From 25bfc0341ca3f0d8a1bba0f89d77f1724f2ebca8 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Wed, 27 Dec 2023 14:24:03 +0000 Subject: [PATCH 1/5] Use integer rev in UiWebSocket for dashboard compatibility --- src/Ui/UiWebsocket.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index a21c9885..086e4444 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -328,8 +328,8 @@ class UiWebsocket(object): 'ui_ip' : config.ui_ip, 'ui_port' : config.ui_port, 'version' : config.version, - # The only place this is used is in dashboard so we shorten it for now - 'rev' : config.commit[:8], + # Some legacy code relies on this being an integer, so lets return dummy one + 'rev' : config.user_agent_rev, 'timecorrection' : file_server.timecorrection, 'language' : config.language, 'debug' : config.debug, From f3c57cdc32cb07ff69696af4b973d6a26f262aff Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Wed, 17 Jan 2024 21:18:15 +0000 Subject: [PATCH 2/5] Fix command-line argument style (use dashes instead of underscores) --- plugins/AnnounceLocal/AnnounceLocalPlugin.py | 2 +- plugins/AnnounceShare/AnnounceSharePlugin.py | 2 +- plugins/Benchmark/BenchmarkPlugin.py | 4 ++-- plugins/Bigfile/BigfilePlugin.py | 4 ++-- plugins/OptionalManager/OptionalManagerPlugin.py | 4 ++-- plugins/Zeroname/SiteManagerPlugin.py | 2 +- plugins/disabled-Multiuser/MultiuserPlugin.py | 4 ++-- plugins/disabled-UiPassword/UiPasswordPlugin.py | 2 +- 8 files changed, 12 insertions(+), 12 deletions(-) diff --git a/plugins/AnnounceLocal/AnnounceLocalPlugin.py b/plugins/AnnounceLocal/AnnounceLocalPlugin.py index 2034a436..8b6b490d 100644 --- a/plugins/AnnounceLocal/AnnounceLocalPlugin.py +++ b/plugins/AnnounceLocal/AnnounceLocalPlugin.py @@ -142,6 +142,6 @@ class FileServerPlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("AnnounceLocal plugin") - group.add_argument('--broadcast_port', help='UDP broadcasting port for local peer discovery', default=1544, type=int, metavar='port') + group.add_argument('--broadcast-port', help='UDP broadcasting port for local peer discovery', default=1544, type=int, metavar='port') return super(ConfigPlugin, self).createArguments() diff --git a/plugins/AnnounceShare/AnnounceSharePlugin.py b/plugins/AnnounceShare/AnnounceSharePlugin.py index 057ce55a..b350cf42 100644 --- a/plugins/AnnounceShare/AnnounceSharePlugin.py +++ b/plugins/AnnounceShare/AnnounceSharePlugin.py @@ -185,6 +185,6 @@ class FileServerPlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("AnnounceShare plugin") - group.add_argument('--working_shared_trackers_limit', help='Stop discovering new shared trackers after this number of shared trackers reached', default=5, type=int, metavar='limit') + group.add_argument('--working-shared-trackers-limit', help='Stop discovering new shared trackers after this number of shared trackers reached', default=5, type=int, metavar='limit') return super(ConfigPlugin, self).createArguments() diff --git a/plugins/Benchmark/BenchmarkPlugin.py b/plugins/Benchmark/BenchmarkPlugin.py index fd6cacf3..193b46c2 100644 --- a/plugins/Benchmark/BenchmarkPlugin.py +++ b/plugins/Benchmark/BenchmarkPlugin.py @@ -413,7 +413,7 @@ class ConfigPlugin(object): back = super(ConfigPlugin, self).createArguments() if self.getCmdlineValue("test") == "benchmark": self.test_parser.add_argument( - '--num_multipler', help='Benchmark run time multipler', + '--num-multipler', help='Benchmark run time multipler', default=1.0, type=float, metavar='num' ) self.test_parser.add_argument( @@ -422,7 +422,7 @@ class ConfigPlugin(object): ) elif self.getCmdlineValue("test") == "portChecker": self.test_parser.add_argument( - '--func_name', help='Name of open port checker function', + '--func-name', help='Name of open port checker function', default=None, metavar='func_name' ) return