Master$2a$10$ljwTNoRlbEkGxuWYxULwT.DvOi3zjGbcwvLbNBdBqBchorYGwV0R2

.github/FUNDING.yml

@@ -0,0 +1 @@
+custom: https://zeronet.io/docs/help_zeronet/donate/

Dockerfile

@@ -4,7 +4,7 @@ FROM alpine:3.8
 ENV HOME /root
 
 #Install ZeroNet
-RUN apk --no-cache --no-progress add musl-dev gcc python python-dev py2-pip tor \
+RUN apk --no-cache --no-progress add musl-dev gcc python python-dev py2-pip tor openssl \
  && pip install --no-cache-dir gevent msgpack \
  && apk del musl-dev gcc python-dev py2-pip \
  && echo "ControlPort 9051" >> /etc/tor/torrc \

plugins/Bigfile/BigfilePlugin.py

@@ -4,6 +4,7 @@
 import shutil
 import collections
 import math
+import json
 
 import msgpack
 import gevent
@@ -96,12 +97,12 @@ def actionBigfileUpload(self):
 
             site.content_manager.contents.loadItem(file_info["content_inner_path"])  # reload cache
 
-        return {
+        return json.dumps({
             "merkle_root": merkle_root,
             "piece_num": len(piecemap_info["sha512_pieces"]),
             "piece_size": piece_size,
             "inner_path": inner_path
-        }
+        })
 
     def readMultipartHeaders(self, wsgi_input):
         for i in range(100):
@@ -604,9 +605,10 @@ def isReadable(self, site, inner_path, file, pos):
         if file.read(10) == "\0" * 10:
             # Looks empty, but makes sures we don't have that piece
             file_info = site.content_manager.getFileInfo(inner_path)
-            piece_i = pos / file_info["piece_size"]
-            if not site.storage.piecefields[file_info["sha512"]][piece_i]:
-                return False
+            if "piece_size" in file_info:
+                piece_i = pos / file_info["piece_size"]
+                if not site.storage.piecefields[file_info["sha512"]][piece_i]:
+                    return False
         # Seek back to position we want to read
         file.seek(pos)
         return super(FileRequestPlugin, self).isReadable(site, inner_path, file, pos)

plugins/Bigfile/Test/TestBigfile.py

@@ -491,3 +491,32 @@ def testFileSize(self, file_server, site, site_temp):
 
         site_temp.needFile("%s|%s-%s" % (inner_path, 9 * 1024 * 1024, 10 * 1024 * 1024))
         assert site_temp.storage.getSize(inner_path) == site.storage.getSize(inner_path)
+
+    @pytest.mark.parametrize("size", [1024 * 3, 1024 * 1024 * 3, 1024 * 1024 * 30])
+    def testNullFileRead(self, file_server, site, site_temp, size):
+        inner_path = "data/optional.iso"
+
+        f = site.storage.open(inner_path, "w")
+        f.write("\0" * size)
+        f.close()
+        assert site.content_manager.sign("content.json", self.privatekey)
+
+        # Init source server
+        site.connection_server = file_server
+        file_server.sites[site.address] = site
+
+        # Init client server
+        site_temp.connection_server = FileServer(file_server.ip, 1545)
+        site_temp.connection_server.sites[site_temp.address] = site_temp
+        site_temp.addPeer(file_server.ip, 1544)
+
+        # Download site
+        site_temp.download(blind_includes=True).join(timeout=5)
+
+        if "piecemap" in site.content_manager.getFileInfo(inner_path):  # Bigfile
+            site_temp.needFile(inner_path + "|all")
+        else:
+            site_temp.needFile(inner_path)
+
+
+        assert site_temp.storage.getSize(inner_path) == size

plugins/ContentFilter/ContentFilterPlugin.py

@@ -145,7 +145,14 @@ def actionFilterIncludeList(self, to, all_sites=False, filters=False):
                 include_site = filter_storage.site_manager.get(include["address"])
                 if not include_site:
                     continue
-                content = include_site.storage.loadJson(include["inner_path"])
+                try:
+                    content = include_site.storage.loadJson(include["inner_path"])
+                    include["error"] = None
+                except Exception as err:
+                    if include_site.settings["own"]:
+                        include_site.log.warning("Error loading filter %s: %s" % (include["inner_path"], err))
+                    content = {}
+                    include["error"] = str(err)
                 include["mutes"] = content.get("mutes", {})
                 include["siteblocks"] = content.get("siteblocks", {})
             back.append(include)

plugins/Newsfeed/NewsfeedPlugin.py

@@ -4,6 +4,7 @@
 from Plugin import PluginManager
 from Db import DbQuery
 from Debug import Debug
+from util import helper
 
 
 @PluginManager.registerTo("UiWebsocket")
@@ -66,14 +67,14 @@ def actionFeedQuery(self, to, limit=10, day_limit=3):
                     query = " UNION ".join(query_parts)
 
                     if ":params" in query:
-                        query = query.replace(":params", ",".join(["?"] * len(params)))
-                        res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit, params * query_raw.count(":params"))
-                    else:
-                        res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit)
+                        query_params = map(helper.sqlquote, params)
+                        query = query.replace(":params", ",".join(query_params))
+
+                    res = site.storage.query(query + " ORDER BY date_added DESC LIMIT %s" % limit)
 
                 except Exception as err:  # Log error
                     self.log.error("%s feed query %s error: %s" % (address, name, Debug.formatException(err)))
-                    stats.append({"site": site.address, "feed_name": name, "error": str(err), "query": query})
+                    stats.append({"site": site.address, "feed_name": name, "error": str(err)})
                     continue
 
