Merge 58fa210c9b into 28a1ac1612

2023-06-02 17:19:19 +02:00 · 2023-06-02 17:19:19 +02:00 · 7dd41e7bfb
parent 28a1ac1612 58fa210c9b
commit 7dd41e7bfb
3 changed files with 26 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -1,8 +1,3 @@
-![Version 1.4](http://img.shields.io/badge/version-v1.4-green.svg)
-![Python 3.8](http://img.shields.io/badge/python-3.8-blue.svg)
-[![MIT License](http://img.shields.io/badge/license-MIT%20License-blue.svg)](https://github.com/sc0tfree/updog/blob/master/LICENSE)
-[![sc0tfree Twitter](http://img.shields.io/twitter/url/http/shields.io.svg?style=social&label=Follow)](https://twitter.com/sc0tfree)
-
 <p>
  <img src="https://sc0tfree.squarespace.com/s/updog.png" width=85px alt="updog"/>
 </p>
@ -11,15 +6,11 @@ Updog is a replacement for Python's `SimpleHTTPServer`.
 It allows uploading and downloading via HTTP/S, 
 can set ad hoc SSL certificates and use HTTP basic auth.

-<p align="center">
-  <img src="https://sc0tfree.squarespace.com/s/updog-screenshot.png" alt="Updog screenshot"/>
-</p>
-
 ## Installation

-Install using pip:
+Install using pipx:

-`pip3 install updog`
+`pipx install git+https://github.com/KFDCompiled/updog`

 ## Usage

@ -60,6 +51,13 @@ enter the password in the password field.

 `updog --ssl`

+**Upload using curl:**
+`curl -v -XPOST -F "file=@PATH/NAME;filename=NAME" -F "path=/FULL/PATH/TO/UPDOG/WORKINGDIR" http://IP:PORT/upload`
+
+if you started updog with `updog -p 80 -d ${PREFIX}/www` then `curl -v -XPOST -F "file=@Public/foo;filename=foo" -F "path=${PREFIX}/www" http://IP:80/upload`
+
+
+
 ## Thanks

 A special thank you to [Nicholas Smith](http://nixmith.com) for
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,6 @@
 colorama
 flask
 flask_httpauth
-werkzeug
-pyopenssl
+flask_cors
+werkzeug == 1.01
+pyopenssl
--- a/updog/main.py
+++ b/updog/main.py
@ -4,6 +4,7 @@ import argparse

 from flask import Flask, render_template, send_file, redirect, request, send_from_directory, url_for, abort
 from flask_httpauth import HTTPBasicAuth
+from flask_cors import CORS
 from werkzeug.utils import secure_filename
 from werkzeug.security import generate_password_hash, check_password_hash
 from werkzeug.serving import run_simple
@ -34,6 +35,7 @@ def parse_arguments():
    parser.add_argument('--password', type=str, default='', help='Use a password to access the page. (No username)')
    parser.add_argument('--ssl', action='store_true', help='Use an encrypted connection')
    parser.add_argument('--version', action='version', version='%(prog)s v'+VERSION)
+    parser.add_argument('--cors', action='store_true', help='Enable CORS')

    args = parser.parse_args()

@ -49,6 +51,9 @@ def main():
    app = Flask(__name__)
    auth = HTTPBasicAuth()

+    if args.cors:
+        CORS(app)
+
    global base_directory
    base_directory = args.directory

@ -110,6 +115,8 @@ def main():
            except PermissionError:
                abort(403, 'Read Permission Denied: ' + requested_path)

+            # remove the base_directory
+            requested_path = requested_path[len(base_directory):]
            return render_template('home.html', files=directory_files, back=back,
                                   directory=requested_path, is_subdirectory=is_subdirectory, version=VERSION)
        else:
@ -121,22 +128,24 @@ def main():
    @app.route('/upload', methods=['POST'])
    @auth.login_required
    def upload():
+        global base_directory
+
        if request.method == 'POST':

            # No file part - needs to check before accessing the files['file']
            if 'file' not in request.files:
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))

-            path = request.form['path']
+            path = base_directory + request.form.get('path', '/')
            # Prevent file upload to paths outside of base directory
            if not is_valid_upload_path(path, base_directory):
-                return redirect(request.referrer)
+                return redirect(request.headers.get('Referer', '/'))

            for file in request.files.getlist('file'):

                # No filename attached
                if file.filename == '':
-                    return redirect(request.referrer)
+                    return redirect(request.headers.get('Referer', '/'))

                # Assuming all is good, process and save out the file
                # TODO:
@ -149,7 +158,7 @@ def main():
                    except PermissionError:
                        abort(403, 'Write Permission Denied: ' + full_path)

-            return redirect(request.referrer)
+            return redirect(request.headers.get('Referer', '/'))

    # Password functionality is without username
    users = {