rejetto forum

Recent Posts

91
Bug reports / Re: Possible vulnerability
« Last post by rejetto on January 14, 2022, 10:14:23 AM »
you may not find any security specialist on this forum, thus my suggestion is google for vulnerabilities and look at results of specialized websites that should also report what versions are affected.
A good website would also report what version is known to fix the problem.
This is a more effective way of knowing that those attacks are not effective. Still annoying you in the logs.
In most cases these bugs are reported in an "ethic way" by security specialists, privately to the software producer, giving the time to fix the problem before the bug is made publicly known. And that's what have happen so far with HFS. It implies those bugs are supposed to be fixed in collaboration and normally verified by the same person who has discovered the problem. I once again wanna thank these people who I see as contributors of the project.

I think the "any macro marker" command is good to avoid spamming your logs. And that's all you need, i guess.
The old bug (long fixed) was with regular-expression lib, and that command is using just that.
Just for the sake of conversation, if for some strange reason I was forced to use an old vulnerable version, I would try to protect it using the {.pos.} command instead.
But it's nice that I don't have to.
Also because I'm already using sweet HFS 3 :D
92
HFS ~ HTTP File Server / Re: a new beginning...
« Last post by rejetto on January 14, 2022, 09:47:22 AM »
Also, I think standard template needs to go on a weight-reduction diet on scale of 3x~5x smaller and easier to work on. 

the size is acceptable at this stage where we are still missing important features.
Once I activate gzip transmission (doing it these days) it is 100KB + 150KB font-icons.
It loads in 3.5 seconds on a 3G connection and 1 second on my phone.
After first time it doesn't need to load anymore because it will just load the pure list of files without any html attached.
Every folder change is likely to be 5KB.
I don't see anything critical in the size. Anyway, in the future I (or other people) may spend time in trying to reduce the size, it's just not a priority.
Working on the icons size may be the best next move, i guess.
After that, maybe trying to switch from react to preact. That may save up to 27KB (gzipped).

It's not even a problem of "it's hard to edit it" because you almost CAN'T do it. You are not supposed to, because it's against the kind of technology used there. That's why I'm trying to do the job through plugins.
Editing the template was a big plus of HFS2, but also a huge problem: once people customize their template for the sake of customizing a simple word/color/icon they are lost (almost always), they don't get updates in the default template anymore, they go out of sync with consequences on functionality but also on security. Default template (hfs2) had nasty security bugs in the past, because it contains also dangerous commands, like delete.

Quote
Howabout a new thread for HFS3x user interface contest?  Fun! 

you are free to do it, but mind we are still in a experimental phase and things can change a lot.

No body is going to delete HFS 2, it is there for those who like it that way.
HFS 3 is actually a new software with very similar goals. I also considered rebranding it, and I don't exclude doing it in the future.
Think of the leap between windows3 and windows95.
93
Bug reports / Re: Possible vulnerability
« Last post by LeoNeeson on January 14, 2022, 01:28:24 AM »
Can we confirm there is no vulnerability in 2.3m?
There are no known vulnerabilities in v2.3, but anyway, for extra peace of mind it's better to block those requests. Mars had provided a solution (some weeks ago), but then he changed his mind and deleted his post. This was his message:

Quote from: mars
Adding an event in hfs.events

[request]
{.if|{.any macro marker|%url%.}{.count substring|createobject|{.lower |%url%.}.}|{:{.disconnect|%ip%.}:}.}


(I'm wondering why Mars would delete his post)
🤔
94
HTML & templates / Re: Stripes, the template for simple and easy. Update Surprise!!
« Last post by LeoNeeson on January 14, 2022, 01:20:25 AM »
Stripes 4.6
What happened with...
* Stripes4.6c_Black_for_HFS2.3.tpl (14.57 kB - downloaded 232 times.)
* Stripes4.6c_Black_for_HFS2.4RC.tpl (17.13 kB - downloaded 228 times.)

Were they buggy? (why you removed them?)
🤔
95
Bug reports / Re: Possible vulnerability
« Last post by durza on January 14, 2022, 01:00:27 AM »

Bumping this thread because I have also been getting these same logs, from the same IP address, as D.

They seem to be automated bot attacks based on how often I am seeing them. Can we confirm there is no vulnerability in 2.3m?

If not, it does seem unnecessary to have a search function on the home page when only hosting secured files. As LeoNeeson said maybe there could be an option to turn this off?
96
HFS ~ HTTP File Server / Re: a new beginning...
« Last post by rejetto on January 13, 2022, 10:51:05 PM »
you can hide stuff and change the look to some degree with css.
If you can't get what you want this way we can talk about it, but it must be more specific than "simple".
Of course completely replacing the frontend is an option, but I want to consider more customization possibilities.
Those who want to stick with the "template" concept at the moment have no luck, but maybe in the future you'll have NaitLee plugin :)
of course we are talking about HFS 3 here...
97
HTML & templates / Re: About "hits"
« Last post by danny on January 13, 2022, 09:12:15 PM »
nice suggestion,  i will consider unicode icons as a fallback
It is the way. 
🐈
98
HTML & templates / Re: Stripes, the template for simple and easy
« Last post by danny on January 13, 2022, 07:49:08 PM »
If you wanted to streamline/speed one folder (such as a Public/Guest folder or enormous/unorganized folder), you can so easily rename the Stripes template file to hfs.diff.tpl (if your Windows is not set to show .extensions then rename the template to hfs.diff); and then, save it into that particularly needy folder. 
This idea works even if the majority of your server didn't use Stripes.
99
HFS ~ HTTP File Server / Re: a new beginning...
« Last post by danny on January 13, 2022, 06:11:47 PM »
can you tell me what is "server management menu" that you want to hide? i still fail to see

Just need a simple/grandma view, with much smaller-size simpler menu for guest/public.
Would also be good if 'simpleview' could be a user/folder rights flag option (and the default for guest/public). 

The default template has what I want to see; however, it may confuse my grandma/son/brother/guests too, because they don't own servers.  It is because of the purpose-difference:  I might like to manage the server; however, they might just want files/content.   So, there is 2 different purposes and thus need of 2 different views.
100
HFS ~ HTTP File Server / Re: a new beginning...
« Last post by rejetto on January 13, 2022, 05:56:14 PM »
can you tell me what is "server management menu" that you want to hide? i still fail to see