(url)) then
    result:=url;
  end
 else
@ -554,7 +579,8 @@ if url = '' then
 encodeHTML:=[];
 if nonascii then
  encodeHTML:=[#128..#255];
-encodePerc:=[#0..#31,'#','%','?','"','''','&','<','>',':'];
+encodePerc:=[#0..#31,'#','%','?','"','''','&','<','>',':',
  ',',';']; // these for content-disposition
 // actually ':' needs encoding only in relative url
 if spaces then include(encodePerc,' ');
 if not htmlEncoding then
@ -651,7 +677,7 @@ end; // chopline
 function chopLine(var s:ansistring):ansistring; overload;
 begin
-result:=chop(pos(#10,s),1,s);
+result:=chop(#10,s);
 if (result>'') and (result[length(result)]=#13) then
  setlength(result, length(result)-1);
 end; // chopline
@ -673,16 +699,12 @@ try
  result:=TRUE;
  if onAddress = '*' then
-    try
+    with sock6 do
-      sock.MultiListenSockets.Clear();
+      begin
-      with sock.MultiListenSockets.Add do
+      addr:='::';
-        begin
+      Port:=sock.port;
-        addr := '::';
+      try listen except end;
-        Port := sock.port
+      end;
        end;
      sock.MultiListen();
    except end;
  notify(HE_OPEN, NIL);
 except
  end;
@ -692,21 +714,24 @@ procedure ThttpSrv.stop();
 begin
 if sock = NIL then exit;
 try sock.Close() except end;
-try sock.multiListenSockets.clear() except end;
+try sock6.Close() except end;
 end;
 procedure ThttpSrv.connected(Sender: TObject; Error: Word);
-begin if error=0 then ThttpConn.create(self) end;
+begin if error=0 then ThttpConn.create(self, sender as Twsocket) end;
 procedure ThttpSrv.disconnected(Sender: TObject; Error: Word);
 begin notify(HE_CLOSE, NIL) end;
 constructor ThttpSrv.create();
 begin
-sock:=TWSocketServer.create(NIL);
+sock:=TWSocket.create(NIL);
 sock.OnSessionAvailable:=connected;
 sock.OnSessionClosed:=disconnected;
 sock.OnBgException:=bgexception;
 sock6:=TWSocket.create(NIL);
 sock6.OnSessionAvailable:=connected;
 sock6.OnBgException:=bgexception;
 conns:=TobjectList.create;
 conns.OwnsObjects:=FALSE;
@ -852,7 +877,6 @@ end; // timerEvent
 procedure ThttpSrv.notify(ev:ThttpEvent; conn:ThttpConn);
 begin
 if not assigned(onEvent) then exit;
 //if assigned(sock) then sock.pause();
 if assigned(conn) then
  begin
  inc(conn.lockCount);
@ -938,13 +962,13 @@ begin canClose:=FALSE end;
 ////////// CLIENT
-constructor ThttpConn.create(server:ThttpSrv);
+constructor ThttpConn.create(server:ThttpSrv; acceptingSock:Twsocket);
 var
  i: integer;
 begin
 // init socket
 sock:=Twsocket.create(NIL);
-sock.Dup(server.sock.Accept);
+sock.Dup(acceptingSock.accept());
 sock.OnDataAvailable:=dataavailable;
 sock.OnSessionClosed:=disconnected;
 sock.onSendData:=senddata;
@ -957,6 +981,7 @@ limiters:=TObjectList.create;
 limiters.ownsObjects:=FALSE;
 P_address:=sock.GetPeerAddr();
 P_port:=sock.GetPeerPort();
 P_v6:=pos(':', address) > 0;
 state:=HCS_IDLE;
 srv:=server;
 srv.conns.add(self);
@ -1189,8 +1214,8 @@ procedure ThttpConn.processInputBuffer();
  var
    i: integer;
-    s, l, k, c: string;
+    s, l, k, v: ansistring;
-
+    ws: widestring;
  begin
    repeat
    { When the buffer is stuffed with file bytes only, we can avoid calling pos() and chop().
@ -1231,11 +1256,12 @@ procedure ThttpConn.processInputBuffer();
      break;
      end;
    // we wait for the header to be complete
-    if posEx(CRLF+CRLF, buffer, i+length(post.boundary)) = 0 then break;
+    if posEx(HEADER_LIMITER, buffer, i+length(post.boundary)) = 0 then
      break;
    handleLeftData(i);
    post.filename:='';
    post.data:='';
-    post.header:=chop(CRLF+CRLF, buffer);
+    post.header:=chop(HEADER_LIMITER, buffer);
    chopLine(post.header);
    // parse the header part
    s:=post.header;
@ -1244,25 +1270,28 @@ procedure ThttpConn.processInputBuffer();
      l:=chopLine(s);
      if l = '' then continue;
      k:=chop(':', l);
-      if not sameText(k, 'Content-Disposition') then continue; // we are not interested in other fields
+      if not sameText(k, 'Content-Disposition') then // we are only interested in content-disposition: form-data
        continue;
      k:=trim(chop(';', l));
-      if not sameText(k, 'form-data') then continue;
+      if not sameText(k, 'form-data') then
        continue;
      while l > '' do
        begin
-        c:=chop(nonQuotedPos(';', l), l);
+        v:=chop(nonQuotedPos(';', l), 1, l);
-        k:=UTF8toString(rawByteString(trim(chop('=', c))));
+        k:=trim(chop('=', v));
-        c:=UTF8toString(rawByteString(ansiDequotedStr(c,'"')));
+        ws:=UTF8toString(ansiDequotedStr(v,'"'));
        if sameText(k, 'filename') then
          begin
-          delete(c, 1, lastDelimiter('/\',c));
+          delete(ws, 1, lastDelimiter('/\',ws));
-          post.filename:=c;
+          post.filename:=ws;
-          end;
+          end
-        if sameText(k, 'name') then
+        else if sameText(k, 'name') then
-          post.varname:=c;
+          post.varname:=ws;
        end;
      end;
    lastPostItemPos:=bytesPosted-length(buffer);
-    if post.filename = '' then continue;
+    if post.filename = '' then
      continue;
    firstPostFile:=FALSE;
    tryNotify(HE_POST_FILE);
    until false;
@ -1346,7 +1375,7 @@ if buffer = '' then exit;
 if state = HCS_IDLE then
  begin
  state:=HCS_REQUESTING;
-  reply.contentType:='text/html';
+  reply.contentType:='text/html; charset=utf-8';
  notify(HE_REQUESTING);
  end;
 case state of
@ -1364,7 +1393,7 @@ notify(HE_REQUESTED);
 if not initInputStream() then
  begin
  reply.mode:=HRM_INTERNAL_ERROR;
-  reply.contentType:='text/html';
+  reply.contentType:='text/html; charset=utf-8';
  notify(HE_CANT_OPEN_FILE);
  end;
 notify(HE_STREAM_READY);
@ -1570,7 +1599,7 @@ end; // initInputStream
 function ThttpConn.sendNextChunk(max:integer=MAXINT):integer;
 var
-  n: int64;
+  n, toSend: int64;
  buf: ansistring;
 begin
 result:=0;
@ -1582,7 +1611,8 @@ if (n = 0) or (bytesSentLastItem = 0) then n:=max;
 if n > MAXIMUM_CHUNK_SIZE then n:=MAXIMUM_CHUNK_SIZE;
 if n < MINIMUM_CHUNK_SIZE then n:=MINIMUM_CHUNK_SIZE;
 if n > max then n:=max;
-if n > bytesToSend then n:=bytesToSend;
+toSend:=bytesToSend;
 if n > toSend then n:=toSend;
 if n = 0 then exit;
 setLength(buf, n);
 n:=stream.read(buf[1], n);
--- a/invertban.txt
+++ b/invertban.txt
@ -1,8 +0,0 @@
 Normal behavior of the Ban is to prevent access to the addresses you specify (also called black-list).
 If you want the opposite, to allow the addresses that you specify (white-list), enter all addresses in a single row preceded by a \ character.
 Let say you want to allow all your 192.168 local network plus your office at 1.1.1.1.
 Just put this IP address mask: \192.168.*;1.1.1.1
 The opening \ character inverts the logic, so everything else is banned.
 If you want to know more about address masks, check the guide.