back diff --git a/plugins/Bigfile/BigfilePlugin.py b/plugins/Bigfile/BigfilePlugin.py index 78a27b05..6fc8f43b 100644 --- a/plugins/Bigfile/BigfilePlugin.py +++ b/plugins/Bigfile/BigfilePlugin.py @@ -837,7 +837,7 @@ class SitePlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("Bigfile plugin") - group.add_argument('--autodownload_bigfile_size_limit', help='Also download bigfiles smaller than this limit if help distribute option is checked', default=10, metavar="MB", type=int) - group.add_argument('--bigfile_size_limit', help='Maximum size of downloaded big files', default=False, metavar="MB", type=int) + group.add_argument('--autodownload-bigfile-size-limit', help='Also download bigfiles smaller than this limit if help distribute option is checked', default=10, metavar="MB", type=int) + group.add_argument('--bigfile-size-limit', help='Maximum size of downloaded big files', default=False, metavar="MB", type=int) return super(ConfigPlugin, self).createArguments() diff --git a/plugins/OptionalManager/OptionalManagerPlugin.py b/plugins/OptionalManager/OptionalManagerPlugin.py index f01fab65..420f9e05 100644 --- a/plugins/OptionalManager/OptionalManagerPlugin.py +++ b/plugins/OptionalManager/OptionalManagerPlugin.py @@ -247,7 +247,7 @@ class SitePlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("OptionalManager plugin") - group.add_argument('--optional_limit', help='Limit total size of optional files', default="10%", metavar="GB or free space %") - group.add_argument('--optional_limit_exclude_minsize', help='Exclude files larger than this limit from optional size limit calculation', default=20, metavar="MB", type=int) + group.add_argument('--optional-limit', help='Limit total size of optional files', default="10%", metavar="GB or free space %") + group.add_argument('--optional-limit-exclude-minsize', help='Exclude files larger than this limit from optional size limit calculation', default=20, metavar="MB", type=int) return super(ConfigPlugin, self).createArguments() diff --git a/plugins/Zeroname/SiteManagerPlugin.py b/plugins/Zeroname/SiteManagerPlugin.py index c25fafa1..cca79dd8 100644 --- a/plugins/Zeroname/SiteManagerPlugin.py +++ b/plugins/Zeroname/SiteManagerPlugin.py @@ -62,7 +62,7 @@ class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("Zeroname plugin") group.add_argument( - "--bit_resolver", help="ZeroNet site to resolve .bit domains", + "--bit-resolver", help="ZeroNet site to resolve .bit domains (deprecated)", default="1GnACKctkJrGWHTqxk9T9zXo2bLQc2PDnF", metavar="address" ) diff --git a/plugins/disabled-Multiuser/MultiuserPlugin.py b/plugins/disabled-Multiuser/MultiuserPlugin.py index fd28ead8..a2fd79ae 100644 --- a/plugins/disabled-Multiuser/MultiuserPlugin.py +++ b/plugins/disabled-Multiuser/MultiuserPlugin.py @@ -272,7 +272,7 @@ class UiWebsocketPlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("Multiuser plugin") - group.add_argument('--multiuser_local', help="Enable unsafe Ui functions and write users to disk", action='store_true') - group.add_argument('--multiuser_no_new_sites', help="Denies adding new sites by normal users", action='store_true') + group.add_argument('--multiuser-local', help="Enable unsafe Ui functions and write users to disk", action='store_true') + group.add_argument('--multiuser-no-new-sites', help="Denies adding new sites by normal users", action='store_true') return super(ConfigPlugin, self).createArguments() diff --git a/plugins/disabled-UiPassword/UiPasswordPlugin.py b/plugins/disabled-UiPassword/UiPasswordPlugin.py index e8a4e4fe..1123a695 100644 --- a/plugins/disabled-UiPassword/UiPasswordPlugin.py +++ b/plugins/disabled-UiPassword/UiPasswordPlugin.py @@ -159,7 +159,7 @@ class UiRequestPlugin(object): class ConfigPlugin(object): def createArguments(self): group = self.parser.add_argument_group("UiPassword plugin") - group.add_argument('--ui_password', help='Password to access UiServer', default=None, metavar="password") + group.add_argument('--ui-password', help='Password to access UiServer', default=None, metavar="password") return super(ConfigPlugin, self).createArguments() From 2520024f5683e0864a9fc9e3fa2068a12cc14718 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sat, 3 Feb 2024 11:19:22 +0000 Subject: [PATCH 3/5] Allow cross-site embedding without "cors-" prefix ..As long as CORS read permission is granted. This is done for compatibility with sites that relied on lack of enforcing of cross-site isolation in previous ZeroNet versions. fixes #259 --- src/Ui/UiRequest.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index 2b06661d..34af96e2 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -100,6 +100,25 @@ class UiRequest: def resolveDomain(self, domain): return self.server.site_manager.resolveDomainCached(domain) + def hasCorsPermission(self, referer): + """Check if site from referer has CORS permission to read site in current request + + NOTE: this allows embedding WITHOUT prepending "cors-" (as it has already been used + for a long time e.g. on ZeroBlog++ based sites) as long as read permission has been + granted. + """ + target_path = self.env['PATH_INFO'] + if referer is None or target_path is None: + return False + s_parts = self.parsePath(referer) + t_parts = self.parsePath(target_path) + s_address = s_parts['address'] + t_address = t_parts['address'] + if not s_address or not t_address: + return False + s_site = self.server.sites[s_address] + return f'Cors:{t_address}' in s_site.settings['permissions'] + def isCrossOriginRequest(self): """Prevent detecting sites on this 0net instance @@ -129,7 +148,7 @@ class UiRequest: return False # Deny cross site requests - if not self.isSameOrigin(referer, url): + if not self.isSameOrigin(referer, url) and not self.hasCorsPermission(referer): return True return False @@ -731,7 +750,7 @@ class UiRequest: if "../" in path or "./" in path: raise SecurityError("Invalid path") - match = re.match(r"/(media/)?(?P
[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P/.*|$)", path) + match = re.match(r"(?P(http[s]{0,1}://(.*?))?)/(media/)?(?P
[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P/.*|$)", path) if match: path_parts = match.groupdict() addr = path_parts["address"] From ca5d573908c428571c41c6568917465acf538024 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Fri, 9 Feb 2024 15:55:08 +0000 Subject: [PATCH 4/5] Fix typo --- src/Ui/UiServer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Ui/UiServer.py b/src/Ui/UiServer.py index 27727d4c..de90f8f1 100644 --- a/src/Ui/UiServer.py +++ b/src/Ui/UiServer.py @@ -162,7 +162,7 @@ class UiServer: return ui_request.route(path) except Exception as err: logging.debug(f"UiRequest @ site error: {Debug.formatException(err)}") - return ui_request.error500('Error while trying to server site data') + return ui_request.error500('Error while trying to serve site data') def startSiteServer(self): self.site_server = WSGIServer((self.ip, self.site_port), self.handleSiteRequest, log=self.log) From 8a95e9b67de099ec941fc78e1c52dbdbe17174b3 Mon Sep 17 00:00:00 2001 From: yggverse Date: Wed, 27 Mar 2024 21:27:53 +0200 Subject: [PATCH 5/5] gitignore enabled plugins that disabled by default #265 --- .gitignore | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.gitignore b/.gitignore index 2fce8187..0d03e87f 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,11 @@ zeronet.conf # ZeroNet log files log/* + +# Enabled plugins that disabled by default +plugins/Bootstrapper +plugins/DonationMessage +plugins/Multiuser +plugins/NoNewSites +plugins/StemPort +plugins/UiPassword