                 for row in res:

plugins/OptionalManager/UiWebsocketPlugin.py

@@ -132,8 +132,12 @@ def actionOptionalFileList(self, to, address=None, orderby="time_downloaded DESC
         wheres_raw = []
         if "bigfile" in filter:
             wheres["size >"] = 1024 * 1024 * 10
-        if "downloaded" in filter:
+
+        if "not_downloaded" in filter:
+            wheres["is_downloaded"] = 0
+        elif "downloaded" in filter:
             wheres_raw.append("(is_downloaded = 1 OR is_pinned = 1)")
+
         if "pinned" in filter:
             wheres["is_pinned"] = 1
 

plugins/Sidebar/ZipStream.py

@@ -2,12 +2,12 @@
 import os
 import zipfile
 
-
 class ZipStream(file):
     def __init__(self, dir_path):
         self.dir_path = dir_path
         self.pos = 0
-        self.zf = zipfile.ZipFile(self, 'w', zipfile.ZIP_DEFLATED, allowZip64 = True)
+        self.buff_pos = 0
+        self.zf = zipfile.ZipFile(self, 'w', zipfile.ZIP_DEFLATED, allowZip64=True)
         self.buff = StringIO.StringIO()
         self.file_list = self.getFileList()
 
@@ -27,6 +27,8 @@ def read(self, size=60 * 1024):
         self.buff.seek(0)
         back = self.buff.read()
         self.buff.truncate(0)
+        self.buff.seek(0)
+        self.buff_pos += len(back)
         return back
 
     def write(self, data):
@@ -36,8 +38,22 @@ def write(self, data):
     def tell(self):
         return self.pos
 
-    def seek(self, pos, type):
-        pass
+    def seek(self, pos, whence=0):
+        if pos >= self.buff_pos:
+            self.buff.seek(pos - self.buff_pos, whence)
+            self.pos = pos
 
     def flush(self):
         pass
+
+
+if __name__ == "__main__":
+    zs = ZipStream(".")
+    out = open("out.zip", "wb")
+    while 1:
+        data = zs.read()
+        print("Write %s" % len(data))
+        if not data:
+            break
+        out.write(data)
+    out.close()

plugins/Sidebar/media/Sidebar.css

@@ -3,8 +3,8 @@
 }
 
 .drag-bg { width: 100%; height: 100%; position: fixed; }
-.fixbutton.dragging { cursor: -webkit-grabbing; }
-.fixbutton-bg:active { cursor: -webkit-grabbing; }
+.fixbutton.dragging { cursor: -webkit-grabbing; cusor: grabbing; }
+.fixbutton-bg:active { cursor: -webkit-grabbing; cusor: grabbing; }
 
 
 .body-sidebar, .body-internals { background-color: #666 !important;  }

plugins/TranslateSite/TranslateSitePlugin.py

@@ -7,11 +7,18 @@
 @PluginManager.registerTo("UiRequest")
 class UiRequestPlugin(object):
     def actionSiteMedia(self, path, **kwargs):
-        file_name = path.split("/")[-1]
+        file_name = path.split("/")[-1].lower()
         if not file_name:  # Path ends with /
             file_name = "index.html"
         extension = file_name.split(".")[-1]
-        if translate.lang != "en" and extension in ["js", "html"]:
+        if extension == "html":
+            should_translate = True
+        elif extension == "js" and translate.lang != "en":
+            should_translate = True
+        else:
+            should_translate = False
+
+        if should_translate:
             path_parts = self.parsePath(path)
             kwargs["header_length"] = False
             file_generator = super(UiRequestPlugin, self).actionSiteMedia(path, **kwargs)

plugins/disabled-Multiuser/MultiuserPlugin.py

@@ -96,7 +96,7 @@ def getCurrentUser(self):
 class UiWebsocketPlugin(object):
     def __init__(self, *args, **kwargs):
         self.multiuser_denied_cmds = (
-            "siteDelete", "configSet", "serverShutdown", "serverUpdate", "siteClone",
+            "sitePause", "siteResume", "siteDelete", "configSet", "serverShutdown", "serverUpdate", "siteClone",
             "siteSetOwned", "siteSetAutodownloadoptional", "dbReload", "dbRebuild",
             "mergerSiteDelete", "siteSetLimit", "siteSetAutodownloadBigfileLimit",
             "optionalLimitSet", "optionalHelp", "optionalHelpRemove", "optionalHelpAll", "optionalFilePin", "optionalFileUnpin", "optionalFileDelete",

src/Config.py

@@ -13,7 +13,7 @@ class Config(object):
 
     def __init__(self, argv):
         self.version = "0.6.5"
-        self.rev = 3853
+        self.rev = 3870
         self.argv = argv
         self.action = None
         self.pending_changes = {}

src/Connection/Connection.py

@@ -1,5 +1,6 @@
 import socket
 import time
+import random
 
 import gevent
 import msgpack
@@ -172,7 +173,7 @@ def connect(self):
                 self.sock.connect(sock_address)
 
         # Detect protocol
-        self.send({"cmd": "handshake", "req_id": 0, "params": self.getHandshakeInfo()})
+        self.send({"cmd": "handshake", "req_id": 0, "params": self.getHandshakeInfo(), "random": "A" * random.randint(0, 1024)})
         event_connected = self.event_connected
         gevent.spawn(self.messageLoop)
         connect_res = event_connected.get()  # Wait for handshake