--- a/main.dfm
+++ b/main.dfm
@ -2,7 +2,7 @@ object mainFrm: TmainFrm
  Left = 293
  Top = 219
  Caption = 'HFS ~ HTTP File Server'
-  ClientHeight = 483
+  ClientHeight = 436
  ClientWidth = 879
  Color = clBtnFace
  Constraints.MinHeight = 260
@ -218,7 +218,7 @@ object mainFrm: TmainFrm
    Left = 0
    Top = 83
    Width = 879
-    Height = 400
+    Height = 353
    Align = alClient
    BevelOuter = bvNone
    Font.Charset = DEFAULT_CHARSET
@ -231,7 +231,7 @@ object mainFrm: TmainFrm
    object splitV: TSplitter
      Left = 313
      Top = 0
-      Height = 289
+      Height = 242
      Beveled = True
      Constraints.MaxWidth = 3
      Constraints.MinWidth = 3
@ -241,7 +241,7 @@ object mainFrm: TmainFrm
    end
    object splitH: TSplitter
      Left = 0
-      Top = 289
+      Top = 242
      Width = 879
      Height = 5
      Cursor = crVSplit
@ -257,7 +257,7 @@ object mainFrm: TmainFrm
      Left = 316
      Top = 0
      Width = 563
-      Height = 289
+      Height = 242
      Align = alClient
      BevelOuter = bvNone
      TabOrder = 1
@ -265,7 +265,7 @@ object mainFrm: TmainFrm
        Left = 0
        Top = 23
        Width = 563
-        Height = 266
+        Height = 219
        Align = alClient
        Font.Charset = ANSI_CHARSET
        Font.Color = clWindowText
@ -557,7 +557,7 @@ object mainFrm: TmainFrm
      Left = 0
      Top = 0
      Width = 313
-      Height = 289
+      Height = 242
      Align = alLeft
      BevelOuter = bvNone
      Caption = 'filesPnl'
@ -566,7 +566,7 @@ object mainFrm: TmainFrm
        Left = 0
        Top = 23
        Width = 313
-        Height = 266
+        Height = 219
        Align = alClient
        BevelInner = bvLowered
        BevelOuter = bvSpace
@ -616,7 +616,7 @@ object mainFrm: TmainFrm
    end
    object connPnl: TPanel
      Left = 0
-      Top = 294
+      Top = 247
      Width = 879
      Height = 106
      Align = alBottom
@ -749,6 +749,13 @@ object mainFrm: TmainFrm
      AutoHotkeys = maManual
      Caption = 'Copy URL with password'
    end
    object CopyURLwithdifferentaddress1: TMenuItem
      Caption = 'Copy URL with different host address'
    end
    object CopyURLwithfingerprint1: TMenuItem
      Caption = 'Copy URL with fingerprint'
      OnClick = CopyURLwithfingerprint1Click
    end
    object Browseit1: TMenuItem
      Caption = 'Browse it'
      ImageIndex = 26
@ -785,13 +792,6 @@ object mainFrm: TmainFrm
    object N11: TMenuItem
      Caption = '-'
    end
    object CopyURLwithdifferentaddress1: TMenuItem
      Caption = 'Copy URL with different host address'
    end
    object CopyURLwithfingerprint1: TMenuItem
      Caption = 'Copy URL with fingerprint'
      OnClick = CopyURLwithfingerprint1Click
    end
    object Purge1: TMenuItem
      Caption = 'Purge...'
      OnClick = Purge1Click
@ -2963,10 +2963,6 @@ object mainFrm: TmainFrm
        AutoCheck = True
        Caption = 'Enable macros.log'
      end
      object Appendmacroslog1: TMenuItem
        AutoCheck = True
        Caption = 'Append macros.log'
      end
      object Runscript1: TMenuItem
        Caption = 'Run script...'
        OnClick = Runscript1Click
--- a/main.pas
+++ b/main.pas
--- a/notes.txt
+++ b/notes.txt
@ -1,62 +0,0 @@
 === 4GB+ FILES DOWNLOAD SUPPORT 
 Reget Deluxe 4.1
 MetaProducts Download Express 1.7
 Getright
 Firefox 2.0
 === 2GB+ FILES UPLOAD SUPPORT
 firefox 3.0: no
 === HOW TO CREATE BIG FILES
 fsutil file createnew <filename> <filesize>
 === HOW TO DOWNLOAD WITH NO DISK ACTIVITY (SPEED TEST)
 create a big file as above
 then download this way: wget -q -O nul http://localhost/big
 === SUBMITTED TO
 www.nonags.com
 www.sharewareconnection.com
 === LISTED ON
 www.sofotex.com
 www.download3000.com
 www.onekit.com
 www.all4you.dk/FreewareWorld
 www.snapfiles.com
 sourceforge
 www.freedownloadscenter.com
 download.freenet.de
 www.softonic.com
 www.portablefreeware.com
 www.download.com
 www.freewarepub.org
 www.handyarchive.com
 www.softpedia.com
 www.acidfiles.com
 www.fileedge.com
 www.freewarepark.com
 === REVIEWS
 http://www.technospot.net/blogs/host-a-web-server-on-your-home-pc/
 http://www.snapfiles.com/get/hfs.html
 http://www.downloadsquad.com/2006/05/24/hft-quick-and-easy-http-file-server/
 http://www.caseytech.com/how-to-host-a-web-site-from-your-computer/
 http://www.chip.de/downloads/c1_downloads_29480524.html
 http://blog.pcserenity.com/2009/01/easy-conten-sharing-with-windows.html
 http://hfs.onehelp.ch
 http://www.lanacion.com.ar/nota.asp?nota_id=1148507
 http://blogmotion.fr/systeme/partage-windows-hfs-3947
 ita
 http://lafabbricadibyte.wordpress.com/2007/05/01/hfs-file-server-http-gratuito-per-windows/
 http://server.html.it/articoli/leggi/2335/hfs-file-sharing-via-http/
 === OTHER SOFTWARE BASED ON HFS
 http://www.wrinx.com/products/pfs/
  commercial, licensed
 http://www.powernetservers.com/pnwfs.php
  commercial, probably unlicensed
 === INSTALLABLE PLUGINS
 log links usage 
    http://www.rejetto.com/forum/index.php/topic,7765.msg1047258.html#msg1047258
--- a/optionsDlg.dfm
+++ b/optionsDlg.dfm
@ -222,9 +222,9 @@ object optionsFrm: ToptionsFrm
          Top = 106
          Width = 198
          Height = 22
-          EditLabel.Width = 111
+          EditLabel.Width = 105
          EditLabel.Height = 14
-          EditLabel.Caption = 'After ~login, redirect to'
+          EditLabel.Caption = 'After login, redirect to'
          TabOrder = 4
          OnChange = redirBoxChange
        end
--- a/optionsDlg.pas
+++ b/optionsDlg.pas
@ -834,7 +834,16 @@ procedure ToptionsFrm.okBtnClick(Sender: TObject);
 begin if saveValues() then close() end;
 procedure ToptionsFrm.Button1Click(Sender: TObject);
-begin msgDlg(getRes('invertBan')) end;
+resourcestring MSG_INVERT_BAN =
  'Normal behavior of the Ban is to prevent access to the addresses you specify (also called black-list).'
  +#13'If you want the opposite, to allow the addresses that you specify (white-list), enter all addresses in a single row preceded by a \ character.'
  +#13
  +#13'Let say you want to allow all your 192.168 local network plus your office at 1.1.1.1.'
  +#13'Just put this IP address mask: \192.168.*;1.1.1.1'
  +#13'The opening \ character inverts the logic, so everything else is banned.'
  +#13
  +#13'If you want to know more about address masks, check the guide.';
 begin msgDlg(MSG_INVERT_BAN) end;
 procedure ToptionsFrm.groupsBtnClick(Sender: TObject);
 var
--- a/scriptLib.pas
+++ b/scriptLib.pas
@ -1,5 +1,5 @@
 {
-Copyright (C) 2002-2012  Massimo Melina (www.rejetto.com)
+Copyright (C) 2002-2020  Massimo Melina (www.rejetto.com)
 This file is part of HFS ~ HTTP File Server.
