diff --git a/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.detok.txt b/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.detok.txt index 3e34e729..5cc3e7e9 100644 --- a/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.detok.txt +++ b/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.detok.txt @@ -351,7 +351,7 @@ main() flush(); - setprogresstext("Dialing your hacky modem..."); + setprogresstext("Dialing HackTV..."); setprogresspercentage(32); setprogressdirty(1); diff --git a/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.tok b/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.tok index 3d140d83..dac95ae8 100644 Binary files a/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.tok and b/zefie_wtvp_minisrv/ServiceDeps/premade_tellyscripts/LC2/LC2_WTV_18006138199.tok differ diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-disk/sync.js b/zefie_wtvp_minisrv/ServiceVault/wtv-disk/sync.js index 7f653a1b..04be6bf5 100644 --- a/zefie_wtvp_minisrv/ServiceVault/wtv-disk/sync.js +++ b/zefie_wtvp_minisrv/ServiceVault/wtv-disk/sync.js @@ -207,36 +207,38 @@ if (request_headers['wtv-request-type'] == 'download') { var wtv_download_list = new Array(); var newest_file_epoch = version; Object.keys(diskmap_group_data.files).forEach(function (k) { - if (!diskmap_group_data.files[k].location) diskmap_group_data.files[k].location = diskmap_group_data.location + diskmap_group_data.files[k].file.replace(diskmap_group_data.base, ""); - var post_match_file = null; + if (!diskmap_group_data.files[k].location) diskmap_group_data.files[k].location = wtvshared.makeSafePath(diskmap_group_data.location,diskmap_group_data.files[k].file.replace(diskmap_group_data.base, "")); + var diskmap_data_file = null; Object.keys(service_vaults).forEach(function (g) { - if (post_match_file != null) return; - post_match_file = service_vaults[g] + "/" + service_name + "/" + diskmap_group_data.files[k].location; - if (!fs.existsSync(post_match_file)) post_match_file = null; + if (diskmap_data_file != null) return; + diskmap_data_file = service_vaults[g] + "/" + service_name + "/" + diskmap_group_data.files[k].location; + if (!fs.existsSync(diskmap_data_file)) { + console.error("Could not find a file for", diskmap_group_data.files[k].location, "(Last tried SV:", diskmap_data_file, ")"); + } }); - var post_match_file_lstat = fs.lstatSync(post_match_file); - var post_match_file_data = new Buffer.from(fs.readFileSync(post_match_file, { + var diskmap_file_stat = fs.lstatSync(diskmap_data_file); + var diskmap_file_data = new Buffer.from(fs.readFileSync(diskmap_data_file, { encoding: null, flags: 'r' })); diskmap_group_data.files[k].base = diskmap_group_data.base; - diskmap_group_data.files[k].last_modified = (new Date(new Date(post_match_file_lstat.mtime).toUTCString()) / 1000); - diskmap_group_data.files[k].content_length = post_match_file_lstat.size; + diskmap_group_data.files[k].last_modified = (new Date(new Date(diskmap_file_stat.mtime).toUTCString()) / 1000); + diskmap_group_data.files[k].content_length = diskmap_file_stat.size; diskmap_group_data.files[k].action = (diskmap_group_data.files[k].action) ? diskmap_group_data.files[k].action.toUpperCase() : "GET"; - if (wtvshared.getFileExt(post_match_file).toLowerCase() == "gz") { - // we need the checksum of the uncompressed data - var gunzipped = zlib.gunzipSync(post_match_file_data); + // we need the checksum of the uncompressed data + if (wtvshared.getFileExt(diskmap_data_file).toLowerCase() == "gz") { + var gunzipped = zlib.gunzipSync(diskmap_file_data); diskmap_group_data.files[k].checksum = CryptoJS.MD5(CryptoJS.lib.WordArray.create(gunzipped)).toString(CryptoJS.enc.Hex).toLowerCase(); - var gzip_fn_end = post_match_file_data.indexOf("\0", 10); + var gzip_fn_end = diskmap_file_data.indexOf("\0", 10); if (!diskmap_group_data.files[k].dont_extract_filename) { - diskmap_group_data.files[k].original_filename = post_match_file_data.toString('utf8', 10, gzip_fn_end); + diskmap_group_data.files[k].original_filename = diskmap_file_data.toString('utf8', 10, gzip_fn_end); } diskmap_group_data.files[k].uncompressed_size = gunzipped.byteLength; gunzipped = null; } else { - diskmap_group_data.files[k].checksum = CryptoJS.MD5(CryptoJS.lib.WordArray.create(post_match_file_data)).toString(CryptoJS.enc.Hex).toLowerCase(); + diskmap_group_data.files[k].checksum = CryptoJS.MD5(CryptoJS.lib.WordArray.create(diskmap_file_data)).toString(CryptoJS.enc.Hex).toLowerCase(); } if (parseInt(diskmap_group_data.files[k].last_modified) > newest_file_epoch) newest_file_epoch = parseInt(diskmap_group_data.files[k].last_modified); diff --git a/zefie_wtvp_minisrv/ServiceVault/wtv-flashrom/get-lc2-page.js b/zefie_wtvp_minisrv/ServiceVault/wtv-flashrom/get-lc2-page.js index b71cfd69..4af7560b 100644 --- a/zefie_wtvp_minisrv/ServiceVault/wtv-flashrom/get-lc2-page.js +++ b/zefie_wtvp_minisrv/ServiceVault/wtv-flashrom/get-lc2-page.js @@ -92,10 +92,13 @@ data += ` diff --git a/zefie_wtvp_minisrv/WTVShared.js b/zefie_wtvp_minisrv/WTVShared.js index 4aa0941d..44235cf8 100644 --- a/zefie_wtvp_minisrv/WTVShared.js +++ b/zefie_wtvp_minisrv/WTVShared.js @@ -166,7 +166,7 @@ class WTVShared { } else { // already absolute path } - return path; + return this.fixPathSlashes(path); } /** @@ -206,11 +206,25 @@ class WTVShared { */ makeSafePath(base, target) { target.replace(/[\|\&\;\$\%\@\"\<\>\+\,\\]/g, ""); - if (this.path.sep != "/") target = target.replace(/\//g, this.path.sep); var targetPath = this.path.posix.normalize(target) - return base + this.path.sep + targetPath; + return this.fixPathSlashes(base + this.path.sep + targetPath); } + /** + * Corrects any / or \ differences, if any for file paths + * @param {string} path + * @returns {string} corrected path + */ + fixPathSlashes(path) { + // fix slashes + if (this.path.sep == '/' && path.indexOf("\\") != -1) path = path.replace(/\\/g, this.path.sep); + else if (this.path.sep == "\\" && path.indexOf("/") != -1) path = path.replace(/\//g, this.path.sep); + + // remove double slashes + while (path.indexOf(this.path.sep + this.path.sep) != -1) path = path.replace(this.path.sep + this.path.sep, this.path.sep); + + return path; + } /** * Makes sure an SSID is clean, and doesn't contain any exploitable characters * @param {string} ssid diff --git a/zefie_wtvp_minisrv/app.js b/zefie_wtvp_minisrv/app.js index 06aef768..b97435b4 100644 --- a/zefie_wtvp_minisrv/app.js +++ b/zefie_wtvp_minisrv/app.js @@ -585,25 +585,7 @@ async function sendToClient(socket, headers_obj, data) { } } } - - //is this needed here? - /* - if (content_length > 0) { - if (socket_sessions[socket.id].wtv_request_type == "download") { - if (headers_obj['Content-Type'] != "wtv/download-list") { - if (wtvshared.getFileExt(socket_sessions[socket.id].request_headers.request_url).toLowerCase() == "gz") { - // we need the checksum of the uncompressed data - var gunzipped = zlib.gunzipSync(data); - headers_obj['wtv-checksum'] = CryptoJS.MD5(CryptoJS.lib.WordArray.create(gunzipped)).toString(CryptoJS.enc.Hex).toLowerCase(); - headers_obj['wtv-uncompressed-size'] = gunzipped.byteLength; - gunzipped = null; - } else { - headers_obj['wtv-checksum'] = CryptoJS.MD5(CryptoJS.lib.WordArray.create(data)).toString(CryptoJS.enc.Hex).toLowerCase(); - } - } - } - } - */ + // if box can do compression, see if its worth enabling // small files actually get larger, so don't compress them @@ -633,8 +615,10 @@ async function sendToClient(socket, headers_obj, data) { case 2: // zlib DEFLATE implementation + var zlib_options = { 'level': 9 }; + if (uncompressed_content_length > 4194304) zlib_options.strategy = 2; headers_obj['Content-Encoding'] = 'deflate'; - data = zlib.deflateSync(data, { 'level': 9 }); + data = zlib.deflateSync(data, zlib_options); break; }