@ -67,6 +67,8 @@ s:='';
 if ts then
    s:='<hr>'+dateTimeToStr(now())+CRLF;
 s:=s+#13'<dt>'+htmlEncode(textIn)+'</dt><dd>'+htmlEncode(textOut)+'</dd>';
 if sizeOfFile(MACROS_LOG_FILE) = 0 then
  s:=HEADER+s;
 result:=appendTextFile(MACROS_LOG_FILE, s);
 end; // macrosLog
@ -159,16 +161,18 @@ var
  procedure deprecatedMacro(what:string=''; instead:string='');
  begin mainfrm.add2log('WARNING, deprecated macro: '+first(what, name)+nonEmptyConcat(' - Use instead: ',instead), NIL, clRed) end;
  procedure unsatisfied(b:boolean=TRUE);
  begin
  if b then
    macroError('cannot be used here')
  end;
  function satisfied(p:pointer):boolean;
  begin
  result:=assigned(p);
-  if not result then
+  unsatisfied(not result);
    macroError('cannot be used here');
  end;
  procedure unsatisfied(b:boolean=TRUE);
  begin if b then macroError('cannot be used here') end;
  function parEx(idx:integer; name:string=''; doTrim:boolean=TRUE):string; overload;
  var
    i: integer;
@ -260,9 +264,9 @@ var
    result:=staticVars;
    delete(varname,1,length(G_VAR_PREFIX));
    end
-  else if satisfied(md.cd) then
+  else if assigned(md.cd) then
    result:=md.cd.vars
-  else if satisfied(md.tempVars) then
+  else if assigned(md.tempVars) then
    result:=md.tempVars
  else
    raise Exception.create('no namespace available');
@ -291,7 +295,7 @@ var
  if not satisfied(space) then exit;
  i:=space.indexOfName(varname);
  if i < 0 then
-    if value = '' then exit // all is good the way it is
+    if value = '' then exit(TRUE) // all is good the way it is
    else i:=space.add(varname+'='+value)
  else
    if value > '' then // in case of empty value, there's no need to assign, because we are going to delete it (after we cleared the bound object)
@ -455,7 +459,8 @@ var
    vars: Tstrings;
    s: string;
  begin
-  if not satisfied(md.cd) then exit;
+  if not satisfied(md.cd) then
    exit;
  try
    result:=md.cd.conn.request.url;
    if pars.count < 2 then exit;
@ -657,16 +662,40 @@ var
  procedure inc_(v:integer=+1);
  begin
-  result:='';
+  try
-  try setVar(p, intToStr(strToIntDef(getVar(p),0)+v*parI(1,1))) except end;
+    setVar(p, intToStr(strToIntDef(getVar(p),0)+v*parI(1,1)));
    result:='';
  except
    end;
  end; // inc_
  procedure convert();
  var
    dst, s: string;
    c: ansichar;
  begin
-  if sameText(p, 'ansi') and sameText(par(1), 'utf-8') then
+  dst:=par(1);
-    result:=ansiToUTF8(ansistring(par(2)))
+  s:=par(2);
-  else if sameText(p, 'utf-8') and sameText(par(1), 'ansi') then
+  if sameText(p, 'ansi') and sameText(dst, 'utf-8') then
-    result:=utf8ToAnsi(ansistring(par(2)))
+    result:=string(ansiToUTF8(ansistring(s)))
  else if sameText(p, 'utf-8') then
    if sameText(dst, 'ansi') then
      result:=utf8ToAnsi(ansistring(s))
    else if dst='dec' then
      begin
      result:='';
      for c in UTF8encode(s) do
        result:=result+intToStr(ord(c))+',';
      setLength(result, length(result)-1);
      end
    else if dst='hex' then
      begin
      result:='';
      for c in UTF8encode(s) do
        result:=result+intToHex(ord(c));
      end;
  if isFalse(par('macros')) then
    result:=noMacrosAllowed(result);
  end; // convert
  procedure encodeuri();
@ -921,6 +950,37 @@ var
    finally free end;
  end; // foreach
  procedure forLine();
  var
    lines: TStringList;
    line, code, run: string;
    i: integer;
  begin
  code:=macroDequote(par(pars.count-1));
  lines:=TStringList.create();
  with TfastStringAppend.create do
    try
      lines.text:= getVar(par('var'));
      for line in lines do
        begin
        i:=pos('=',line);
        if i > 0 then
          begin
          setVar('line-key', Copy(line, 1, i-1));
          setVar('line-value', Copy(line, i+1, MAXINT));
          end;
        setVar('line', line);
        run:=code;
        applyMacrosAndSymbols(run, cbMacros, cbData);
        append(run);
        end;
      result:=reset();
    finally
      Free;
      lines.Free;
      end;
  end; //forLine
  procedure for_();
  var
    b, e, i, d: integer;
@ -1044,6 +1104,7 @@ var
  procedure load(fn:string; varname:string='');
  var
    from, size: int64;
    s: ansistring;
  begin
  result:='';
  from:=parI('from', 0);
@ -1062,11 +1123,17 @@ var
    try result:=httpGet(fn, from, size)
    except result:='' end
  else
-    result:=loadFile(uri2diskMaybe(fn), from, size);
+    begin
    s:=loadFile(uri2diskMaybe(fn), from, size);
    result:=UTF8ToString(s);
    if result = '' then
      result:=s;
    end;
  if varname = '' then
    begin
-    if anyCharIn('/\',fn) then result:=macroQuote(result);
+    if anyCharIn('/\',fn) then
      result:=macroQuote(result);
    exit;
    end;
  if ansiStartsStr(ENCODED_TABLE_HEADER, result) then
@ -1165,20 +1232,20 @@ var
      'information=64'
    );
  var
-    i, j, code: integer;
+    code: integer;
    decode: TStringDynArray;
-    s: string;
+    s, d: string;
    buttons, icon: boolean;
  begin
  decode:=split(' ',par(1));
  code:=0;
-  for i:=0 to length(decode)-1 do
+  for d in decode do
-    for j:=1 to length(STR2CODE) do
+    for s in STR2CODE do
-      begin
+      if startsStr(d+'=', s) then
-      s:=STR2CODE[j];
+        begin
-      if ansiStartsStr(decode[i], s) then
+        inc(code, strToIntDef(substr(s, 2+d.length), 0));
-        inc(code, strToIntDef(substr(s, 1+pos('=',s)), 0));
+        Break
-      end;
+        end;
  buttons:=code AND 15 > 0;
  icon:=code SHR 4 > 0;
  if not icon and buttons then
@ -1307,19 +1374,20 @@ var
  if not satisfied(space) then exit;
  // set the table variable as text
  v:=par(1);
  space.values[p]:=nonEmptyConcat('', space.values[p], CRLF)+v;
  // access the table object
  i:=space.indexOfName(p);
-  h:=space.objects[i] as THashedStringList;
+  if i < 0 then
  if h = NIL then
    begin
    h:=ThashedStringList.create();
-    space.objects[i]:=h;
+    space.AddPair(p, v, h);
-    end;
+    end
  else
    h:=space.objects[i] as THashedStringList;
  // fill the object
  k:=chop('=',v);
  v:=macroDequote(v);
  h.values[k]:=v;
  space.values[p]:=h.text;
  end; // setTable
  procedure disconnect();
@ -1412,7 +1480,8 @@ var
    exit;
    end;
  a:=findEnabledLinkedAccount(a, split(';',s));
-  if assigned(a) then result:=a.user;
+  if assigned(a) then
    result:=a.user;
  end; // memberOf
  procedure canArchive(f:Tfile);
@ -1872,9 +1941,15 @@ try
      disconnect();
    if name = 'stop server' then
      begin
      stopServer();
      exit('');
      end;
    if name = 'start server' then
      begin
      startServer();
      exit('');
      end;
    if name = 'focus' then
@ -1891,10 +1966,7 @@ try
      begin
      try
        if isFalse(parEx('if')) then
-          begin
+          exit('');
          result:='';
          exit;
          end;
      except end;
      result:=md.cd.disconnectReason; // return the previous state
      if pars.count > 0 then md.cd.disconnectReason:=p;
@ -1929,13 +2001,19 @@ try
      result:=jsEncode(p, first(par(1),'''"'));
    if name = 'base64' then
-      result:=base64encode(UTF8encode(p));
+      result:=string(base64encode(UTF8encode(p)));
    if name = 'base64decode' then
      begin
      result:=utf8ToString(base64decode(ansistring(p)));
      if isFalse(par('macros')) then
        result:=noMacrosAllowed(result);
      end;
    if name = 'md5' then
      result:=strMD5(p);
    if name = 'sha1' then
      result:=strSHA1(p);
    if name = 'sha256' then
      result:=strSHA256(p);
    if name = 'vfs select' then
      if pars.count = 0 then
@ -2008,7 +2086,7 @@ try
      encodeuri();
    if name = 'decodeuri' then
-      result:=decodeURL(ansistring(p));
+      result:=noMacrosAllowed(decodeURL(ansistring(p)));
    if name = 'set cfg' then
      trueIf(mainfrm.setcfg(p));
@ -2425,8 +2503,12 @@ try
      minOrMax();
    if stringExists(name, ['if','if not']) then
-      if isFalse(p) xor (length(name) > 2) then result:=macroDequote(par(2))
+      begin
      try p:=getVar(parEx('var'));
      except end;
      if isTrue(p) xor (length(name) = 2) then result:=macroDequote(par(2))
      else result:=macroDequote(par(1));
      end;
    if stringExists(name, ['=','>','>=','<','<=','<>','!=']) then
      trueIf(compare(name, p, par(1)));
@ -2442,6 +2524,9 @@ try
    if name = 'cut' then
      cut();
    if name ='for line' then
      forLine();
    if pars.count < 3 then exit; // from here, only macros with at least 3 parameters
    if name ='for each' then
--- a/todo.txt
+++ b/todo.txt
@ -1,12 +1,12 @@
 - update doesn't work without 'only 1 instance' (it's the -q)
 + replace shellExtDlg.gif with transparent png (english system)
 + self-test supporting https
 + expiring links
 * dismiss regexp lib http://docwiki.embarcadero.com/Libraries/Rio/en/System.RegularExpressions.TRegEx
 + ipv6
 + load *.events
 + url auth limited to resource
 + global limit speed for downloads (browsing excluded)
-+ [tpl id] [SECTION|for-tpl=MASK]
+* consider letting comment "protected" files. Can it really cause harm?
 * consider letting comment "protected" files. Can it really cause harm? 
 * flag to enable lnk files in a folder (disabled by default)
 + sign exe http://www.rejetto.com/forum/hfs-~-http-file-server/'unsafe'/msg1061437/#msg1061437
 * cache reReplace
@ -24,13 +24,20 @@
 + macros missing to cache a folder: {.reply|content=|var=|code=|filename=|mime=.}
 - unexpected scripting behavior http://www.rejetto.com/forum/index.php/topic,9728.msg1054517.html#msg1054517
    in handleItem() translate only symbols, and run all macros at the end
 document: [section|ver=MASK|build=MIN-MAX|template=MASK]
 document: {.if|var}
 document: {.exec|out|timeout|exitcode.}
 document: [+section]
 document: {.set item|diff template.}
-document: single line diff templates
+document: {.add header|overwrite=0.}
-document: disconnection reason|if=XXX
+document: {.calc| ][ }
 document: single line diff templates (file path)
 document: {.disconnection reason|if=XXX.}
 document: %url%
 document: commands returning white space: add folder, save, set account, exec, mkdir, chdir, delete, rename, move copy, set
-document: dir, disk free, filetime, file changed, load tpl
+document: pipe, base64, base64decode, dir, disk free, filetime, file changed, load tpl, sha256, for line
 document {.convert|macros|dec|hex.}
 document: new event [login]
 + event to filter logging http://www.rejetto.com/forum/index.php/topic,9784.0.html
 - wrong browser http://www.rejetto.com/forum/index.php/topic,9710.0.html
    solution:
@ -41,18 +48,14 @@ document: dir, disk free, filetime, file changed, load tpl
 + upload to non-browsable folder
 - android doesn't upload http://www.rejetto.com/forum/index.php/topic,9699.0/topicseen.html#msg1054287
 - android doesn't work with passwords http://www.rejetto.com/forum/index.php/topic,9575.msg1054029.html#msg1054029
 ? default tpl: check with IE6
 ? default tpl: consider css data uri http://www.nczonline.net/blog/2010/07/06/data-uris-make-css-sprites-obsolete/
-+ default tpl: support for rawr thumbnails
+ next VFS file format version should be text (yaml or json)
 + next VFS file format version should be XML-based
 + remove the "progress" from "log what", and use [progress|no log] instead
 ? {.rename.} should update descript.ion
 + folder archive depth limit http://www.rejetto.com/forum/index.php/topic,8546.msg1050027.html#msg1050027
 ? in getPage() many %symbols% are translated in a way incompatible with {.section.}
 ? Windows Script Interfaces
 ? {.image|src=file|width=x|dst=outfile.}
-+ replace /~imgXX with ?mode=icon&id=XX
+ user input through {.dialog.} or similar
 + user input through {.dialog.}
 + show missing files in VFS http://www.rejetto.com/forum/index.php/topic,8203.new.html
 * {.cache.} should be able to work on a simple variable
 + plugins system http://www.rejetto.com/wiki/index.php/HFS:_plugins_design
@ -66,8 +69,6 @@ document: dir, disk free, filetime, file changed, load tpl
 + log event to filter www.rejetto.com/forum/?topic=7332.0
 ? integration with mediainfo.dll www.rejetto.com/forum/?topic=7329
 + folder archive log, just as for deletion http://www.rejetto.com/forum/index.php?topic=6904.msg1042974;topicseen#msg1042974
 - upload doesn't work on chinese folders with uneven length  www.rejetto.com/forum/?topic=5382
 - chinese problems since #161 www.rejetto.com/forum/?topic=5344
 - AV with RealVNC on hints by mouse hovering www.rejetto.com/forum/?topic=5261
 - N-Stalker can locally crash HFS
 - AV in #179 http://www.rejetto.com/forum/index.php?topic=5653.msg1033457#msg1033457  www.rejetto.com/forum/?topic=5681
@ -92,13 +93,12 @@ document: dir, disk free, filetime, file changed, load tpl
 + an updated hint on virtual folders, to explain how to get upload working
 - requesting a non-existant file inside an unauthorized folder, apache replies 401, hfs 404. try to comply.
 + make %list% available in every page
-+ support for ALT+F4 with option "Minimize to tray clicking the close button" www.rejetto.com/forum/?topic=6351 
+ support for ALT+F4 with option "Minimize to tray clicking the close button" www.rejetto.com/forum/?topic=6351
 + replace and delete icons http://www.rejetto.com/forum/index.php?topic=6317.msg1038157#msg1038157
 + self-test supporting https
 ? currently the delete permission is only inside a folder. you can't mark a file or delete the marked folder. is this ok?
-+ when a link is protected (no access for this user) it may be displayed as a link to the %item-name%, then 401, and if login is successful provide a redirection 
+ when a link is protected (no access for this user) it may be displayed as a link to the %item-name%, then 401, and if login is successful provide a redirection
-+ change folder/link/generic-file icons (via GUI, without editing the template) 
+ change folder/link/generic-file icons (via GUI, without editing the template)
-+ a way to get bigger icons (client side) 
+ a way to get bigger icons (client side)
 + be able to produce rss http://www.rejetto.com/forum/index.php?topic=5846.msg1035481#msg1035481
 * better warning message http://www.rejetto.com/forum/index.php?topic=5795.msg1034406#msg1034406
 ? on the fly files compression www.rejetto.com/forum/?topic=5492
@ -106,7 +106,7 @@ document: dir, disk free, filetime, file changed, load tpl
 ? auto-removing folders www.rejetto.com/forum/?topic=3149
 + last-access-time for files www.rejetto.com/forum/?topic=5266
 + expiration time for account www.rejetto.com/forum/?topic=5409
-+ warn the user if there's no useful IP address http://www.rejetto.com/forum/index.php?topic=3193.msg1031371#msg1031371  
+ warn the user if there's no useful IP address http://www.rejetto.com/forum/index.php?topic=3193.msg1031371#msg1031371
 + GUI suggestions www.rejetto.com/forum/?topic=5334
 + {.cookie.} http://www.rejetto.com/forum/index.php?topic=5349.0
 + restrict access to -> ip mask www.rejetto.com/forum/?topic=5244
@ -127,37 +127,37 @@ document: dir, disk free, filetime, file changed, load tpl
 + per-folder no-limit
 + windows auth (NLTM? seems to be available in ICS) www.rejetto.com/forum/?topic=3762
 + more stats www.rejetto.com/forum/?topic=4968
-+ to disable single ban rules 
+ to disable single ban rules
 + ban by hostname
 + edit comments for real folders www.rejetto.com/forum/?topic=4667
 + a way to pass ini commands through the command line
 + create folders via command line www.rejetto.com/forum/?topic=3955
 ? support mp3ToIon www.rejetto.com/forum/?topic=4600
 + download only for <account-list>
-+ account: see all transfers in ~progress http://www.rejetto.com/forum/index.php/topic,9325.msg1053416/topicseen.html#msg1053416 
+ account: see all transfers in ~progress http://www.rejetto.com/forum/index.php/topic,9325.msg1053416/topicseen.html#msg1053416
 + limit account to a host mask
 + tray icons for uploads
 + MAC filter
 + if robots.txt does not exist, an option "don't be listed on search engines"
 + menu -> limits -> temporarily disable all limits
 + menu -> limits -> max speed for each address
-+ option to display counter for folders as number of accesses instead of total access to files in it   
+ option to display counter for folders as number of accesses instead of total access to files in it
-+ autodisabling accounts www.rejetto.com/forum/?topic=5379 
+ autodisabling accounts www.rejetto.com/forum/?topic=5379
 + on update, propose a link to the "what's new" page
 + add special folder (expert mode): let you specify a special folder, like documents, or manually enter a path (useful for relative paths), or GUID
 + logs rotation (hfs always append)
-+ double address bar, one for LAN and one for the Internet   
+ double address bar, one for LAN and one for the Internet
 + per user diff-tpl (apply both folder and user diff-tpl.s, and let the user decide priority, default:user,folder)
 + "Folder image mask", a file mask indicating the external file that should be used as icon (~img_folder)
 + to be able to add icons from multi-icon files (like shell32.dll)
 + installer (saving to registry, and making ini-file the new default, don't ask for shell menu)
-+ support unicode filenames (FindFirstFileW. Cannot be done because widgets don't support unicode) 
+ support unicode filenames (FindFirstFileW. Cannot be done because widgets don't support unicode)
 * show "(home)" instead of "/" in VFS
 + show updateinfo notice also in autocheck
 + top 10 downloaded files
 + after the self test fails, and a router problem is detected, prompt a wizard for portforwad.com (extract routers list)
 + export vfs map as txt/html
-+ specific message for each disabled account             
+ specific message for each disabled account
 + search for files including meta information (id3 tag) www.rejetto.com/forum/?topic=5312
 + multiupload using flash
 ? support shortcut to folders in real-folders
@ -185,7 +185,7 @@ document: dir, disk free, filetime, file changed, load tpl
 * stop using /~commands and move all of them in the standard ?name=value form
 VER 3
-+ new kind of folder (no more real/virtual folders) 
+ new kind of folder (no more real/virtual folders)
 VER 3.5
 + search for files
--- a/upload_disabled.txt
+++ b/upload_disabled.txt
@ -1,5 +0,0 @@
 You selected a virtual folder.
 Upload is NOT available for virtual folders, only for real folders.
 === How to get a real folder?
 Add a folder from your disk, then click on "Real Folder".
--- a/upload_how.txt
+++ b/upload_how.txt
@ -1,10 +0,0 @@
 1. Add a folder (choose "real folder") 
 You should now see a RED folder in your virtual file sytem, inside HFS 
 2. Right click on this folder
 3. Properties -> Permissions -> Upload
 4. Check on "Anyone"
 5. Ok 
 Now anyone who has access to your HFS server can upload files to you.
--- a/utillib.pas
+++ b/utillib.pas
@ -1,5 +1,5 @@
 {
-Copyright (C) 2002-2012  Massimo Melina (www.rejetto.com)
+Copyright (C) 2002-2020  Massimo Melina (www.rejetto.com)
 This file is part of HFS ~ HTTP File Server.
@ -44,6 +44,7 @@ type
  TnameExistsFun = function(user:string):boolean;
 procedure doNothing(); inline; // useful for readability
 function httpsCanWork():boolean;
 function accountExists(user:string; evenGroups:boolean=FALSE):boolean;
 function getAccount(user:string; evenGroups:boolean=FALSE):Paccount;
 function nodeToFile(n:TtreeNode):Tfile;
@ -165,14 +166,14 @@ function replaceString(var ss:TStringDynArray; old, new:string):integer;
 function popString(var ss:TstringDynArray):string;
 procedure insertString(s:string; idx:integer; var ss:TStringDynArray);
 function removeString(var a:TStringDynArray; idx:integer; l:integer=1):boolean; overload;
-function removeString(find:string; var a:TStringDynArray):boolean; overload;
+function removeString(s:string; var a:TStringDynArray; onlyOnce:boolean=TRUE; ci:boolean=TRUE; keepOrder:boolean=TRUE):boolean; overload;
 procedure removeStrings(find:string; var a:TStringDynArray);
 procedure toggleString(s:string; var ss:TStringDynArray);
 function onlyString(s:string; ss:TStringDynArray):boolean;
 function addArray(var dst:TstringDynArray; src:array of string; where:integer=-1; srcOfs:integer=0; srcLn:integer=-1):integer;
 function removeArray(var src:TstringDynArray; toRemove:array of string):integer;
 function addUniqueArray(var a:TstringDynArray; b:array of string):integer;
-procedure uniqueStrings(var a:TstringDynArray);
+procedure uniqueStrings(var a:TstringDynArray; ci:Boolean=TRUE);
 function idxOf(s:string; a:array of string; isSorted:boolean=FALSE):integer;
 function stringExists(s:string; a:array of string; isSorted:boolean=FALSE):boolean;
 function listToArray(l:Tstrings):TstringDynArray;
@ -254,6 +255,7 @@ function strSHA256(s:string):string;
 function strSHA1(s:string):string;
 function strMD5(s:string):string;
 function strToOem(s:string):ansistring;
 function strToBytes(s:ansistring):Tbytes;
 implementation
@ -639,13 +641,14 @@ if i < 0 then addString(s, ss)
 else removeString(ss, i);
 end; // toggleString
-procedure uniqueStrings(var a:TstringDynArray);
+procedure uniqueStrings(var a:TstringDynArray; ci:Boolean=TRUE);
 var
  i, j: integer;
 begin
 for i:=length(a)-1 downto 1 do
  for j:=i-1 downto 0 do
-    if ansiCompareText(a[i], a[j]) = 0 then
+    if ci and SameText(a[i], a[j])
    or not ci and (a[i] = a[j]) then
      begin
      removeString(a, i);
      break;
@ -666,10 +669,6 @@ begin
  until false;
 end; // removeStrings
 // remove first instance of the specified string
 function removeString(find:string; var a:TStringDynArray):boolean;
 begin result:=removeString(a, idxOf(find,a)) end;
 function removeArray(var src:TstringDynArray; toRemove:array of string):integer;
 var
  i, l, ofs: integer;
@ -743,6 +742,35 @@ while idx+l < length(a) do
 setLength(a, idx);
 end; // removestring
 function removeString(s:string; var a:TStringDynArray; onlyOnce:boolean=TRUE; ci:boolean=TRUE; keepOrder:boolean=TRUE):boolean; overload;
 var i, lessen:integer;
 begin
 result:=FALSE;
 if a = NIL then
  exit;
 lessen:=0;
 try
  for i:=length(a)-1 to 0 do
    if ci and sameText(a[i], s)
    or not ci and (a[i]=s) then
      begin
      result:=TRUE;
      if keepOrder then
        removeString(a, i)
      else
        begin
        inc(lessen);
        a[i]:=a[length(a)-lessen];
        end;
      if onlyOnce then
        exit;
      end;
 finally
  if lessen > 0 then
    setLength(a, length(a)-lessen);
  end;
 end;
 function dotted(i:int64):string;
 begin
 result:=intToStr(i);
@ -1212,14 +1240,8 @@ end;
 // exec but does not wait for the process to end
 function execNew(cmd:string):boolean;
 var
  si: TStartupInfo;
  pi: TProcessInformation;
 begin
-fillchar(si, sizeOf(si), 0);
+result:=32 < ShellExecute(0, nil, 'cmd.exe', pchar('/C '+cmd), nil, SW_SHOW);
 fillchar(pi, sizeOf(pi), 0);
 si.cb:=sizeOf(si);
 result:=createProcess(NIL,pchar(cmd),NIL,NIL,FALSE,0,NIL,NIL,si,pi)
 end; // execNew
 function addArray(var dst:TstringDynArray; src:array of string; where:integer=-1; srcOfs:integer=0; srcLn:integer=-1):integer;
@ -1656,71 +1678,103 @@ result:=inputQueryLongdlg.ShowModal() = mrOk;
 if result then value:=inputQueryLongdlg.inputBox.Text;
 end; // inputQueryLong
 function dllIsPresent(name:string):boolean;
 var h: HMODULE;
 begin
 h:=LoadLibrary(@name);
 result:= h<>0;
 FreeLibrary(h);
 end;
 function httpsCanWork():boolean;
 const
  files: array of string = ['libcrypto-1_1.dll','libssl-1_1.dll'];
  baseUrl = 'http://rejetto.com/hfs/';
  // these should be made resourcestring but then a runtime error is raised
  MSG = 'An HTTPS action is required but some files are missing. Download them?';
  MSG_OK = 'Download completed';
  MSG_KO = 'Download failed';
 var
  s: string;
  missing: TStringDynArray;
 begin
 missing:=NIL;
 for s in files do
  if not FileExists(s) and not dllIsPresent(s) then
    addString(s, missing);
 if missing=NIL then
  exit(TRUE);
 if msgDlg(MSG, MB_OKCANCEL+MB_ICONQUESTION) <> MROK then
  exit(FALSE);
 for s in missing do
  if not httpGetFile(baseUrl+s, s, 2, mainfrm.statusBarHttpGetUpdate) then
    begin
    msgDlg(MSG_KO, MB_ICONERROR);
    exit(FALSE);
    end;
 mainfrm.setStatusBarText(MSG_OK);
 result:=TRUE;
 end; // httpsCanWork
 function httpGet(url:string; from:int64=0; size:int64=-1):string;
 var
  http: THttpCli;
  reply: Tstringstream;
 begin
 if size = 0 then
-  begin
+  exit('');
  result:='';
  exit;
  end;
 reply:=TStringStream.Create('');
-try
+with ThttpClient.createURL(url) do
  http:=Thttpcli.create(NIL);
  try
-    http.URL:=url;
+    rcvdStream:=reply;
    http.followRelocation:=TRUE;
    http.rcvdStream:=reply;
    http.agent:=HFS_HTTP_AGENT;
    if (from <> 0) or (size > 0) then
-      http.contentRangeBegin:=intToStr(from);
+      contentRangeBegin:=intToStr(from);
    if size > 0 then
-      http.contentRangeEnd:=intToStr(from+size-1);
+      contentRangeEnd:=intToStr(from+size-1);
-    http.get();
+    get();
    result:=reply.dataString;
-  finally http.free end
+    if sameText('utf-8', reGet(ContentType, '; *charset=(.+) *($|;)')) then
-finally reply.free end
+      Result:=UTF8ToString(result);
  finally
    reply.free;
    Free;
    end
 end; // httpGet
 function httpFileSize(url:string):int64;
 var
  http: THttpCli;
 begin
-http:=Thttpcli.create(NIL);
+with ThttpClient.createURL(url) do
 try
  http.URL:=url;
  http.Agent:=HFS_HTTP_AGENT;
  try
-    http.head();
+    try
-    result:=http.contentLength
+      head();
-  except result:=-1 end;
+      result:=contentLength
-finally http.free end
+     except result:=-1
      end;
  finally free
    end;
 end; // httpFileSize
 function httpGetFile(url, filename:string; tryTimes:integer=1; notify:TdocDataEvent=NIL):boolean;
 var
  http: THttpCli;
  reply: Tfilestream;
  supposed: integer;
  reply: Tfilestream;
 begin
 reply:=TfileStream.Create(filename, fmCreate);
-try
+with ThttpClient.createURL(url) do
  http:=Thttpcli.create(NIL);
  try
-    http.URL:=url;
+    rcvdStream:=reply;
-    http.RcvdStream:=reply;
+    onDocData:=notify;
    http.Agent:=HFS_HTTP_AGENT;
    http.OnDocData:=notify;
    result:=TRUE;
-    try http.get()
+    try get()
-    except result:=FALSE end;
+    except result:=FALSE
-    supposed:=http.ContentLength;
+      end;
-  finally http.free end
+    supposed:=ContentLength;
-finally reply.free end;
+  finally
    reply.free;
    free;
    end;
 result:= result and (sizeOfFile(filename)=supposed);
-if not result then deleteFile(filename);
+if not result then
  deleteFile(filename);
 if not result and (tryTimes > 1) then
  result:=httpGetFile(url, filename, tryTimes-1, notify);
@ -2062,7 +2116,8 @@ if to_ = NIL then
  end;
 l:=to_-from+1;
 setLength(result, l);
-if l > 0 then strLcopy(@result[1], from, l);
+if l > 0 then
  strLcopy(@result[1], from, l);
 end; // getStr
 function poss(chars:TcharSet; s:string; ofs:integer=1):integer;
@ -2165,7 +2220,7 @@ const
 var
  sa            : TSecurityAttributes;
  ReadPipe,WritePipe  : THandle;
-  start               : TStartUpInfoA;
+  start               : TStartUpInfoW;
  ProcessInfo         : TProcessInformation;
  Buffer              : Pansichar;
  TotalBytesRead,
@ -2196,7 +2251,7 @@ else
  timeout:=now()+timeout/SECONDS;
 // Create a Console Child Process with redirected input and output
 try
-  if CreateProcessA(nil, PansiChar(ansistring(DosApp)), @sa, @sa, true, CREATE_NO_WINDOW or NORMAL_PRIORITY_CLASS, nil, nil, start, ProcessInfo) then
+  if CreateProcess(nil, PChar(dosApp), @sa, @sa, true, CREATE_NO_WINDOW or NORMAL_PRIORITY_CLASS, nil, nil, start, ProcessInfo) then
    repeat
    result:=TRUE;
    // wait for end of child process
@ -2206,16 +2261,22 @@ try
    // so that the pipe is not blocked by an overflow. New information
    // can be written from the console app to the pipe only if there is
    // enough buffer space.
-    if not PeekNamedPipe(ReadPipe, @Buffer[TotalBytesRead], ReadBuffer,
+    if not PeekNamedPipe(ReadPipe, @Buffer[TotalBytesRead], ReadBuffer, @BytesRead, @TotalBytesAvail, @BytesLeftThisMessage )
-      @BytesRead, @TotalBytesAvail, @BytesLeftThisMessage ) then
+    or (BytesRead > 0) and not ReadFile(ReadPipe, Buffer[TotalBytesRead], BytesRead, BytesRead, nil ) then
-      break
+      break;
    else if BytesRead > 0 then
      ReadFile(ReadPipe, Buffer[TotalBytesRead], BytesRead, BytesRead, nil );
    inc(TotalBytesRead, BytesRead);
    until (Apprunning <> WAIT_TIMEOUT) or (now() >= timeout);
-  Buffer[TotalBytesRead]:= #0;
+  if IsTextUnicode(Buffer, TotalBytesRead, NIL) then
-  OemToCharA(PansiChar(Buffer),Buffer);
+    begin
-  output:=string(ansistrings.strPas(Buffer));
+    Pchar(@Buffer[TotalBytesRead])^:= #0;
    output:=pchar(Buffer)
    end
  else
    begin
    Buffer[TotalBytesRead]:= #0;
    OemToCharA(Buffer,Buffer);
    output:=string(ansistrings.strPas(Buffer));
    end;
 finally
  GetExitCodeProcess(ProcessInfo.hProcess, exitcode);
  TerminateProcess(ProcessInfo.hProcess, 0);
@ -2521,7 +2582,8 @@ var
  i:=mImp+dir;
    repeat
    j:=i+dir;
-    if (j > 0) and (j <= length(s)) and charInSet(s[j], ['0'..'9','.']) then
+    if (j > 0) and (j <= length(s))
    and (charInSet(s[j], ['0'..'9','.','E']) or (j>1) and charInSet(s[j],['+','-']) and (s[j-1]='E')) then
      i:=j
    else
      break;
@ -2551,6 +2613,7 @@ begin
      end;
    if (i = 1) // a starting operator is not an operator
    or (s[i-1]='E') // exponential syntax
    or (v <= mImpV) // left-to-right precedence
    then continue;
    // we got a better one, record it
@ -2880,7 +2943,7 @@ finally
  end;
 end; // deltree
-function str2bytes(s:ansistring):Tbytes;
+function strToBytes(s:ansistring):Tbytes;
 begin
 setLength(result, length(s));
 move(s[1], result[0], length(result));
@ -2890,7 +2953,7 @@ function stringToGif(s:ansistring; gif:TgifImage=NIL):TgifImage;
 var
  ss: Tbytesstream;
 begin
-ss:=Tbytesstream.create(str2bytes(s));
+ss:=Tbytesstream.create(strToBytes(s));
 try
  if gif = NIL then
    gif:=TGIFImage.Create();
--- a/whatsnew.txt
+++ b/whatsnew.txt
@ -12,16 +12,24 @@ propaganda
  Mobile-friendly template
  Unicode support
  Encrypted login, and logout
  DoS protection
  IPv6
 /propaganda
 + new default template
 + new login system, session based, with logout
 + IPv6 support
 + DoS protection https://rejetto.com/forum/index.php?topic=13060.msg1065962#msg1065962
 + {.set item|name.}
 + {.get item|icon.}
 + {.set cfg.}
 + {.for line.}
 + {.if|var}
 + cache for jquery and template sections
-+ new template commands: base64, base64decode, md5, sha1
+ new template commands: base64, base64decode, md5, sha1, sha256
 + *.diff.tpl in exe's folder
 + default mime-type for mkv
 + 'no list' section flag
 + https client support (not server)
 - fixed template handling of section names with both '+' and '=' present
 - fixed LNK files to deleted items
 - fixed comments files were not updated upon deletion of files
@ -29,6 +37,7 @@ propaganda
 - fixed double "Content-Length" header on compressed pages
 - fixed log text base color not matching system settings http://rejetto.com/forum/index.php?topic=13233.0
 - fixed while renaming a file in the GUI, CTRL+C/V didn't work on the text
 - fixed diff tpl logic: an empty section will now override the inherited one
 VER 2.3m
 propaganda
Author	SHA1	Message	Date
Massimo Melina	6ff458fb73	Merge pull request #41 from divinity76/patch-1 warning about Delphi 10.4 Community being incompatible	2025-01-22 22:25:18 +01:00
divinity76	0d71b9946a	warning about Delphi 10.4 Community being incompatible	2023-03-25 12:45:10 +01:00
Massimo Melina	140528bac8	Create README.md	2023-03-12 17:42:10 +01:00
Massimo Melina	29f6bac31c	default speed limit 50MBps	2020-08-30 23:26:11 +02:00
Massimo Melina	e233f6d29a	fix: search and archive recently broken	2020-08-23 13:45:47 +02:00
Massimo Melina	6e4dcf5b56	fix: avoid dupe files in archive in case of ?search=*	2020-08-04 21:16:37 +02:00
Massimo Melina	61f1a14be6	updated .lng	2020-08-02 18:31:17 +02:00
Massimo Melina	2d1187b6a3	tpl: moved archive button to "selection" sub-menu	2020-08-02 17:44:02 +02:00
Massimo Melina	ca7caab85d	fix: account dialog recently broken	2020-08-02 17:43:13 +02:00
Massimo Melina	9e662960e1	usability: standard ok/cancel buttons for "ask" dialog	2020-08-02 13:10:38 +02:00
Massimo Melina	21349e5c04	experiental ?mode=thumb to append to jpg files	2020-08-01 20:46:46 +02:00
Massimo Melina	db2ad83c77	new tpl syntax [^section] will prepend to [section]	2020-08-01 20:46:07 +02:00
Massimo Melina	a47541286a	fix: unicode support with {.exec\|out.}	2020-07-27 23:29:23 +02:00
Massimo Melina	62c30c8de1	fix: a {.command.} resulting in an empty string could actually produce a false error	2020-07-27 23:27:52 +02:00
Massimo Melina	ad439fa65f	fix: some headers were not customizable with {.add header.}	2020-07-27 12:17:49 +02:00
Massimo Melina	2d131f2c5f	fix: malformed non-ascii post variables when not url-encoded	2020-07-27 11:37:18 +02:00
Massimo Melina	ba2df13122	removed jquery dependency from default tpl	2020-07-08 15:22:35 +02:00
Massimo Melina	da294807ca	removed 'append macros log' option	2020-07-08 13:26:28 +02:00
Massimo Melina	6625f08419	Revert "apply 1 minute timeout to file listing" This reverts commit `d43983e9`	2020-07-08 13:24:27 +02:00
Massimo Melina	d43983e986	apply 1 minute timeout to file listing	2020-06-29 00:03:38 +02:00
Massimo Melina	4b5bffbd83	fix: possible CSRF	2020-06-29 00:02:20 +02:00
Massimo Melina	cf3761b7ed	fix: 2 resource strings with same name	2020-06-28 20:31:25 +02:00
Massimo Melina	b5dc45f214	smarter displaying of 'status' columns (details moved to tooltip)	2020-06-28 14:12:24 +02:00
Massimo Melina	b1a95cd319	introduced 1 minute timeout for archive's files list building	2020-06-28 13:57:53 +02:00
Massimo Melina	6c5139d552	optimization: avoid resetting the array length when unnecessary	2020-06-28 11:34:07 +02:00
Massimo Melina	863c667f1b	fix: apply anti-dos also to archives	2020-06-27 20:46:11 +02:00
Massimo Melina	44f37f92cf	prevent macros coming from commands convert, base64decode, decodeuri	2020-06-23 20:16:12 +02:00
Massimo Melina	308561090f	fix: {.dialog\|\|yesno.} was not working	2020-06-23 20:14:24 +02:00
Massimo Melina	26ddc2b126	fix: {.calc.} not working with very small numbers (because rendered with exponential syntax)	2020-06-16 23:14:45 +02:00
Massimo Melina	65d4a142e4	new 'init' section for events file, executed at each reload	2020-06-16 23:13:22 +02:00
Massimo Melina	07f5f2ca6b	fix: {.disconnect.} and {.disconnection reason.} not working in event 'pre-filter-request'	2020-06-16 23:12:36 +02:00
Massimo Melina	cba235c7b0	fix: {.set table.} duplicating keys instead of updating values	2020-06-16 00:39:11 +02:00
Massimo Melina	9220d33aa4	trigger 'unauthorized' event for new login and url-auth. Also added 'login' event in case of success.	2020-06-16 00:37:31 +02:00
Massimo Melina	efa99e7cbc	new 'public' section flag in place of 'private', inverting logic	2020-06-16 00:35:15 +02:00
Massimo Melina	6729be221a	without this people will have problems editing the tpl	2020-06-14 10:40:26 +02:00
Massimo Melina	8ab5b318a8	tpl must declare api level 2	2020-06-14 09:24:44 +02:00
Massimo Melina	db092e5eab	back to 'selection' for submitting files, to facilitate tpls compatible with 2.3	2020-06-13 21:07:23 +02:00
Massimo Melina	d6d5b8f493	tpl: missing few tooltips	2020-06-13 20:49:53 +02:00
Massimo Melina	151cddad5b	no need to invalidate session in this case, it was not compromised	2020-06-13 20:36:00 +02:00
Massimo Melina	18f0da77d4	fix: (recent) broken ajax() calls	2020-06-13 20:34:19 +02:00
Massimo Melina	70947f179c	tpl: moved changePwd() to lib.js	2020-06-13 17:07:22 +02:00
Massimo Melina	7cc712a245	fix: (recent) broke ajax() calls	2020-06-13 17:06:35 +02:00
Massimo Melina	1e7bf6cfc4	amend previous commit	2020-06-13 17:05:01 +02:00
Massimo Melina	18f7e5177f	fix: problems downloading files with a comma with firefox77	2020-06-13 00:37:58 +02:00
Massimo Melina	6b933acdef	added few mime-types	2020-06-11 23:42:01 +02:00
Massimo Melina	f69251a482	fix: [file.EXT] not working	2020-06-11 23:39:38 +02:00
Massimo Melina	1f713f706e	{.convert\|utf-8\|dec/hex.}	2020-06-11 11:40:12 +02:00
Massimo Melina	4b5e0205a5	fix: empty tpl sections were not overriding	2020-06-11 11:35:53 +02:00
Massimo Melina	7634b96744	tpl: using HFS.sid we can move ajax() where it belongs	2020-06-10 20:34:15 +02:00
Massimo Melina	7facca0306	tpl: save options to localStorage and avoid extra traffic	2020-06-10 16:08:13 +02:00
Massimo Melina	1fab68e4fa	build 315	2020-06-10 16:07:27 +02:00
Massimo Melina	1d9d6fd100	new section flag: ver=MASK	2020-06-10 13:22:31 +02:00
Massimo Melina	7e66a94e37	new section flag: template=MASK	2020-06-10 13:11:58 +02:00
Massimo Melina	5e5122edba	new section flag: build=MIN-MAX	2020-06-10 12:45:32 +02:00
Massimo Melina	6d91b0da6e	fix: 'no list' section flag should be inherited	2020-06-10 12:18:54 +02:00
Massimo Melina	e29e86c0bd	tpl: defaults to dark theme if the OS says so	2020-06-09 00:07:31 +02:00
Massimo Melina	de7f157390	new {.sha256.}	2020-06-08 20:23:29 +02:00
Massimo Melina	1e21013b96	copyright update	2020-06-08 18:50:18 +02:00
Massimo Melina	b028c47f10	added 'no log' section flag to support SAP themes like 'mobil-light'	2020-06-08 12:40:34 +02:00
Massimo Melina	782702c192	smarter DoS-preventing grace period	2020-06-08 12:40:00 +02:00
Massimo Melina	1fc5894204	fix: (recent) error trying to load a VFS with an empty recent-files list	2020-06-08 12:36:05 +02:00
Massimo Melina	33d4d16b0b	better format	2020-06-08 11:00:08 +02:00
Massimo Melina	801ceead5b	build 313	2020-06-08 10:26:38 +02:00
Massimo Melina	a3056ccfd4	fix: possible DoS, as reported by John Page (aka hyp3rlinx) ApparitionSec (CVE-2020-13432)	2020-06-07 12:10:56 +02:00
Massimo Melina	16744d7c6c	tpl: added warning for low-security change-password action	2020-06-07 11:30:40 +02:00
Massimo Melina	7c3f5929fa	fix: chrome fails downloading filenames with commas	2020-06-07 10:59:41 +02:00
Massimo Melina	bdc5991fa1	fix: display ipv6 address with brackets in log	2020-06-06 19:59:10 +02:00
Massimo Melina	74a5710f99	fix: conflicting resource text for translation http://rejetto.com/forum/index.php?topic=13313.msg1065920#msg1065920	2020-06-06 19:32:14 +02:00
Massimo Melina	71b76e3240	updated url	2020-06-05 18:41:42 +02:00
Massimo Melina	30740e372b	build 312	2020-06-04 10:33:01 +02:00
Massimo Melina	23ea63a19e	fix: error hovering VFS file. http://rejetto.com/forum/index.php?topic=13060.msg1065899#msg1065899	2020-06-03 17:23:08 +02:00
Massimo Melina	474e95315a	i18n: moved strings to resources	2020-06-02 14:12:56 +02:00
Massimo Melina	b4ca9f113a	fix: unicode problems on chinese systems with single-char chinese strings	2020-06-02 12:50:49 +02:00
Massimo Melina	60c7674dc5	fix: many resource strings had the same ID	2020-06-01 11:24:32 +02:00
Massimo Melina	e8a2e281ec	usability improvement for 'ban this address'	2020-05-31 00:35:21 +02:00
Massimo Melina	8be3ff6331	fix: log > ban ip address, not working with AM/PM time locale	2020-05-30 17:28:43 +02:00
Massimo Melina	df5fa09ba9	fix: utf-8 decoding for {.load.}	2020-05-30 17:14:40 +02:00
Massimo Melina	469acc3fb7	fix: unicode filenames with comments	2020-05-30 16:49:47 +02:00
Massimo Melina	0f365a3f65	tpl: nicer	2020-05-30 16:46:47 +02:00
Massimo Melina	82e971bc47	fix: login randomly broken (when 'D' in SID)	2020-05-30 15:48:28 +02:00
Massimo Melina	ebf997951f	better code	2020-05-30 15:47:07 +02:00
Massimo Melina	983b184a0f	fix legacy problems	2020-05-30 15:46:09 +02:00
Massimo Melina	71b8ca4ee6	build 309	2020-05-28 17:00:49 +02:00
Massimo Melina	4a44d5daa4	sounder session ID (fix possible session problem)	2020-05-28 16:51:42 +02:00
Massimo Melina	5fa867e194	fix: ipv6 support for forwarded-mask	2020-05-28 15:19:36 +02:00
Massimo Melina	1546a41fb9	fix: right click on the log didn't recognize IPv6 addresses to offer 'ban this address'	2020-05-28 14:55:10 +02:00
Massimo Melina	75d3d8e5e1	tpl: workaround for chrome83 glitch	2020-05-28 13:22:40 +02:00
Massimo Melina	0a5710ec55	tpl: move normalize.css to section for possible usage by custom tpl	2020-05-28 13:22:13 +02:00
Massimo Melina	64b3f5b906	tpl: warn the user if the current credentials are not enough	2020-05-28 13:21:00 +02:00
Massimo Melina	ad33cbf263	fix: account redirection not working if loggin in from a forbidden folder	2020-05-28 12:43:34 +02:00
Massimo Melina	c4ca0d2188	https client support	2020-05-28 12:30:58 +02:00
Massimo Melina	18b7961d29	fix: auth URL is preventing logout	2020-05-27 20:34:06 +02:00
Massimo Melina	e1f489d340	fix: english	2020-05-27 12:39:10 +02:00
Massimo Melina	57a83ec9f8	nicer (consistency)	2020-05-27 12:14:59 +02:00
Massimo Melina	b877d6853b	offer "copy url with password" also for upload/delete restriction	2020-05-27 12:12:00 +02:00
Massimo Melina	0483032439	fix: link-with-password, if the account has a redirect, it will make it to the second request (often css)	2020-05-27 11:51:29 +02:00
Massimo Melina	1c0ff4e75a	fix: update not working	2020-05-27 11:02:26 +02:00
Massimo Melina	d8a426f63b	removed useless files	2020-05-26 19:10:01 +02:00
Massimo Melina	f318745b1d	fix: ipv6 links format in the address bar	2020-05-26 18:54:13 +02:00
Massimo Melina	d220ec1c70	small optimization	2020-05-26 16:37:29 +02:00
Massimo Melina	f8877304ee	fix: recently broken unicode support in comments	2020-05-26 16:30:39 +02:00
Massimo Melina	a7b45ed515	fix: tpl: option.move not working	2020-05-26 16:29:08 +02:00
Massimo Melina	cc8ed99392	fix: upload not working on a folder linked 'with password'	2020-05-26 15:33:38 +02:00
Massimo Melina	e35221c3f7	nicer	2020-05-26 15:17:57 +02:00
Massimo Melina	a9a009260e	fix: server doesn't start on systems lacking ipv6 support	2020-05-26 15:15:55 +02:00
Massimo Melina	bfe0265119	{.for line.} and {.if\|var.}	2020-05-26 12:09:27 +02:00
Massimo Melina	d1a4b8574a	fix: broken format for macros log	2020-05-26 12:07:29 +02:00
Massimo Melina	69573c1a69	attempt to support non-utf8 url requests	2020-05-26 12:05:23 +02:00
Massimo Melina	922253c56f	tpl: moved sha256 to section for others to use	2020-05-25 20:05:38 +02:00
Massimo Melina	d3d04c4935	build 306	2020-05-25 20:05:01 +02:00
Massimo Melina	2c03f14766	fix: stopping the server twice led to inconsistent state	2020-05-25 18:15:27 +02:00
Massimo Melina	d2675b9028	fix: connections broken	2020-05-25 18:03:45 +02:00
Massimo Melina	f1f5446b0d	quit if 'shell' dialog is closed at start	2020-05-25 16:57:50 +02:00